Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30294 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2022-28066 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26280. Reason: This candidate is a duplicate of CVE-2022-26280. Notes: All CVE users should reference CVE-2022-26280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2022-28397 1 Ghost 1 Ghost 2022-06-13 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional.
CVE-2022-27139 1 Ghost 1 Ghost 2022-06-13 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality.
CVE-2021-42892 1 Totolink 2 Ex1200t, Ex1200t Firmware 2022-06-13 5.0 MEDIUM 4.3 MEDIUM
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.
CVE-2022-28945 1 Webbank 1 Webcube 2022-06-13 7.5 HIGH 9.8 CRITICAL
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.
CVE-2022-1821 1 Gitlab 1 Gitlab 2022-06-13 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group.
CVE-2022-1783 1 Gitlab 1 Gitlab 2022-06-13 4.0 MEDIUM 2.7 LOW
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group.
CVE-2021-39947 1 Gitlab 1 Gitlab Runner 2022-06-13 4.3 MEDIUM 7.5 HIGH
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
CVE-2021-41932 1 Wolterskluwer 1 Teammate\+ Audit 2022-06-13 6.5 MEDIUM 8.8 HIGH
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc.
CVE-2021-42893 1 Totolink 2 Ex1200t, Ex1200t Firmware 2022-06-13 5.0 MEDIUM 7.5 HIGH
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.
CVE-2022-29770 1 Xuxueli 1 Xxl-job 2022-06-13 3.5 LOW 5.4 MEDIUM
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.
CVE-2021-41454 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41453 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41452 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41448 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41447 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41446 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41439 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-41438 2022-06-13 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.