CVE-2021-23258 (crafter_cms)
Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which…
Devamını oku
Kategori: NIST-Güvenlik Açıkları
CVE-2021-23262 (crafter_cms)
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. Devamını Oku
CVE-2021-23263 (crafter_cms)
Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). Devamını Oku
CVE-2021-23264 (crafter_cms)
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes. Devamını Oku
CVE-2020-27414
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the…
CVE-2020-27414 (mahavitaran)
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the…
CVE-2021-26777
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.…
CVE-2021-26777 (compact_dc-s_basic_firmware)
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.…
CVE-2020-35012
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL…
CVE-2020-35037
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site…