IDCVSSSummaryLast (major) updatePublished
CVE-2021-3552 5.0
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions pri
01-12-2021 - 14:53 24-11-2021 - 16:15
CVE-2021-43790 6.8
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data rac
01-12-2021 - 14:48 30-11-2021 - 00:15
CVE-2018-25012 6.4
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
01-12-2021 - 14:46 21-05-2021 - 17:15
CVE-2018-25013 6.4
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
01-12-2021 - 14:45 21-05-2021 - 17:15
CVE-2020-36328 7.5
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity
01-12-2021 - 14:45 21-05-2021 - 17:15
CVE-2020-36329 7.5
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
01-12-2021 - 14:44 21-05-2021 - 17:15
CVE-2020-36331 6.4
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
01-12-2021 - 14:44 21-05-2021 - 17:15
CVE-2021-40101 6.5
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.
01-12-2021 - 14:29 30-11-2021 - 20:15
CVE-2021-43690 None
YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.
01-12-2021 - 14:23 01-12-2021 - 13:15
CVE-2021-44280 None
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.
01-12-2021 - 14:23 01-12-2021 - 13:15
CVE-2021-25967 None
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in
01-12-2021 - 14:23 01-12-2021 - 14:15
CVE-2021-44277 None
Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
01-12-2021 - 14:23 01-12-2021 - 14:15
CVE-2021-44279 None
Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
01-12-2021 - 14:23 01-12-2021 - 14:15
CVE-2021-41303 7.5
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
01-12-2021 - 14:20 17-09-2021 - 09:15
CVE-2020-1171 9.3
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from
01-12-2021 - 14:20 21-05-2020 - 23:15
CVE-2020-21535 4.3
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c.
01-12-2021 - 14:19 16-09-2021 - 21:15
CVE-2021-41079 4.3
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an in
01-12-2021 - 14:19 16-09-2021 - 15:15
CVE-2020-1192 9.3
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-
01-12-2021 - 14:19 21-05-2020 - 23:15
CVE-2020-19131 5.0
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
01-12-2021 - 14:18 07-09-2021 - 15:15
CVE-2021-28706 7.8
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calcula
01-12-2021 - 14:16 24-11-2021 - 01:15
CVE-2021-33035 6.8
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A
01-12-2021 - 14:15 23-09-2021 - 08:15
CVE-2021-41382 5.0
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
01-12-2021 - 14:14 22-09-2021 - 00:15
CVE-2021-39327 5.0
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of
01-12-2021 - 14:14 17-09-2021 - 11:15
CVE-2021-36328 6.5
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information
01-12-2021 - 14:09 30-11-2021 - 21:15
CVE-2021-36327 5.0
Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP request
01-12-2021 - 14:08 30-11-2021 - 21:15
CVE-2021-36326 4.3
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications betwee
01-12-2021 - 14:07 30-11-2021 - 21:15
CVE-2021-43268 6.4
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.
01-12-2021 - 14:07 24-11-2021 - 17:15
CVE-2021-4026 4.0
bookstack is vulnerable to Improper Access Control
01-12-2021 - 14:01 30-11-2021 - 20:15
CVE-2021-42564 4.9
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="r
01-12-2021 - 13:43 30-11-2021 - 20:15
CVE-2021-43692 4.3
youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.
01-12-2021 - 13:15 29-11-2021 - 15:15
CVE-2021-43691 None
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.
01-12-2021 - 13:15 29-11-2021 - 16:15
CVE-2021-3984 None
vim is vulnerable to Heap-based Buffer Overflow
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-3985 None
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-3989 None
showdoc is vulnerable to URL Redirection to Untrusted Site
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-3990 None
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-3992 None
kimai2 is vulnerable to Improper Access Control
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-3993 None
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-3994 None
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-4015 None
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-4017 None
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
01-12-2021 - 13:04 01-12-2021 - 11:15
CVE-2021-32592 None
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL en
01-12-2021 - 13:04 01-12-2021 - 12:15
CVE-2021-3964 None
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
01-12-2021 - 13:04 01-12-2021 - 12:15
CVE-2021-3983 None
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
01-12-2021 - 13:04 01-12-2021 - 12:15
CVE-2021-4018 None
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
01-12-2021 - 13:04 01-12-2021 - 10:15
CVE-2021-4019 None
vim is vulnerable to Heap-based Buffer Overflow
01-12-2021 - 13:04 01-12-2021 - 10:15
CVE-2021-43696 4.3
twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability.
01-12-2021 - 12:15 29-11-2021 - 13:15
CVE-2021-43697 4.3
Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET
01-12-2021 - 12:15 29-11-2021 - 13:15
CVE-2021-43695 4.3
issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization
01-12-2021 - 12:15 29-11-2021 - 14:15
CVE-2021-43698 4.3
phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a
01-12-2021 - 12:15 29-11-2021 - 12:15
CVE-2021-34599 None
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS
01-12-2021 - 09:25 01-12-2021 - 09:15
Back to Top Mark selected
Back to Top