Latest CVE Feed
-
8.4
HIGHCVE-2021-29070
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more
Affected Products : rbk852_firmware rbr850_firmware rbs850_firmware rbk853_firmware rbk854_firmware rbk852 rbk853 rbr850 rbs850 rbk854- EPSS Score: %0.46
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-29069
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.... Read more
- EPSS Score: %0.08
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-29068
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 befo... Read more
Affected Products : r7800_firmware r6120_firmware r6220_firmware r6260_firmware r6700_firmware r6800_firmware r6900_firmware r6900p_firmware r7000_firmware r7000p_firmware +150 more products- EPSS Score: %0.55
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-29067
Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 be... Read more
Affected Products : rbs40v_firmware rbk752_firmware rbr750_firmware rbs750_firmware rbk852_firmware rbr850_firmware rbs850_firmware rbw30_firmware rbk753_firmware rbk753s_firmware +16 more products- EPSS Score: %0.14
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-29066
Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more
Affected Products : rbk852_firmware rbr850_firmware rbs850_firmware rbk853_firmware rbk854_firmware rbk852 rbk853 rbr850 rbs850 rbk854- EPSS Score: %0.10
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-29065
NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass.... Read more
- EPSS Score: %0.10
- Published: Mar. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-29063
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.... Read more
- EPSS Score: %2.35
- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-29061
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.... Read more
Affected Products : vfsjfilechooser2- EPSS Score: %1.52
- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-29060
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.... Read more
Affected Products : color-string- EPSS Score: %0.34
- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-29059
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.... Read more
Affected Products : is-svg- EPSS Score: %2.80
- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-29057
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.... Read more
Affected Products : node-worker-threads-pool- EPSS Score: %0.05
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-29056
Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.... Read more
Affected Products : pixelimity- EPSS Score: %0.20
- Published: Aug. 17, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-29055
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.... Read more
Affected Products : school_file_management_system- EPSS Score: %0.22
- Published: Jun. 23, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-29054
Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges (remote).... Read more
Affected Products : papoo- EPSS Score: %0.25
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-29053
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) Comme... Read more
- EPSS Score: %0.38
- Published: May. 17, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to ... Read more
- EPSS Score: %0.08
- Published: May. 17, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-29050
Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and... Read more
- Published: Feb. 20, 2024
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-29047
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reu... Read more
- EPSS Score: %0.21
- Published: May. 16, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-29046
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categorie... Read more
- EPSS Score: %0.26
- Published: May. 17, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-29045
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_life... Read more
- EPSS Score: %0.28
- Published: May. 17, 2021
- Modified: Nov. 21, 2024