Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36982 | 1 Monitorapp | 2 Application Insight Manager, Application Insight Web Application Firewall | 2021-08-24 | 9.3 HIGH | 8.1 HIGH |
| AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request. | |||||
| CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | |||||
| CVE-2020-36474 | 1 Safecurl Project | 1 Safecurl | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| SafeCurl before 0.9.2 has a DNS rebinding vulnerability. | |||||
| CVE-2021-36958 | 1 Microsoft | 1 Windows | 2021-08-24 | 9.3 HIGH | 7.8 HIGH |
| Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947. | |||||
| CVE-2020-25353 | 1 Rconfig | 1 Rconfig | 2021-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. | |||||
| CVE-2020-18746 | 1 Aitecms | 1 Aitecms | 2021-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php". | |||||
| CVE-2021-29313 | 1 Seacms | 1 Seacms | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, | |||||
| CVE-2020-27466 | 1 Rconfig | 1 Rconfig | 2021-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2021-37711 | 1 Shopware | 1 Shopware | 2021-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | |||||
| CVE-2021-34656 | 1 Videowhisper | 1 2way Videocalls And Random Chat | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | |||||
| CVE-2021-0519 | 1 Google | 1 Android | 2021-08-24 | 7.2 HIGH | 7.8 HIGH |
| In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-176533109 | |||||
| CVE-2021-34653 | 1 Wp Fountain Project | 1 Wp Fountain | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. | |||||
| CVE-2021-34654 | 1 Custom Post Type Relations Project | 1 Custom Post Type Relations | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-39283 | 1 Live555 | 1 Live555 | 2021-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. | |||||
| CVE-2021-34655 | 1 Wp Songbook Project | 1 Wp Songbook | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11. | |||||
| CVE-2021-34663 | 1 Arvtard | 1 Jquery Tagline Rotator | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5. | |||||
| CVE-2021-34664 | 1 Moova | 1 Moova For Woocommerce | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5. | |||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2021-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | |||||
| CVE-2021-38710 | 1 Yclas | 1 Yclas | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter. | |||||
| CVE-2020-28146 | 1 Eyoucms | 1 Eyoucms | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | |||||