Latest CVE Feed
-
8.2
HIGHCVE-2021-42554
An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerabi... Read more
- Published: Feb. 03, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-42552
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I.... Read more
Affected Products : archivistabox- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-42551
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; ver... Read more
Affected Products : netbiblio- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
8.5
HIGHCVE-2021-42550
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.... Read more
Affected Products : satellite service_level_manager snap_creator_framework sinec_nms cloud_manager logback- Published: Dec. 16, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-42549
Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more
Affected Products : lets-box- Published: Dec. 13, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-42548
Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more
Affected Products : share-one-drive- Published: Dec. 13, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-42547
Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more
Affected Products : out-of-the-box- Published: Dec. 13, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-42546
Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.... Read more
Affected Products : use-your-drive- Published: Dec. 13, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-42545
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.... Read more
Affected Products : topease- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42544
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges.... Read more
- Published: Nov. 30, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-42543
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.... Read more
Affected Products : daqfactory- Published: Nov. 05, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-42542
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.... Read more
- Published: Oct. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-42540
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.... Read more
- Published: Oct. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-42539
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.... Read more
- Published: Oct. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-42538
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.... Read more
- Published: Oct. 22, 2021
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-42536
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.... Read more
- Published: Oct. 22, 2021
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2021-42534
The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.... Read more
- Published: Oct. 22, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-42533
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploi... Read more
Affected Products : bridge- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2021-42532
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must ope... Read more
- Published: May. 02, 2022
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2021-42531
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must ope... Read more
- Published: May. 02, 2022
- Modified: Nov. 21, 2024