Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19137 | 1 Autumn Project | 1 Autumn | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". | |||||
| CVE-2021-38330 | 1 Tromit | 1 Yabp | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. | |||||
| CVE-2021-38329 | 1 Dj Emailpublish Project | 1 Dj Emailpublish | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. | |||||
| CVE-2021-38326 | 1 Wpleet | 1 Post Title Counter | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | |||||
| CVE-2021-38328 | 1 Notices Project | 1 Notices | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. | |||||
| CVE-2021-38327 | 1 Ueberhamm-design | 1 Youtube Video Inserter | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. | |||||
| CVE-2021-38334 | 1 Amazingweb | 1 Wp-design-maps-places | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Design Maps & Places WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the filename parameter found in the ~/wpdmp-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-38337 | 1 Carrcommunications | 1 Rsvpmaker Excel | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | |||||
| CVE-2021-38336 | 1 Sw-guide | 1 Edit Comments Xt | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-38335 | 1 Wiseagent | 1 Wise Agent Capture Forms | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2020-19138 | 1 Dotcms | 1 Dotcms | 2021-09-15 | 10.0 HIGH | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". | |||||
| CVE-2021-38333 | 1 Wp Scrippets Project | 1 Wp Scrippets | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. | |||||
| CVE-2021-1840 | 1 Apple | 2 Mac Os X, Macos | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-30605 | 2 Google, Microsoft | 4 Chrome Os Readiness Tool, Windows 10, Windows 7 and 1 more | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. | |||||
| CVE-2021-36440 | 1 Showdoc | 1 Showdoc | 2021-09-15 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. | |||||
| CVE-2021-1839 | 1 Apple | 2 Mac Os X, Macos | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-1834 | 1 Apple | 2 Mac Os X, Macos | 2021-09-15 | 10.0 HIGH | 9.8 CRITICAL |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-38352 | 1 Feedify | 1 Web Push Notifications | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. | |||||
| CVE-2021-1837 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-15 | 4.3 MEDIUM | 5.3 MEDIUM |
| A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. | |||||
| CVE-2021-1835 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-15 | 2.1 LOW | 4.6 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen. | |||||