Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24697 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2021-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-24710 | 1 Print-o-matic Project | 1 Print-o-matic | 2021-11-10 | 3.5 LOW | 4.8 MEDIUM |
| The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2020-10052 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks. | |||||
| CVE-2020-10053 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. | |||||
| CVE-2020-10054 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service. | |||||
| CVE-2021-24474 | 1 Awesome Weather Widget Project | 1 Awesome Weather Widget | 2021-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability. | |||||
| CVE-2021-41373 | 1 Microsoft | 1 Fslogix | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| FSLogix Information Disclosure Vulnerability | |||||
| CVE-2021-41371 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-10 | 2.1 LOW | 4.4 MEDIUM |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38631. | |||||
| CVE-2021-41376 | 1 Microsoft | 1 Azure Sphere | 2021-11-10 | 2.1 LOW | 4.4 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41375. | |||||
| CVE-2021-41375 | 1 Microsoft | 1 Azure Sphere | 2021-11-10 | 2.1 LOW | 4.4 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41376. | |||||
| CVE-2021-24721 | 1 Loco Translate Project | 1 Loco Translate | 2021-11-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations. | |||||
| CVE-2021-24693 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2021-11-10 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin | |||||
| CVE-2021-24628 | 1 Wow-company | 1 Wow Forms | 2021-11-10 | 6.5 MEDIUM | 7.2 HIGH |
| The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection | |||||
| CVE-2021-24647 | 1 Genetechsolutions | 1 Pie Register | 2021-11-10 | 6.8 MEDIUM | 8.1 HIGH |
| The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username | |||||
| CVE-2021-41374 | 1 Microsoft | 1 Azure Sphere | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41375, CVE-2021-41376. | |||||
| CVE-2021-24627 | 1 G Auto-hyperlink Project | 1 G Auto-hyperlink | 2021-11-10 | 6.5 MEDIUM | 7.2 HIGH |
| The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection | |||||
| CVE-2021-24706 | 1 Qwizcards Project | 1 Qwizcards | 2021-11-10 | 3.5 LOW | 4.8 MEDIUM |
| The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24701 | 1 Quiz Tool Lite Project | 1 Quiz Tool Lite | 2021-11-10 | 3.5 LOW | 4.8 MEDIUM |
| The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24607 | 1 Wooassist | 1 Storefront Footer Text | 2021-11-10 | 3.5 LOW | 4.8 MEDIUM |
| The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed. | |||||
| CVE-2021-35489 | 1 Thruk | 1 Thruk | 2021-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it. | |||||