Sort by:
Date
2024-12-12
CVE ID
CVE-2024-8374
Name
Code Injection in UltiMaker Cura
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
21 Oct 2024
CVE ID
CVE-2023-49089
Name
Path Traversal on Package Name in @umbraco/Umbraco-CMS
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
Date
23 Sep 2024
CVE ID
CVE-2023-48313
Name
DOM-XSS in Login Functionality in @umbraco/Umbraco-CMS
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
23 Sep 2024
CVE ID
CVE-2024-35218
Name
Stored XSS on Content Page Through Markdown Editor Preview Pane in @umbraco/Umbraco-CMS
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
23 Sep 2024
CVE ID
CVE-2024-35239
Name
Stored XSS on Title and Description Component of Umbraco Forms
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Date
23 Sep 2024
CVE ID
CVE-2024-35240
Name
Stored XSS on Print Functionality in Umbraco Commerce
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
14 Jun 2024
CVE ID
CVE-2024-5685
Name
Broken Function Level Authorization (BFLA) in snipe/snipe-it
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
Date
10 May 2024
CVE ID
CVE-2024-34349
Name
Stored Cross-Site Scripting (XSS) in sylius/sylius
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
29 Apr 2024
CVE ID
CVE-2024-4068
Name
Memory Exhaustion in braces
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
28 Apr 2024
CVE ID
CVE-2024-4067
Name
Regular Expression Denial of Service (ReDoS) in micromatch
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
4 Apr 2024
CVE ID
CVE-2024-31217
Name
Denial-of-Service via Improper Exception Handling in @strapi/plugin-upload
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
2 Jan 2024
CVE ID
CVE-2023-50447
Name
Arbitrary Code Execution in Pillow
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
26 Sep 2023
CVE ID
CVE-2023-46495
Name
Reflected XSS in Front Store in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
25 Sep 2023
CVE ID
CVE-2023-46496
Name
Arbitrary File Deletion (via Relative Path Traversal) in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
Date
25 Sep 2023
CVE ID
CVE-2023-46497
Name
Arbitrary Folder Creation (via Relative Path Traversal) in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
25 Sep 2023
CVE ID
CVE-2023-46498
Name
Broken Function Level Authorization in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
Date
25 Sep 2023
CVE ID
CVE-2023-46493
Name
Directories List (via Relative Path Traversal) in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
25 Aug 2023
CVE ID
CVE-2023-46942
Name
Lack of Authentication on GraphQL Endpoints in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
25 Aug 2023
CVE ID
CVE-2023-46943
Name
Insecure JWT – Hardcoded HMAC Secret in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Date
1 Jul 2023
CVE ID
CVE-2023-44271
Name
Denial of Service (DoS) in Pillow
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
27 Apr 2023
CVE ID
CVE-2023-46494
Name
Reflected XSS in Admin Panel in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
27 Apr 2023
CVE ID
CVE-2023-46499
Name
Stored XSS in Admin Panel in @evershop/evershop
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Date
30 Oct 2022
CVE ID
CVE-2022-44143
Name
Arbitrary File Write (via Path Traversal) in nopCommerce
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-0436
Name
Path Traversal in gruntjs/grunt
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-1537
Name
Arbitrary File Write gruntjs/grunt
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
12 Sep 2022
CVE ID
N/A
Name
Authentication Bypass by Primary Weakness in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Date
12 Sep 2022
CVE ID
N/A
Name
Exposure of Sensitive Information to an Unauthorized Actor in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
12 Sep 2022
CVE ID
N/A
Name
Improper Input Validation in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
12 Sep 2022
CVE ID
N/A
Name
Hostname Spoofing via Improper Input Validation in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Date
12 Sep 2022
CVE ID
N/A
Name
Open Redirect in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
12 Sep 2022
CVE ID
N/A
Name
Whitelist bypasses in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
12 Sep 2022
CVE ID
N/A
Name
Whitelist bypasses in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-29248
Name
Set cookie for different domain in guzzle/guzzle
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-31042
Name
Unvalidated Follow Redirects in guzzle/guzzle
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-31043
Name
Failure to strip Authentication header on HTTP downgrade in guzzle/guzzle
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-28803
Name
Stored XSS in silverstripe/silverstripe-framework
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-29858
Name
Cross-Site Scripting in silverstripe/silverstripe-assets
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Date
12 Sep 2022
CVE ID
N/A
Name
ReDoS vulnerability in GitPython
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
12 Sep 2022
CVE ID
CVE-2022-1996
Name
Authorization Bypass Through User-Controlled Key in emicklei/go-restful.
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Date
12 Sep 2022
CVE ID
CVE-2022-2217
Name
Cross-site Scripting (XSS) in parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
21 Jul 2022
CVE ID
CVE-2022-31091
Name
Sensitive header uncleared on same-host, cross-port redirect in guzzle/guzzle
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Date
21 Jul 2022
CVE ID
CVE-2022-2218
Name
Cross Site Scripting in ionicabizau/parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
21 Jul 2022
CVE ID
CVE-2022-2216
Name
SSRF via Improper Input Validation in ionicabizau/parse-url
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
20 Jul 2022
CVE ID
N/A
Name
Authenticated RCE in craftcms/cms
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
17 Jun 2022
CVE ID
CVE-2022-22979
Name
DoS in Spring Cloud Function
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
17 Jun 2022
CVE ID
N/A
Name
Unintended function invocation in Spring Cloud Function
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Date
28 Apr 2022
CVE ID
CVE-2022-0686
Name
Authorization Bypass vulnerability in url-parse
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Date
28 Apr 2022
CVE ID
CVE-2022-0691
Name
Authorization Bypass vulnerability in url-parse
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2022
CVE ID
CVE-2022-0227
Name
Business Logic Errors in SilverStripe Framework
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
28 Apr 2022
CVE ID
N/A
Name
A ReDoS (Regular Expression Denial of Service) vulnerability in GitPython
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
28 Apr 2022
CVE ID
CVE-2022-0338
Name
Improper Privilege Management in Conda 'loguru'
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Date
28 Apr 2022
CVE ID
N/A
Name
Log Injection in loguru
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Date
25 Apr 2022
CVE ID
CVE-2021-43432
Name
XSS in XMALL ecommerce system
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
25 Apr 2022
CVE ID
CVE-2022-0512
Name
Authorization Bypass vulnerability in url-parse
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
25 Apr 2022
CVE ID
CVE-2022-0639
Name
Authorization Bypass vulnerability in url-parse
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
15 Jan 2022
CVE ID
N/A
Name
Improper Restriction of XML External Entity Reference in jetbrains/kotlin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: Low
Date
30 Dec 2021
CVE ID
CVE-2021-44832
Name
Deserialization attack via JDBC Appender in log4j
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
19 Sep 2021
CVE ID
CVE-2021-37794
Name
Stored XSS Vulnerability Discovered in FileBrowser
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
1 Sep 2021
CVE ID
CVE-2021-33360
Name
Command injection vulnerability in @stoqey/gnuplot
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
1 Sep 2021
CVE ID
N/A
Name
Command injection vulnerability in ssh2
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
22 Jul 2021
CVE ID
CVE-2021-37367
Name
Code Execution Vulnerability Discovered in CTparetnal
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
14 Jul 2021
CVE ID
CVE-2021-37365
Name
Reflected XSS Vulnerability Discovered in CTparetnal
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
14 Jul 2021
CVE ID
CVE-2021-37366
Name
CSRF Vulnerability Discovered in CTparetnal
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
29 Jun 2021
CVE ID
N/A
Name
Command injection vulnerability in coveralls
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Jun 2021
CVE ID
CVE-2021-36518
Name
Prototype pollution in cloneextend
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Date
28 Jun 2021
CVE ID
CVE-2021-36517
Name
Prototype pollution in extend2
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Date
22 Jun 2021
CVE ID
CVE-2021-34826
Name
SQL Injection in Heimdall Gateway - heimdall/getheimdall
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
21 Jun 2021
CVE ID
CVE-2021-31800
Name
Path Traversal Vulnerability Discovered in Impacket
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
21 Jun 2021
CVE ID
CVE-2021-33356
Name
Privilege Escalation Vulnerability Discovered in RaspAP
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
21 Jun 2021
CVE ID
CVE-2021-33357
Name
Unauthenticated Command Injection Vulnerability Discovered in RaspAP
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
21 Jun 2021
CVE ID
CVE-2021-33358
Name
Authenticated Command Injection Vulnerability Discovered in RaspAP
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
21 Jun 2021
CVE ID
CVE-2021-33359
Name
Arbitrary File Read Vulnerability Discovered in GoWitness
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
14 Jun 2021
CVE ID
CVE-2021-33829
Name
Stored XSS Vulnerability Discovered in CKEditor4
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
4 Jun 2021
CVE ID
CVE-2021-25641
Name
Unsafe Deserialization In Apache Dubbo & Alibaba Dubbo
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
17 May 2021
CVE ID
CVE-2021-33420
Name
Deserialization RCE attack in replicator
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
5 May 2021
CVE ID
CVE-2021-29369
Name
Command Injection in @rkesters/gnuplot
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
29 Apr 2021
CVE ID
CVE-2021-26543
Name
Command injection vulnerability in git-parse
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2021
CVE ID
N/A
Name
Command Injection in gnuplot-heatmap
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2021
CVE ID
N/A
Name
Command Injection in jandoc
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2021
CVE ID
N/A
Name
Command injection vulnerability in lifion-verify-deps
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2021
CVE ID
N/A
Name
Command Injection in docker-tester
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2021
CVE ID
N/A
Name
Gnuplot Command Injection in gnu-plot
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2021
CVE ID
N/A
Name
OS Command Injection in plotter
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Apr 2021
CVE ID
N/A
Name
Gnuplot Command Injection in plotframes
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
27 Apr 2021
CVE ID
N/A
Name
Command injection vulnerability in the ssl-utils NPM package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
27 Apr 2021
CVE ID
N/A
Name
Command Injection in azure-gs
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Date
26 Apr 2021
CVE ID
N/A
Name
Command injection vulnerability in the google-it NPM package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
26 Apr 2021
CVE ID
N/A
Name
Remote code execution vulnerability in reqwest
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
26 Apr 2021
CVE ID
CVE-2021-31896
Name
Command injection vulnerability in curl-ganteng
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
26 Apr 2021
CVE ID
N/A
Name
Command injection vulnerability in the gitsome NPM package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
26 Apr 2021
CVE ID
N/A
Name
Command injection vulnerability in the proctree NPM package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
26 Apr 2021
CVE ID
N/A
Name
OS Command Injection in ebook
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
25 Apr 2021
CVE ID
N/A
Name
Command injection vulnerability in s3-uploader
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
23 Mar 2021
CVE ID
CVE-2021-29300
Name
Command injection vulnerability in @ronomon/opened
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
28 Feb 2021
CVE ID
CVE-2021-26539
Name
Validation Bypass in sanitize-html using IDN
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
28 Feb 2021
CVE ID
CVE-2021-26540
Name
Validation Bypass in sanitize-html using protocol relative URLs
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
18 Feb 2021
CVE ID
CVE-2021-27515
Name
Hostname spoofing in url-parse
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Date
13 Feb 2021
CVE ID
CVE-2021-27516
Name
Hostname spoofing in urijs
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Date
10 Feb 2021
CVE ID
CVE-2021-27191
Name
Denial of Service in get-ip-range package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
9 Feb 2021
CVE ID
CVE-2020-28997
Name
Local File Inclusion vulnerabilities in Pixel Caffeine Wordpress plugin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Date
9 Feb 2021
CVE ID
CVE-2021-27185
Name
Command injection vulnerability in samba-client
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
1 Feb 2021
CVE ID
CVE-2021-23980
Name
Mutation XSS in Mozilla-bleach using comments
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
21 Jan 2021
CVE ID
CVE-2021-26276
Name
Command injection vulnerability in the config-shield NPM package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Date
21 Jan 2021
CVE ID
CVE-2021-26275
Name
Command injection vulnerability in the eslint-fixer NPM package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
20 Jan 2021
CVE ID
CVE-2021-3190
Name
Command injection vulnerability in async-git
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
14 Jan 2021
CVE ID
CVE-2021-3133
Name
CSRF in Elementor-Contact-Form-DB wordpress plugin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
11 Jan 2021
CVE ID
CVE-2021-23326
Name
Command injection vulnerability in @graphql-tools/git-loader
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
6 Jan 2021
CVE ID
CVE-2020-35774
Name
Stored XSS via /histogram endpoint in twitter-server
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
6 Jan 2021
CVE ID
CVE-2021-26541
Name
Command injection vulnerability in gitlog
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
23 Dec 2020
CVE ID
CVE-2020-35773
Name
RCE via site-offline wordpress plugin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Date
17 Dec 2020
CVE ID
CVE-2020-26275
Name
Open redirect in Jupyter server
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
8 Dec 2020
CVE ID
CVE-2020-35135
Name
CSRF in ultimate-category-excluder wordpress plugin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
2 Dec 2020
CVE ID
CVE-2020-13669
Name
XSS in Drupal core's built-in CKEditor image caption functionality
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
30 Nov 2020
CVE ID
CVE-2020-28996
Name
CSRF and Reflected XSS in PowerPress Wordpress plugin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Date
27 Nov 2020
CVE ID
CVE-2020-27783
Name
Mutation Cross-Site Scripting in lxml
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
19 Nov 2020
CVE ID
CVE-2020-13663
Name
Reflected DOM-based XSS in Drupal Core
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
18 Nov 2020
CVE ID
N/A
Name
Reintroduced ReDoS in debug
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Date
17 Nov 2020
CVE ID
CVE-2020-13942
Name
Remote Code Execution in Apache Unomi using `MVEL` and `OGNL` expressions
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
16 Nov 2020
CVE ID
CVE-2020-28995
Name
Reflected XSS in Paid Memberships Pro Wordpress plugin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Date
8 Nov 2020
CVE ID
CVE-2020-15275
Name
XSS in MoinMoin when uploading a SVG file with malicious javascript code in its content
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Date
10 Oct 2020
CVE ID
CVE-2020-26935
Name
SQL Injection in phpMyAdmin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
20 Aug 2020
CVE ID
CVE-2020-14042
Name
Stored XSS via folder name in Codiad
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
20 Aug 2020
CVE ID
CVE-2020-14043
Name
Codiad CSRF in the plugin request
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
20 Aug 2020
CVE ID
CVE-2020-14044
Name
Codiad SSRF when installing a plugin
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
22 Apr 2020
CVE ID
CVE-2020-7598
Name
Prototype Pollution vulnerability in Minimist
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Date
17 Mar 2020
CVE ID
CVE-2020-6816
Name
Mutation XSS in Mozilla-bleach via svg or math
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
25 Feb 2020
CVE ID
CVE-2020-6802
Name
Mutation XSS in Mozilla-bleach via noscript
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
16 Feb 2020
CVE ID
N/A
Name
Open redirect in macaron/i18n
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
10 Feb 2020
CVE ID
CVE-2019-17564
Name
Unsafe deserialization in Apache Dubbo
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Date
26 Sep 2019
CVE ID
N/A
Name
OS command execution vulnerability in Commander.js
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Date
31 Jan 2019
CVE ID
N/A
Name
Open redirect in gitea/blog
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
31 Jan 2019
CVE ID
CVE-2019-3826
Name
DOM XSS in Prometheus
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
13 Dec 2017
CVE ID
CVE-2016-10703
Name
Denial of Service (DoS) vulnerability in ecstatic npm package
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Date
17 Nov 2017
CVE ID
CVE-2017-14077
Name
HTML injection in Securimage
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Date
18 May 2016
CVE ID
CVE-2016-10510
Name
Cross-Site Scripting in Kohana PHP
CVE SCORE
Page
Visit the pageSummary
Properties
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Page
FULL VULNERABILITY NAME
SUMMARY
PROPERTIES
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None