Latest CVE Feed
-
7.8
HIGHCVE-2021-28440
Windows Installer Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %0.44
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28439
Windows TCP/IP Driver Denial of Service Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %17.80
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28438
Windows Console Driver Denial of Service Vulnerability... Read more
- EPSS Score: %0.84
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28437
Windows Installer Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %0.45
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28436
Windows Speech Runtime Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_1507 windows_10_1803 windows_10_1909 windows_server_20h2 +2 more products- EPSS Score: %0.51
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28435
Windows Event Tracing Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_8.1 windows_rt_8.1 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_1507 +6 more products- EPSS Score: %0.54
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28434
Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %12.16
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-28429
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.... Read more
Affected Products : ffmpeg- EPSS Score: %0.02
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28428
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; ... Read more
Affected Products : horizontcms- EPSS Score: %0.41
- Published: Apr. 05, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28427
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.... Read more
Affected Products : xnview- EPSS Score: %0.05
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-28424
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.... Read more
Affected Products : teachers_record_management_system- EPSS Score: %0.41
- Published: Jul. 01, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-28420
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.... Read more
Affected Products : seo_panel- EPSS Score: %0.21
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-28419
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.... Read more
Affected Products : seo_panel- EPSS Score: %9.23
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-28418
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.... Read more
Affected Products : seo_panel- EPSS Score: %0.21
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-28417
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.... Read more
Affected Products : seo_panel- EPSS Score: %0.21
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28411
An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.... Read more
Affected Products : ruoyi- EPSS Score: %0.31
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-28399
OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.... Read more
Affected Products : orangehrm- EPSS Score: %0.71
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-28398
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perf... Read more
Affected Products : geonetwork- EPSS Score: %0.34
- Published: Sep. 05, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-28382
Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.... Read more
Affected Products : manageengine_key_manager_plus- EPSS Score: %19.52
- Published: Jun. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28381
The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.... Read more
Affected Products : vhs- EPSS Score: %0.37
- Published: Mar. 16, 2021
- Modified: Nov. 21, 2024