Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-37400 An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37401 An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45425 Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45903 A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attac... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45812 NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to ses... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45813 SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking an... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45814 Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42583 A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information. | 7.5 | HIGH | β | 0 |
| CVE-2021-43554 FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2021-43556 FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2020-22057 The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensit... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-22061 SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140. | 7.8 | HIGH | β | 0 |
| CVE-2020-7878 An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7883 Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37098 Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. | 7.5 | HIGH | β | 0 |
| CVE-2021-44832 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with... | 6.6 | MEDIUM | β | 0 |
| CVE-2021-44160 Carinal Tien Hospital Health Report Systemβs login page has improper authentication, a remote attacker can acquire another general userβs privilege by modifying the cookie parameter without authentica... | 7.3 | HIGH | β | 0 |
| CVE-2021-44161 Changing MOTP (Mobile One Time Password) systemβs specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, mod... | 8.8 | HIGH | β | 0 |
| CVE-2021-25988 In βifmeβ, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-25989 In βifmeβ, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for t... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-25990 In βifmeβ, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-25991 In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete l... | 5.7 | MEDIUM | β | 0 |
| CVE-2021-35034 An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. | 7.4 | HIGH | β | 0 |
| CVE-2021-35035 A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file. | 4.9 | MEDIUM | β | 0 |
| CVE-2021-38680 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alre... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-38687 A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fi... | 8.1 | HIGH | β | 0 |
| CVE-2021-38688 An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed... | 7.1 | HIGH | β | 0 |
| CVE-2021-36722 Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused b... | 7.1 | HIGH | β | 0 |
| CVE-2021-36723 Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-4175 livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 | MEDIUM | β | 0 |
| CVE-2021-4176 livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 | MEDIUM | β | 0 |
| CVE-2021-23727 This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. ... | 7.5 | HIGH | β | 0 |
| CVE-2021-25993 In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while up... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-45885 An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear th... | 7.5 | HIGH | β | 0 |
| CVE-2021-36724 ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPat... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-43876 Microsoft SharePoint Elevation of Privilege Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-4188 mruby is vulnerable to NULL Pointer Dereference | 7.5 | HIGH | β | 0 |
| CVE-2021-45427 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45815 Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45818 SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-43861 Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagra... | 7.2 | HIGH | β | 0 |
| CVE-2021-39978 Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues. | 7.5 | HIGH | β | 0 |
| CVE-2021-43862 jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. Th... | 3.7 | LOW | β | 0 |
| CVE-2020-29292 iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-38876 IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45379 Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password. | 8.8 | HIGH | β | 0 |
| CVE-2021-20132 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those ... | 8.8 | HIGH | β | 0 |
| CVE-2021-20160 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the dev... | 8.8 | HIGH | β | 0 |
| CVE-2021-20133 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of th... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20134 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file ... | 8.4 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.