CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2021-26996 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks.
252 CVE-2021-26995 Exec Code 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code.
253 CVE-2021-26993 DoS 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server.
254 CVE-2021-26909 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
255 CVE-2021-26908 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
256 CVE-2021-26845 2021-06-14 2021-06-15
0.0
None ??? ??? ??? ??? ??? ???
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3.
257 CVE-2021-26829 XSS 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
258 CVE-2021-26828 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
259 CVE-2021-26797 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.
260 CVE-2021-26691 Overflow 2021-06-10 2021-06-10
0.0
None ??? ??? ??? ??? ??? ???
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
261 CVE-2021-26690 DoS 2021-06-10 2021-06-10
0.0
None ??? ??? ??? ??? ??? ???
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
262 CVE-2021-25949 DoS Exec Code 2021-06-10 2021-06-10
0.0
None ??? ??? ??? ??? ??? ???
Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
263 CVE-2021-25948 DoS Exec Code 2021-06-10 2021-06-10
0.0
None ??? ??? ??? ??? ??? ???
Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
264 CVE-2021-25927 DoS Exec Code 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
265 CVE-2021-25899 Sql 2021-04-23 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
266 CVE-2021-25898 2021-04-23 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
267 CVE-2021-25839 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
268 CVE-2021-25812 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.
269 CVE-2021-25811 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
270 CVE-2021-25810 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
271 CVE-2021-25684 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
272 CVE-2021-25683 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
273 CVE-2021-25682 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
274 CVE-2021-25419 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.
275 CVE-2021-25405 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.
276 CVE-2021-25404 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
277 CVE-2021-25403 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
278 CVE-2021-25402 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
279 CVE-2021-25401 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.
280 CVE-2021-25400 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
281 CVE-2021-25399 2021-06-11 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.
282 CVE-2021-25322 61 2021-06-10 2021-06-10
0.0
None ??? ??? ??? ??? ??? ???
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
283 CVE-2021-25165 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
284 CVE-2021-25164 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
285 CVE-2021-25154 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
286 CVE-2021-25153 Sql 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
287 CVE-2021-25151 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
288 CVE-2021-25147 Bypass 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
289 CVE-2021-24382 XSS 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.
290 CVE-2021-24359 284 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover.
291 CVE-2021-24358 601 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
292 CVE-2021-24357 79 XSS 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue.
293 CVE-2021-24356 284 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
294 CVE-2021-24355 284 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.
295 CVE-2021-24354 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
296 CVE-2021-24353 284 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.
297 CVE-2021-24352 284 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.
298 CVE-2021-24351 79 XSS 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
299 CVE-2021-24349 79 XSS CSRF 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.
300 CVE-2021-24348 89 Sql 2021-06-14 2021-06-14
0.0
None ??? ??? ??? ??? ??? ???
The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
Total number of vulnerabilities : 799   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.