VYPR

CVEs

31,782 total · page 368 of 636

  • CVE-2021-43834CriDec 16, 2021
    risk 0.59cvss 9.1epss 0.01

    eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It…

  • CVE-2021-44350CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.

  • CVE-2021-4119CriDec 15, 2021
    risk 0.59cvss 9.8epss 0.27

    bookstack is vulnerable to Improper Access Control

  • CVE-2021-27856CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.06

    FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this…

  • CVE-2021-39655CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.00

    Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A

  • CVE-2021-39645CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.01

    Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A

  • CVE-2021-39644CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.00

    Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A

  • CVE-2021-39641CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.00

    Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A

  • CVE-2021-36888CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.07

    Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.

  • CVE-2021-0956CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.01

    In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for…

  • CVE-2021-0889CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.02

    In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…

  • CVE-2021-42216CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.01

    A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.

  • CVE-2021-44655CriDec 15, 2021
    risk 0.67cvss 9.8epss 0.06

    Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.

  • CVE-2021-44653CriDec 15, 2021
    risk 0.67cvss 9.8epss 0.06

    Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.

  • CVE-2021-43907CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.04

    Visual Studio Code WSL Extension Remote Code Execution Vulnerability

  • CVE-2021-43905CriDec 15, 2021
    risk 0.63cvss 9.6epss 0.03

    Microsoft Office app Remote Code Execution Vulnerability

  • CVE-2021-43899CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.02

    Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

  • CVE-2021-43882CriDec 15, 2021
    risk 0.59cvss 9.0epss 0.02

    Microsoft Defender for IoT Remote Code Execution Vulnerability

  • CVE-2021-43215CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.03

    iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution

  • CVE-2021-42313CriDec 15, 2021
    risk 0.65cvss 10.0epss 0.04

    Microsoft Defender for IoT Remote Code Execution Vulnerability

  • CVE-2021-42311CriDec 15, 2021
    risk 0.65cvss 10.0epss 0.04

    Microsoft Defender for IoT Remote Code Execution Vulnerability

  • CVE-2021-43113CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.05

    iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

  • CVE-2021-42945CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.01

    A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.

  • CVE-2021-41560CriDec 15, 2021
    risk 0.01cvss 9.8epss 0.11

    OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.

  • CVE-2021-41844CriDec 15, 2021
    risk 0.64cvss 9.8epss 0.01

    Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.

  • CVE-2021-43821CriDec 14, 2021
    risk 0.58cvss 9.9epss 0.02

    Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available…

  • CVE-2021-45046CriKEVDec 14, 2021
    risk 0.87cvss 9.0epss 1.00

    It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout…

  • CVE-2021-40883CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.03

    A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.

  • CVE-2021-44042CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when…

  • CVE-2021-44041CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.02

    UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a…

  • CVE-2021-4073CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.07

    The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the…

  • CVE-2021-44231CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.01

    Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

  • CVE-2021-42064CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.01

    If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The…

  • CVE-2021-44949CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.01

    glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.

  • CVE-2021-45015CriDec 14, 2021
    risk 0.59cvss 9.1epss 0.01

    taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.

  • CVE-2021-45014CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.01

    There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26

  • CVE-2021-44538CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.02

    The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can…

  • CVE-2021-44935CriDec 14, 2021
    risk 0.59cvss 9.1epss 0.01

    glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.

  • CVE-2021-44524CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications…

  • CVE-2021-44523CriDec 14, 2021
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications…

  • CVE-2021-24045CriDec 13, 2021
    risk 0.00cvss 9.8epss 0.01

    A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications…

  • CVE-2021-39063CriDec 13, 2021
    risk 0.59cvss 9.1epss 0.01

    IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.

  • CVE-2021-32024CriDec 13, 2021
    risk 0.64cvss 9.8epss 0.02

    A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

  • CVE-2021-39065CriDec 13, 2021
    risk 0.64cvss 9.8epss 0.02

    IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote…

  • CVE-2021-39052CriDec 13, 2021
    risk 0.64cvss 9.8epss 0.01

    IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.

  • CVE-2021-22279CriDec 13, 2021
    risk 0.64cvss 9.8epss 0.01

    A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.

  • CVE-2021-44966CriDec 13, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.

  • CVE-2021-43117CriDec 13, 2021
    risk 0.64cvss 9.8epss 0.02

    fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.

  • CVE-2021-24951CriDec 13, 2021
    risk 0.64cvss 9.8epss 0.02

    The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues

  • CVE-2021-24946CriDec 13, 2021
    risk 0.73cvss 9.8epss 0.73

    The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue