IDCVSSSummaryLast (major) updatePublished
CVE-2020-23240 None
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
26-07-2021 - 21:15 26-07-2021 - 21:15
CVE-2020-23241 None
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
26-07-2021 - 21:15 26-07-2021 - 21:15
CVE-2020-23242 None
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
26-07-2021 - 21:15 26-07-2021 - 21:15
CVE-2020-23243 None
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
26-07-2021 - 21:15 26-07-2021 - 21:15
CVE-2021-37555 None
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then
26-07-2021 - 21:15 26-07-2021 - 21:15
CVE-2021-22119 5.0
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and We
26-07-2021 - 21:15 29-06-2021 - 17:15
CVE-2020-6060 5.0
A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability,
26-07-2021 - 21:15 04-02-2020 - 20:15
CVE-2020-6059 6.4
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and D
26-07-2021 - 21:15 04-02-2020 - 20:15
CVE-2021-2348 4.0
Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low priv
26-07-2021 - 20:58 21-07-2021 - 15:15
CVE-2021-2364 5.5
Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with net
26-07-2021 - 20:58 21-07-2021 - 15:15
CVE-2021-2365 5.5
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: People Management). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access
26-07-2021 - 20:55 21-07-2021 - 15:15
CVE-2021-2366 5.5
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14 and 20.12.0-
26-07-2021 - 20:55 21-07-2021 - 15:15
CVE-2021-21799 4.3
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the tar
26-07-2021 - 20:47 16-07-2021 - 11:15
CVE-2021-21800 4.3
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the target
26-07-2021 - 20:47 16-07-2021 - 11:15
CVE-2020-17952 None
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-18169 None
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-18170 None
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-18171 None
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-18172 None
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-18173 None
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-18174 None
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-23234 None
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-23238 None
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2020-23239 None
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2021-32795 None
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allows attacker to remotely crash running ASF instance
26-07-2021 - 20:15 26-07-2021 - 20:15
CVE-2021-32794 None
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword
26-07-2021 - 20:15 26-07-2021 - 19:15
CVE-2020-5031 3.5
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc
26-07-2021 - 20:01 19-07-2021 - 16:15
CVE-2021-20507 3.5
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc
26-07-2021 - 20:00 19-07-2021 - 16:15
CVE-2021-29707 7.2
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.
26-07-2021 - 19:44 19-07-2021 - 16:15
CVE-2021-29780 6.5
IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085.
26-07-2021 - 19:28 19-07-2021 - 16:15
CVE-2021-2436 5.8
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthen
26-07-2021 - 19:15 21-07-2021 - 15:16
CVE-2021-2435 5.8
Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
26-07-2021 - 19:13 21-07-2021 - 15:16
CVE-2021-2433 5.0
Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network acc
26-07-2021 - 19:11 21-07-2021 - 15:16
CVE-2021-2432 4.3
Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr
26-07-2021 - 19:10 21-07-2021 - 15:16
CVE-2021-2429 4.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
26-07-2021 - 19:08 21-07-2021 - 15:16
CVE-2021-34692 7.2
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.
26-07-2021 - 19:07 15-07-2021 - 14:15
CVE-2021-2421 6.8
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low privileged attacker
26-07-2021 - 19:06 21-07-2021 - 15:15
CVE-2021-2439 4.3
Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces
26-07-2021 - 19:03 21-07-2021 - 15:16
CVE-2021-2437 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-07-2021 - 19:02 21-07-2021 - 15:16
CVE-2021-2438 4.0
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network acce
26-07-2021 - 19:01 21-07-2021 - 15:16
CVE-2021-34689 2.1
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.
26-07-2021 - 19:01 15-07-2021 - 14:15
CVE-2021-34688 2.1
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded s
26-07-2021 - 19:00 15-07-2021 - 14:15
CVE-2021-2444 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
26-07-2021 - 18:52 21-07-2021 - 15:16
CVE-2021-36563 None
The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as Jav
26-07-2021 - 18:50 26-07-2021 - 18:15
CVE-2021-37392 None
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view th
26-07-2021 - 18:50 26-07-2021 - 18:15
CVE-2021-37393 None
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles
26-07-2021 - 18:50 26-07-2021 - 18:15
CVE-2021-37394 None
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.
26-07-2021 - 18:50 26-07-2021 - 18:15
CVE-2021-37473 None
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
26-07-2021 - 18:50 26-07-2021 - 18:15
CVE-2021-37475 None
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
26-07-2021 - 18:50 26-07-2021 - 18:15
CVE-2021-37476 None
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
26-07-2021 - 18:50 26-07-2021 - 18:15
Back to Top Mark selected
Back to Top