Latest CVE Feed
-
9.8
CRITICALCVE-2021-25900
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.... Read more
Affected Products : smallvec- EPSS Score: %0.55
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25899
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.... Read more
Affected Products : aurall_rec_monitor- EPSS Score: %85.35
- Published: Apr. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25898
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon aut... Read more
- EPSS Score: %0.14
- Published: Apr. 23, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25894
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.... Read more
Affected Products : magnolia_cms- EPSS Score: %0.40
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-25893
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.... Read more
Affected Products : magnolia_cms- EPSS Score: %0.38
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25878
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.... Read more
Affected Products : youphptube- EPSS Score: %0.44
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-25877
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.... Read more
Affected Products : youphptube- EPSS Score: %1.20
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25876
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.... Read more
Affected Products : youphptube- EPSS Score: %0.44
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-25875
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.... Read more
Affected Products : youphptube- EPSS Score: %0.44
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25874
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.... Read more
Affected Products : youphptube- EPSS Score: %1.12
- Published: Nov. 01, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.... Read more
- EPSS Score: %88.45
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-25863
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.... Read more
Affected Products : open5gs- EPSS Score: %0.11
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-25857
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.... Read more
Affected Products : supermicro-cms- EPSS Score: %0.08
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-25856
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.... Read more
Affected Products : supermicro-cms- EPSS Score: %0.04
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-25849
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.32
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-25848
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available len... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.38
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-25847
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.38
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-25846
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.32
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-25845
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.... Read more
Affected Products : vport_06ec-2v26m_firmware vport_06ec-2v36m-t_firmware vport_06ec-2v36m-ct_firmware vport_06ec-2v36m-ct-t_firmware vport_06ec-2v42m_firmware vport_06ec-2v42m-t_firmware vport_06ec-2v42m-ct_firmware vport_06ec-2v42m-ct-t_firmware vport_06ec-2v60m_firmware vport_06ec-2v60m-t_firmware +22 more products- EPSS Score: %0.41
- Published: May. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25839
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.... Read more
Affected Products : minthcm- EPSS Score: %0.40
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024