| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22003 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2021 | VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy… | ||
| CVE-2021-22029 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2021 | VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting. | ||
| CVE-2021-39180 | Hig | 0.00 | 8.1 | 0.02 | Aug 31, 2021 | OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the… | ||
| CVE-2021-39176 | Hig | 0.42 | 7.5 | 0.02 | Aug 31, 2021 | detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1. | ||
| CVE-2021-36232 | Hig | 0.57 | 8.8 | 0.01 | Aug 31, 2021 | Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. | ||
| CVE-2021-36231 | Hig | 0.57 | 8.8 | 0.03 | Aug 31, 2021 | Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. | ||
| CVE-2021-39135 | Hig | 0.53 | 8.2 | 0.01 | Aug 31, 2021 | `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed… | ||
| CVE-2021-39134 | Hig | 0.53 | 8.2 | 0.01 | Aug 31, 2021 | `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed… | ||
| CVE-2021-37713 | — | Hig | 0.46 | 8.2 | 0.01 | Aug 31, 2021 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not… | |
| CVE-2021-37712 | — | Hig | 0.46 | 8.2 | 0.02 | Aug 31, 2021 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This… | |
| CVE-2021-37701 | — | Hig | 0.54 | 8.2 | 0.03 | Aug 31, 2021 | The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This… | |
| CVE-2021-35212 | Hig | 0.58 | 8.9 | 0.02 | Aug 31, 2021 | An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user. | ||
| CVE-2021-22944 | Hig | 0.52 | 8.0 | 0.00 | Aug 31, 2021 | A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0… | ||
| CVE-2021-22684 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2021 | Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash | ||
| CVE-2021-35239 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2021 | A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | ||
| CVE-2021-35223 | Hig | 0.55 | 8.5 | 0.03 | Aug 31, 2021 | The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution. | ||
| CVE-2021-35213 | Hig | 0.58 | 8.9 | 0.03 | Aug 31, 2021 | An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the… | ||
| CVE-2021-29907 | Hig | 0.57 | 8.8 | 0.01 | Aug 31, 2021 | IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. | ||
| CVE-2021-21680 | Hig | 0.39 | 7.1 | 0.01 | Aug 31, 2021 | Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. | ||
| CVE-2021-21679 | Hig | 0.50 | 8.8 | 0.01 | Aug 31, 2021 | Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||
| CVE-2021-21678 | Hig | 0.50 | 8.8 | 0.01 | Aug 31, 2021 | Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||
| CVE-2021-21677 | Hig | 0.50 | 8.8 | 0.02 | Aug 31, 2021 | Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. | ||
| CVE-2020-19047 | Hig | 0.57 | 8.8 | 0.01 | Aug 31, 2021 | Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'. | ||
| CVE-2021-35222 | Hig | 0.52 | 8.0 | 0.03 | Aug 31, 2021 | This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | ||
| CVE-2021-39316 | Hig | 0.57 | 7.5 | 0.67 | Aug 31, 2021 | The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. | ||
| CVE-2021-35220 | Hig | 0.53 | 8.1 | 0.02 | Aug 31, 2021 | Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | ||
| CVE-2021-3749 | Hig | 0.42 | 7.5 | 0.09 | Aug 31, 2021 | axios is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-34581 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2021 | Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. | ||
| CVE-2021-34561 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying… | ||
| CVE-2021-33555 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2021 | In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | ||
| CVE-2021-40330 | Hig | 0.00 | 7.5 | 0.03 | Aug 31, 2021 | git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. | ||
| CVE-2021-36981 | Hig | 0.58 | 8.8 | 0.06 | Aug 31, 2021 | In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. | ||
| CVE-2021-27556 | Hig | 0.47 | 7.2 | 0.04 | Aug 31, 2021 | The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. | ||
| CVE-2021-39178 | Hig | 0.42 | 7.5 | 0.01 | Aug 31, 2021 | Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned… | ||
| CVE-2021-39177 | Hig | 0.41 | 7.4 | 0.01 | Aug 30, 2021 | Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT… | ||
| CVE-2021-39175 | Hig | 0.00 | 8.1 | 0.01 | Aug 30, 2021 | HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the… | ||
| CVE-2021-32831 | Hig | 0.42 | 7.5 | 0.01 | Aug 30, 2021 | Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to… | ||
| CVE-2021-39133 | Hig | 0.40 | 7.2 | 0.00 | Aug 30, 2021 | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run… | ||
| CVE-2021-39132 | Hig | 0.50 | 8.8 | 0.01 | Aug 30, 2021 | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted… | ||
| CVE-2021-36691 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service. | ||
| CVE-2021-35062 | Hig | 0.53 | 8.1 | 0.01 | Aug 30, 2021 | A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server. | ||
| CVE-2021-38342 | Hig | 0.53 | 8.1 | 0.00 | Aug 30, 2021 | The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their… | ||
| CVE-2021-36370 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2021 | An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. | ||
| CVE-2021-29630 | Hig | 0.53 | 8.1 | 0.02 | Aug 30, 2021 | In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized… | ||
| CVE-2021-33019 | Hig | 0.51 | 7.8 | 0.02 | Aug 30, 2021 | A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||
| CVE-2021-33007 | Hig | 0.51 | 7.8 | 0.01 | Aug 30, 2021 | A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. | ||
| CVE-2021-29631 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2021 | In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O… | ||
| CVE-2021-27663 | Hig | 0.53 | 8.2 | 0.02 | Aug 30, 2021 | A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. | ||
| CVE-2021-27020 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2021 | Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | ||
| CVE-2021-27018 | Hig | 0.49 | 7.5 | 0.01 | Aug 30, 2021 | The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the… |
- risk 0.49cvss 7.5epss 0.01
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy…
- risk 0.49cvss 7.5epss 0.01
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.
- risk 0.00cvss 8.1epss 0.02
OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the…
- risk 0.42cvss 7.5epss 0.02
detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.
- risk 0.57cvss 8.8epss 0.01
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.
- risk 0.57cvss 8.8epss 0.03
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
- risk 0.53cvss 8.2epss 0.01
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed…
- risk 0.53cvss 8.2epss 0.01
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed…
- risk 0.46cvss 8.2epss 0.01
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not…
- risk 0.46cvss 8.2epss 0.02
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…
- risk 0.54cvss 8.2epss 0.03
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This…
- risk 0.58cvss 8.9epss 0.02
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
- risk 0.52cvss 8.0epss 0.00
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0…
- risk 0.49cvss 7.5epss 0.01
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash
- risk 0.49cvss 7.5epss 0.01
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
- risk 0.55cvss 8.5epss 0.03
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
- risk 0.58cvss 8.9epss 0.03
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the…
- risk 0.57cvss 8.8epss 0.01
IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.
- risk 0.39cvss 7.1epss 0.01
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
- risk 0.50cvss 8.8epss 0.01
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
- risk 0.50cvss 8.8epss 0.01
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
- risk 0.50cvss 8.8epss 0.02
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'.
- risk 0.52cvss 8.0epss 0.03
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
- risk 0.57cvss 7.5epss 0.67
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
- risk 0.53cvss 8.1epss 0.02
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
- risk 0.42cvss 7.5epss 0.09
axios is vulnerable to Inefficient Regular Expression Complexity
- risk 0.49cvss 7.5epss 0.01
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
- risk 0.49cvss 7.5epss 0.01
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying…
- risk 0.49cvss 7.5epss 0.01
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
- risk 0.00cvss 7.5epss 0.03
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
- risk 0.58cvss 8.8epss 0.06
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.
- risk 0.47cvss 7.2epss 0.04
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
- risk 0.42cvss 7.5epss 0.01
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned…
- risk 0.41cvss 7.4epss 0.01
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT…
- risk 0.00cvss 8.1epss 0.01
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the…
- risk 0.42cvss 7.5epss 0.01
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to…
- risk 0.40cvss 7.2epss 0.00
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is potentially vulnerable to a CSRF attack that could cause the server to run…
- risk 0.50cvss 8.8epss 0.01
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted…
- risk 0.49cvss 7.5epss 0.01
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.
- risk 0.53cvss 8.1epss 0.01
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server.
- risk 0.53cvss 8.1epss 0.00
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
- risk 0.53cvss 8.1epss 0.02
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized…
- risk 0.51cvss 7.8epss 0.02
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O…
- risk 0.53cvss 8.2epss 0.02
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
- risk 0.57cvss 8.8epss 0.01
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.
- risk 0.49cvss 7.5epss 0.01
The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the…