Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37400 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | |||||
| CVE-2021-37401 | 1 Idec | 15 Data File Manager, Ft1a Smartaxix Lite, Ft1a Smartaxix Lite Firmware and 12 more | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. | |||||
| CVE-2021-45814 | 1 Nettemp | 1 Nnt | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. | |||||
| CVE-2021-46072 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-07 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. | |||||
| CVE-2021-45612 | 1 Netgear | 78 Cbr40, Cbr40 Firmware, Cbr750 and 75 more | 2022-01-07 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. | |||||
| CVE-2021-46070 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-07 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel. | |||||
| CVE-2021-46069 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-07 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. | |||||
| CVE-2021-46068 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-07 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel. | |||||
| CVE-2021-45745 | 1 Bludit | 1 Bludit | 2022-01-07 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | |||||
| CVE-2021-45744 | 1 Bludit | 1 Bludit | 2022-01-07 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | |||||
| CVE-2021-45613 | 1 Netgear | 52 Cbr40, Cbr40 Firmware, Cbr750 and 49 more | 2022-01-07 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58. | |||||
| CVE-2021-45620 | 1 Netgear | 84 Cbr40, Cbr40 Firmware, Cbr750 and 81 more | 2022-01-07 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68. | |||||
| CVE-2021-45884 | 4 Apple, Brave, Linux and 1 more | 4 Macos, Brave, Linux Kernel and 1 more | 2022-01-07 | 4.3 MEDIUM | 7.5 HIGH |
| In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. | |||||
| CVE-2021-45616 | 1 Netgear | 64 Cbr750, Cbr750 Firmware, Lax20 and 61 more | 2022-01-07 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58. | |||||
| CVE-2021-24828 | 1 Mlcalc | 1 Mortgage Calculator\/loan Calculator | 2022-01-07 | 3.5 LOW | 5.4 MEDIUM |
| The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | |||||
| CVE-2021-24680 | 1 Wptravelengine | 1 Wp Travel Engine | 2022-01-07 | 3.5 LOW | 5.4 MEDIUM |
| The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-45917 | 1 Sun Moon Jingyao | 2 Network Computer Terminal Protection System, Network Computer Terminal Protection System Firmware | 2022-01-07 | 7.7 HIGH | 9.0 CRITICAL |
| The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service. | |||||
| CVE-2021-44896 | 1 Dmproadmap Project | 1 Dmproadmap | 2022-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| DMP Roadmap before 3.0.4 allows XSS. | |||||
| CVE-2021-45534 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2022-01-07 | 6.5 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. | |||||
| CVE-2021-45609 | 1 Netgear | 20 D8500, D8500 Firmware, R6250 and 17 more | 2022-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300 before 1.0.3.68, R7000P before 1.3.2.132, and R6900P before 1.3.2.132. | |||||