Total
23791 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24142 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services | |||||
| CVE-2021-25952 | 1 Just-safe-set Project | 1 Just-safe-set | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-35029 | 1 Zyxel | 74 Usg100, Usg1000, Usg1000 Firmware and 71 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. | |||||
| CVE-2021-21564 | 1 Dell | 1 Openmanage Enterprise | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | |||||
| CVE-2021-38197 | 1 Go-unarr Project | 1 Go-unarr | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive. | |||||
| CVE-2021-32608 | 1 Smartstore | 1 Smartstore | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. | |||||
| CVE-2020-18172 | 1 Trezor | 1 Bridge | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. | |||||
| CVE-2021-28890 | 1 J2eefast | 1 J2eefast | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements. | |||||
| CVE-2021-20711 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-28123 | 1 Cohesity | 1 Cohesity Dataplatform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. | |||||
| CVE-2021-24028 | 1 Facebook | 1 Thrift | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | |||||
| CVE-2021-0430 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766 | |||||
| CVE-2021-32075 | 1 Re-logic | 1 Terraria | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. | |||||
| CVE-2018-10866 | 1 Redhat | 1 Certification | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. | |||||
| CVE-2020-7864 | 1 Dext5 | 1 Dext5 Editor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. | |||||
| CVE-2021-26714 | 1 Mitel | 1 Micontact Center Enterprise | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal. | |||||
| CVE-2021-23396 | 1 Lutils Project | 1 Lutils | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function. | |||||
| CVE-2021-35458 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. | |||||
| CVE-2021-27274 | 1 Netgear | 1 Prosafe Network Management System | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124. | |||||
| CVE-2021-31579 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | |||||