Latest CVE Feed
-
7.5
HIGHCVE-2021-39312
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.... Read more
Affected Products : true_ranker- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39311
The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.... Read more
Affected Products : link-list-manager- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39310
The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.... Read more
Affected Products : real_wysiwyg- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39309
The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows ... Read more
Affected Products : parsian_bank_gateway_for_woocommerce- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39308
The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and inclu... Read more
Affected Products : woo-myghpay-payment-gateway- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-39307
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.... Read more
Affected Products : webviewer_ui- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39306
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.... Read more
- Published: Dec. 22, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39304
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.... Read more
Affected Products : enterprise_protection- Published: Oct. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39303
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.... Read more
Affected Products : jamf- Published: Nov. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39302
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.... Read more
Affected Products : misp- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39301
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39300
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39299
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39298
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provid... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39297
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.... Read more
Affected Products : z6_g4_workstation_firmware z8_g4_workstation_firmware elite_dragonfly_g2_firmware elite_dragonfly_max_firmware elitebook_830_g8_firmware elitebook_840_aero_g8_firmware elitebook_840_g8_firmware elitebook_850_g8_firmware elitebook_x360_1030_g8_firmware elitebook_x360_1040_g8_firmware +364 more products- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-39296
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.... Read more
Affected Products : openbmc- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.... Read more
- Published: Jan. 24, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-39291
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, N... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39290
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB37... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-39289
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB37... Read more
- Published: Aug. 23, 2021
- Modified: Nov. 21, 2024