IDCVSSSummaryLast (major) updatePublished
CVE-2021-1420 4.3
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. A
14-04-2021 - 17:48 08-04-2021 - 04:15
CVE-2020-27235 7.5
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
14-04-2021 - 17:44 13-04-2021 - 15:15
CVE-2020-27233 7.5
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
14-04-2021 - 17:44 13-04-2021 - 15:15
CVE-2020-27236 7.5
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
14-04-2021 - 17:44 13-04-2021 - 15:15
CVE-2020-27234 7.5
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
14-04-2021 - 17:44 13-04-2021 - 15:15
CVE-2020-35419 None
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
14-04-2021 - 17:37 14-04-2021 - 17:15
CVE-2021-27251 None
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware upd
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27246 None
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27249 None
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-28826 None
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that
14-04-2021 - 17:37 14-04-2021 - 17:15
CVE-2020-35418 None
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
14-04-2021 - 17:37 14-04-2021 - 17:15
CVE-2021-28060 None
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
14-04-2021 - 17:37 14-04-2021 - 17:15
CVE-2021-27250 None
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-28825 None
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that the
14-04-2021 - 17:37 14-04-2021 - 17:15
CVE-2021-27259 None
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27252 None
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-28855 None
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).
14-04-2021 - 17:37 14-04-2021 - 17:15
CVE-2021-28856 None
In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.
14-04-2021 - 17:37 14-04-2021 - 17:15
CVE-2021-27253 None
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypas
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27248 None
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27708 None
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untru
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27258 None
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27260 None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2021-27247 None
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page
14-04-2021 - 17:37 14-04-2021 - 16:15
CVE-2020-29593 None
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-30494 None
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-27604 None
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-25314 None
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-27706 None
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-27707 None
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2020-29592 None
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of th
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-27599 None
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-30493 None
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is u
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-28098 None
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeSc
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-27608 None
An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integr
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-27130 None
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-27705 None
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "
14-04-2021 - 17:37 14-04-2021 - 15:15
CVE-2021-28927 4.6
The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used b
14-04-2021 - 17:35 07-04-2021 - 15:15
CVE-2021-1413 6.5
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the w
14-04-2021 - 17:33 08-04-2021 - 04:15
CVE-2021-1309 8.3
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory
14-04-2021 - 17:28 08-04-2021 - 04:15
CVE-2021-27522 6.5
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.
14-04-2021 - 17:01 08-04-2021 - 16:15
CVE-2021-30462 9.0
VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts.
14-04-2021 - 16:58 08-04-2021 - 14:15
CVE-2021-1415 6.5
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the w
14-04-2021 - 16:54 08-04-2021 - 04:15
CVE-2021-1414 6.5
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the w
14-04-2021 - 16:52 08-04-2021 - 04:15
CVE-2021-25250 7.2
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must
14-04-2021 - 16:18 13-04-2021 - 13:15
CVE-2021-20334 4.6
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x vers
14-04-2021 - 16:15 06-04-2021 - 17:15
CVE-2021-23358 7.5
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
14-04-2021 - 16:15 29-03-2021 - 14:15
CVE-2021-25253 7.2
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an
14-04-2021 - 16:11 13-04-2021 - 13:15
CVE-2021-30246 6.4
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
14-04-2021 - 16:09 07-04-2021 - 21:15
CVE-2021-20021 7.5
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
14-04-2021 - 16:04 09-04-2021 - 18:15
Back to Top Mark selected
Back to Top