‼ CVE-2021-36532 ‼
📖 Read
via "National Vulnerability Database".
Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37377 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36544 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37234 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37376 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37304 ‼
📖 Read
via "National Vulnerability Database".
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36569 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36712 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36535 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37501 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37379 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37305 ‼
📖 Read
via "National Vulnerability Database".
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37316 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37375 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36493 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23087 ‼
📖 Read
via "National Vulnerability Database".
An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36570 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36424 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23088 ‼
📖 Read
via "National Vulnerability Database".
Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36443 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36545 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.📖 Read
via "National Vulnerability Database".