Latest CVE Feed
-
7.5
HIGHCVE-2021-39316
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.... Read more
Affected Products : zoomsounds- EPSS Score: %88.36
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39315
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.... Read more
Affected Products : magic-post-voice- EPSS Score: %0.21
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39314
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.... Read more
Affected Products : woo-enviopack- EPSS Score: %0.21
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39313
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.... Read more
Affected Products : simple_image_gallery- EPSS Score: %0.21
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39312
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.... Read more
Affected Products : true_ranker- EPSS Score: %85.47
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39311
The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.... Read more
Affected Products : link-list-manager- EPSS Score: %0.21
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39310
The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.... Read more
Affected Products : real_wysiwyg- EPSS Score: %0.21
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39309
The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows ... Read more
Affected Products : parsian_bank_gateway_for_woocommerce- EPSS Score: %0.21
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39308
The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and inclu... Read more
Affected Products : woo-myghpay-payment-gateway- EPSS Score: %0.21
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39307
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.... Read more
Affected Products : webviewer_ui- EPSS Score: %0.69
- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39306
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.... Read more
- EPSS Score: %0.62
- Published: Dec. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39304
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.... Read more
Affected Products : enterprise_protection- EPSS Score: %0.41
- Published: Oct. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39303
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.... Read more
Affected Products : jamf- EPSS Score: %0.73
- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39302
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.... Read more
Affected Products : misp- EPSS Score: %0.26
- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39301
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.25
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39300
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.06
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39299
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.06
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39298
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provid... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.04
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39297
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- EPSS Score: %0.57
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-39296
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.... Read more
Affected Products : openbmc- EPSS Score: %0.08
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024