Latest CVE Feed
-
9.8
CRITICALCVE-2021-33564
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs becau... Read more
Affected Products : dragonfly- Published: May. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33563
Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a failed login attempt had a valid username. This might make brute-force attacks easier.... Read more
Affected Products : koel- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-33562
A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= UR... Read more
Affected Products : shopizer- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-33561
A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for an... Read more
Affected Products : shopizer- Published: May. 24, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33560
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in... Read more
Affected Products : fedora debian_linux communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function libgcrypt communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_service_communication_proxy- Published: Jun. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33558
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-spec... Read more
Affected Products : boa- Published: May. 27, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-33557
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.... Read more
Affected Products : mantisbt- Published: Jun. 17, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-33555
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.... Read more
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33554
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33553
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33552
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33551
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33550
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33549
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33548
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33547
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33546
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33545
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-33544
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33543
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024