Newest CVEs

IDDescriptionSeverity
CVE-2021-26794Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.
No Score
CVE-2021-22276The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the [email protected] System Access Point.
No Score
CVE-2021-20563IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.
No Score
CVE-2021-20485IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.
No Score
CVE-2021-20484IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666.
No Score
CVE-2021-20435IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.
No Score
CVE-2021-20434IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.
No Score
CVE-2021-20377IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.
No Score
CVE-2020-4941IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.
No Score
CVE-2020-4809IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.
No Score
CVE-2020-4805IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.
No Score
CVE-2020-4803IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.
No Score
CVE-2020-4690IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.
No Score
CVE-2021-41428Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components.
No Score
CVE-2021-41381Payara Micro Community 5.2021.6 and below allows Directory Traversal.
No Score
CVE-2021-3824OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
No Score
CVE-2021-36872Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].
No Score
CVE-2021-26750DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.
No Score
CVE-2021-21913An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.
No Score
CVE-2021-32999Improper handling of exceptional conditions in SuiteLink server while processing command 0x01
No Score
CVE-2021-32987Null pointer dereference in SuiteLink server while processing command 0x0b
No Score
CVE-2021-32979Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a
No Score
CVE-2021-32971Null pointer dereference in SuiteLink server while processing command 0x07
No Score
CVE-2021-32963Null pointer dereference in SuiteLink server while processing commands 0x03/0x10
No Score
CVE-2021-32959Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
No Score
CVE-2021-22953A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"
No Score
CVE-2021-22952A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later.
No Score
CVE-2021-22950Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"
No Score
CVE-2021-22949A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"
No Score
CVE-2021-22948Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
No Score
CVE-2021-22945When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
No Score
CVE-2021-22941Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
No Score
CVE-2021-22020The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
No Score
CVE-2021-22019The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
No Score
CVE-2021-22018The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
No Score
CVE-2021-22017Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
No Score
CVE-2021-22016The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
No Score
CVE-2021-22015The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
No Score
CVE-2021-22014The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
No Score
CVE-2021-22013The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
No Score
CVE-2021-22012The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
No Score
CVE-2021-22011vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
No Score
CVE-2021-22010The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.
No Score
CVE-2021-22009The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
No Score
CVE-2021-22008The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
No Score
CVE-2021-22007The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
No Score
CVE-2021-22006The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
No Score
CVE-2021-22005The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
No Score
CVE-2021-21993The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
No Score
CVE-2021-33035Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10
No Score