Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30483 | 1 Isomorphic-git | 1 Isomorphic-git | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. | |||||
| CVE-2020-18158 | 1 Hucart | 1 Hucart | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. | |||||
| CVE-2020-21809 | 1 Nukeviet | 1 Nukeviet | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. | |||||
| CVE-2020-21854 | 1 Tidesec | 1 Wdscanner | 2021-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page. | |||||
| CVE-2020-15948 | 1 Egain | 1 Chat | 2021-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. | |||||
| CVE-2020-20700 | 1 S-cms | 1 S-cms | 2021-08-03 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. | |||||
| CVE-2020-21808 | 1 Nukeviet | 1 Nukeviet | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. | |||||
| CVE-2020-18157 | 1 Metinfo | 1 Metinfo | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. | |||||
| CVE-2020-18175 | 1 Metinfo | 1 Metinfo | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. | |||||
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | |||||
| CVE-2020-19118 | 1 Yzmcms | 1 Yzmcms | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | |||||
| CVE-2020-21806 | 1 Ectouch | 1 Ectouch | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.. | |||||
| CVE-2020-20701 | 1 S-cms | 1 S-cms | 2021-08-03 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2020-17952 | 1 Twothink Project | 1 Twothink | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code. | |||||
| CVE-2020-18428 | 1 Tinyexr Project | 1 Tinyexr | 2021-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). | |||||
| CVE-2021-37478 | 1 Naviwebs | 1 Navigatecms | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. | |||||
| CVE-2021-37534 | 1 Misp | 1 Misp | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | |||||
| CVE-2021-25809 | 1 Ucms Project | 1 Ucms | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. | |||||
| CVE-2015-2098 | 1 Webgateinc | 1 Edvr Manager | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control. | |||||
| CVE-2015-2099 | 1 Webgateinc | 1 Control Center | 2021-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control. | |||||