Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29761 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265. | |||||
| CVE-2021-35506 | 1 Afian | 1 Filerun | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | |||||
| CVE-2021-39887 | 1 Gitlab | 1 Gitlab | 2021-10-08 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. | |||||
| CVE-2021-35503 | 1 Afian | 1 Filerun | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | |||||
| CVE-2021-24654 | 1 Wpeverest | 1 User Registration | 2021-10-08 | 3.5 LOW | 5.4 MEDIUM |
| The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewed | |||||
| CVE-2021-24465 | 1 Meowapps | 1 Meow Gallery | 2021-10-08 | 5.5 MEDIUM | 8.1 HIGH |
| The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized. | |||||
| CVE-2020-21012 | 1 Hotel And Lodge Booking Management System Project | 1 Hotel And Lodge Booking Management System | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. | |||||
| CVE-2021-38104 | 1 Corel | 1 Presentations 2020 | 2021-10-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | |||||
| CVE-2021-38103 | 1 Corel | 1 Presentations 2020 | 2021-10-08 | 9.3 HIGH | 7.8 HIGH |
| IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file. | |||||
| CVE-2021-38099 | 1 Corel | 1 Photopaint 2020 | 2021-10-08 | 9.3 HIGH | 7.8 HIGH |
| CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38101. | |||||
| CVE-2021-38096 | 1 Corel | 1 Pdf Fusion | 2021-10-08 | 9.3 HIGH | 7.8 HIGH |
| Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | |||||
| CVE-2021-24676 | 1 Codesolz | 1 Better Find And Replace | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24673 | 1 Dwbooster | 1 Appointment Hour Booking | 2021-10-08 | 3.5 LOW | 4.8 MEDIUM |
| The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-38822 | 1 Icehrm | 1 Icehrm | 2021-10-08 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. | |||||
| CVE-2021-23856 | 1 Bosch | 4 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L40 and 1 more | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | |||||
| CVE-2021-36850 | 1 Meowapps | 1 Media File Renamer - Auto \& Manual Rename | 2021-10-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. | |||||
| CVE-2021-35296 | 1 Ptcl | 2 Hg150-ub, Hg150-ub Firmware | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. | |||||
| CVE-2021-41861 | 1 Telegram | 1 Telegram | 2021-10-08 | 2.1 LOW | 3.3 LOW |
| The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory. | |||||
| CVE-2021-22259 | 1 Gitlab | 1 Gitlab | 2021-10-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. | |||||
| CVE-2020-28119 | 1 53kf | 1 53kf | 2021-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window. | |||||