Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12498 | 1 3cx | 1 Live Chat | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | |||||
| CVE-2018-18886 | 1 Helpy.io | 1 Helpy | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Helpy v2.1.0 has Stored XSS via the Ticket title. | |||||
| CVE-2020-13129 | 1 Heinekingmedia | 1 Stashcat | 2021-08-12 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs. | |||||
| CVE-2021-34371 | 1 Neo4j | 1 Neo4j | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains. | |||||
| CVE-2021-34631 | 1 Ipdgroup | 1 Newsplugin | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18. | |||||
| CVE-2021-34633 | 1 Youtube Feeder Project | 1 Youtube Feeder | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Request Forgery via the printAdminPage function found in the ~/youtube-feeder.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.1. | |||||
| CVE-2021-34634 | 1 Sola-newsletters Project | 1 Sola-newsletters | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.23. | |||||
| CVE-2021-34638 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2021-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | |||||
| CVE-2021-34639 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | |||||
| CVE-2020-22330 | 1 Intelliants | 1 Subrion | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. | |||||
| CVE-2021-25443 | 1 Google | 1 Android | 2021-08-12 | 4.6 MEDIUM | 5.3 MEDIUM |
| A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. | |||||
| CVE-2018-0764 | 1 Microsoft | 10 .net Core, .net Framework, Powershell Core and 7 more | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. | |||||
| CVE-2018-0786 | 1 Microsoft | 10 .net Core, .net Framework, Powershell Core and 7 more | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | |||||
| CVE-2018-0875 | 1 Microsoft | 2 Asp.net Core, Powershell Core | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". | |||||
| CVE-2021-29973 | 1 Mozilla | 1 Firefox | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-29971 | 1 Mozilla | 1 Firefox | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. | |||||
| CVE-2015-9266 | 2 Ubnt, Ui | 23 Airos 4 Xs2, Airos 4 Xs5, Edgeswitch Xp Firmware and 20 more | 2021-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. | |||||
| CVE-2017-8895 | 1 Veritas | 1 Backup Exec | 2021-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on. | |||||
| CVE-2021-23849 | 1 Bosch | 14 Aviotec, Aviotec Firmware, Cpp13 and 11 more | 2021-08-12 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. | |||||
| CVE-2021-32812 | 1 Tekmonks | 1 Monkshu | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a known bug in the server which will cause a 500 error, and the response will then embed the URL provided by the hacker. The impact is moderate as the hacker must also be able to craft an HTTP request which should cause a 500 server error. None such requests are known as this point. The issue is patched in version 2.95. As a workaround, one may use a disk caching plugin. | |||||