IDCVSSSummaryLast (major) updatePublished
CVE-2020-18084 4.3
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
06-05-2021 - 13:44 30-04-2021 - 21:15
CVE-2021-26797 7.5
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.
06-05-2021 - 13:43 26-04-2021 - 12:15
CVE-2021-31432 2.1
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to
06-05-2021 - 13:39 29-04-2021 - 17:15
CVE-2021-31431 2.1
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to
06-05-2021 - 13:39 29-04-2021 - 17:15
CVE-2021-31430 2.1
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to
06-05-2021 - 13:37 29-04-2021 - 17:15
CVE-2021-31429 4.6
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit thi
06-05-2021 - 13:34 29-04-2021 - 17:15
CVE-2021-25927 7.5
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
06-05-2021 - 13:32 26-04-2021 - 11:15
CVE-2021-31428 4.6
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit thi
06-05-2021 - 13:28 29-04-2021 - 17:15
CVE-2020-19107 None
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
06-05-2021 - 13:17 06-05-2021 - 13:15
CVE-2020-19108 None
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
06-05-2021 - 13:17 06-05-2021 - 13:15
CVE-2021-1510 None
Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the D
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-19109 None
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1512 None
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-suppli
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1520 None
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28017 None
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-23128 None
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1429 None
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A succes
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1426 None
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A succes
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28021 None
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1515 None
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is r
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-3501 None
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat f
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-24251 None
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28026 None
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unau
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1400 None
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary comm
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1397 None
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input val
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1284 None
A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1519 None
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28012 None
Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-24246 None
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28010 None
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1478 None
A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28013 None
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-24214 None
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1521 None
A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-31532 None
NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), and LPC55S1x, LPC551x (silicon rev 0A) include an undocumented ROM patch peripheral that
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1490 None
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affecte
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28025 None
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-31616 None
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-24245 None
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected C
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1513 None
A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malfo
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1275 None
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gai
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28009 None
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time ne
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1499 None
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload functi
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-1401 None
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary comm
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28024 None
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such a
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28015 None
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-29491 None
Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2020-28018 None
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-29921 None
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects
06-05-2021 - 13:16 06-05-2021 - 13:15
CVE-2021-24249 None
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloa
06-05-2021 - 13:16 06-05-2021 - 13:15
Back to Top Mark selected
Back to Top