Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-23378 A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-0527 Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-24694 In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-37852 ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. | 7.8 | HIGH | β | 0 |
| CVE-2021-25939 In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests per... | 2.7 | LOW | β | 0 |
| CVE-2021-40837 A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be ... | 4.6 | MEDIUM | β | 0 |
| CVE-2021-46557 Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-46354 Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to o... | 7.5 | HIGH | β | 0 |
| CVE-2021-46360 Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-command... | 8.8 | HIGH | β | 0 |
| CVE-2022-0538 Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained re... | 7.5 | HIGH | β | 0 |
| CVE-2022-0539 Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-3813 Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-40360 A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions <... | 8.8 | HIGH | β | 0 |
| CVE-2021-37185 A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9... | 7.5 | HIGH | β | 0 |
| CVE-2021-37194 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V... | 7.5 | HIGH | β | 0 |
| CVE-2021-37204 A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU ... | 7.5 | HIGH | β | 0 |
| CVE-2021-37205 A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9... | 7.5 | HIGH | β | 0 |
| CVE-2021-46558 Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the use... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-40363 A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions <... | 7.8 | HIGH | β | 0 |
| CVE-2021-44000 A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All... | 7.8 | HIGH | β | 0 |
| CVE-2021-44016 A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All... | 7.8 | HIGH | β | 0 |
| CVE-2021-44018 A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All... | 7.8 | HIGH | β | 0 |
| CVE-2021-44911 XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the fil... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-23317 CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | 7.5 | HIGH | β | 0 |
| CVE-2021-44912 In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, upload... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-45106 A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-46151 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated... | 7.8 | HIGH | β | 0 |
| CVE-2021-46152 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU fi... | 7.8 | HIGH | β | 0 |
| CVE-2021-46153 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU... | 7.8 | HIGH | β | 0 |
| CVE-2022-21988 Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-46154 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while p... | 7.8 | HIGH | β | 0 |
| CVE-2021-46155 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while p... | 7.8 | HIGH | β | 0 |
| CVE-2021-46156 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated... | 7.8 | HIGH | β | 0 |
| CVE-2021-46157 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU... | 7.8 | HIGH | β | 0 |
| CVE-2021-46158 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while p... | 7.8 | HIGH | β | 0 |
| CVE-2022-21989 Windows Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-46159 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated... | 7.8 | HIGH | β | 0 |
| CVE-2021-46160 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated... | 7.8 | HIGH | β | 0 |
| CVE-2021-46161 A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated... | 7.8 | HIGH | β | 0 |
| CVE-2022-23102 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user ... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-23312 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (X... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41441 A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated vic... | 7.4 | HIGH | β | 0 |
| CVE-2022-21844 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-21926 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-21927 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-21957 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 7.2 | HIGH | β | 0 |
| CVE-2022-21968 Microsoft SharePoint Server Security Feature Bypass Vulnerability | 4.3 | MEDIUM | β | 0 |
| CVE-2022-21991 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | 8.1 | HIGH | β | 0 |
| CVE-2022-23384 YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add | 8.8 | HIGH | β | 0 |
| CVE-2022-21974 Roaming Security Rights Management Services Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.