Latest CVE Feed
-
6.1
MEDIUMCVE-2021-30133
A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is ... Read more
Affected Products : cloverdx- EPSS Score: %0.23
- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30132
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.... Read more
Affected Products : cloudera_manager- EPSS Score: %0.53
- Published: Nov. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-30130
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.... Read more
- EPSS Score: %0.16
- Published: Apr. 06, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apa... Read more
- EPSS Score: %0.23
- Published: Jul. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-30128
Apache OFBiz has unsafe deserialization prior to 17.12.07 version... Read more
Affected Products : ofbiz- EPSS Score: %93.35
- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-30127
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /e... Read more
- EPSS Score: %0.24
- Published: Apr. 03, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-30126
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.... Read more
Affected Products : controlcenter- EPSS Score: %0.21
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-30125
Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376.... Read more
Affected Products : jamf- EPSS Score: %0.28
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30124
The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder.... Read more
Affected Products : vscode-phpmd- EPSS Score: %2.74
- Published: Jul. 30, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-30123
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.... Read more
Affected Products : ffmpeg- EPSS Score: %3.43
- Published: Apr. 07, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-30121
Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained... Read more
Affected Products : vsa- EPSS Score: %0.25
- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-30120
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- Duri... Read more
Affected Products : vsa- EPSS Score: %0.16
- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-30119
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDe... Read more
Affected Products : vsa- EPSS Score: %0.10
- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-30118
An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an ... Read more
Affected Products : vsa- EPSS Score: %1.85
- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30117
The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: ``` GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.... Read more
Affected Products : vsa- EPSS Score: %0.48
- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-30114
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request... Read more
Affected Products : enterprise_resource_planning- EPSS Score: %0.14
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-30113
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and ... Read more
Affected Products : enterprise_resource_planning- EPSS Score: %0.25
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-30112
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF toke... Read more
Affected Products : enterprise_resource_planning- EPSS Score: %0.14
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.... Read more
Affected Products : enterprise_resource_planning- EPSS Score: %0.24
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-30110
dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates.... Read more
Affected Products : domain_time_ii- EPSS Score: %1.52
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024