CVE-2021-34800 (agent)
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147 Devamını Oku
Devamını oku
CVE-2021-42358
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. Devamını Oku
CVE-2021-42364
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. Devamını Oku
CVE-2021-42365
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites…
CVE-2021-3802
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. Devamını Oku
CVE-2021-39995
Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. Devamını Oku
CVE-2021-43691
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability. Devamını Oku
CVE-2021-43692 (youtube-php-mirroring)
An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. Devamını Oku
CVE-2021-43693
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. Devamını Oku
CVE-2021-43695 (pbx)
An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. Devamını Oku
CVE-2021-24918
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages. Devamını Oku
CVE-2021-24927
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue Devamını Oku