Latest CVE Feed
-
6.1
MEDIUMCVE-2021-25876
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.... Read more
Affected Products : youphptube- EPSS Score: %0.44
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25875
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.... Read more
Affected Products : youphptube- EPSS Score: %0.44
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25874
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.... Read more
Affected Products : youphptube- EPSS Score: %1.12
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.... Read more
- EPSS Score: %88.45
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.... Read more
Affected Products : open5gs- EPSS Score: %0.11
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-25857
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.... Read more
Affected Products : supermicro-cms- EPSS Score: %0.08
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-25856
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.... Read more
Affected Products : supermicro-cms- EPSS Score: %0.04
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-25849
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.32
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-25848
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available len... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.38
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-25847
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.38
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-25846
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.32
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25845
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.41
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25839
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.... Read more
Affected Products : minthcm- EPSS Score: %0.40
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25838
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.... Read more
Affected Products : minthcm- EPSS Score: %0.32
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25837
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserv... Read more
Affected Products : ethermint- EPSS Score: %0.39
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25836
Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, wh... Read more
Affected Products : ethermint- EPSS Score: %0.24
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25835
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still... Read more
Affected Products : ethermint- EPSS Score: %0.18
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25834
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.... Read more
Affected Products : ethermint- EPSS Score: %0.20
- Published: Feb. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25833
A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a re... Read more
Affected Products : document_server- EPSS Score: %7.62
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25832
A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.... Read more
Affected Products : document_server- EPSS Score: %8.29
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024