Latest CVE Feed
-
8.1
HIGHCVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of user... Read more
Affected Products : projectsend- Published: Oct. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40883
A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.... Read more
Affected Products : emlog- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40882
A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location.... Read more
Affected Products : piwigo- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40881
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.... Read more
Affected Products : publiccms- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40875
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and... Read more
Affected Products : testrail- Published: Sep. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40874
An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined wit... Read more
- Published: Jul. 18, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40873
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash un... Read more
Affected Products : uatoolkit_embedded datafeed_opc_suite opc secure_integration_server th_scope edgeconnector uagates- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40872
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The serv... Read more
- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40871
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast... Read more
- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40868
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.... Read more
Affected Products : cloudron- Published: Sep. 21, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40867
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or alrea... Read more
Affected Products : gs724tp_firmware gs728tp_firmware gs728tpp_firmware gs752tpp_firmware gs752tp_firmware gs750e_firmware gs108t_firmware gs110tp_firmware gc108p_firmware gc108pp_firmware +30 more products- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40866
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NS... Read more
Affected Products : gs724tp_firmware gs728tp_firmware gs728tpp_firmware gs752tpp_firmware gs752tp_firmware gs750e_firmware gs108t_firmware gs110tp_firmware gc108p_firmware gc108pp_firmware +30 more products- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should u... Read more
Affected Products : storm- Published: Oct. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40864
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.... Read more
Affected Products : google_translate- Published: Sep. 10, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-40862
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in ... Read more
Affected Products : terraform_enterprise- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-40861
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS com... Read more
Affected Products : intelligent_workload_distribution_manager- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-40860
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extra... Read more
Affected Products : intelligent_workload_distribution_manager- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-40859
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.... Read more
- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-40858
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.... Read more
Affected Products : compact_5500r_ip_firmware compact_5200r_ip_firmware compact_5000r_ip_firmware compact_4000_ip_firmware commander_6000r_ip_firmware commander_6000rx_ip_firmware commander_business\(19\"\)_ip_firmware commander_basic.2\(19\"\)_ip_firmware compact_5010_voip_ip_firmware compact_5020_voip_ip_firmware +10 more products- Published: Dec. 13, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-40857
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.... Read more
Affected Products : compact_5500r_ip_firmware compact_5200r_ip_firmware compact_5000r_ip_firmware compact_4000_ip_firmware commander_6000r_ip_firmware commander_6000rx_ip_firmware commander_business\(19\"\)_ip_firmware commander_basic.2\(19\"\)_ip_firmware compact_5010_voip_ip_firmware compact_5020_voip_ip_firmware +10 more products- Published: Dec. 13, 2021
- Modified: Nov. 21, 2024