Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... Result(s) : 171161

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
N/A 2021-09-25 CVE-2021-21742 cve There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain...
N/A 2021-09-24 CVE-2020-20508 cve Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted p...
N/A 2021-09-24 CVE-2020-20514 cve A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users.
N/A 2021-09-24 CVE-2021-22868 cve A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used b...
N/A 2021-09-24 CVE-2021-22869 cve An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affec...
N/A 2021-09-24 CVE-2021-35313 cve ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. ...
7.8 2021-09-24 CVE-2021-2464 cve Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logo...
N/A 2021-09-24 CVE-2021-39246 cve Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. If --log or --verbose is used, ex...
N/A 2021-09-24 CVE-2021-41503 cve ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command...
N/A 2021-09-24 CVE-2021-41504 cve ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices ...
N/A 2021-09-24 CVE-2016-6555 cve OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker ca...
N/A 2021-09-24 CVE-2016-6556 cve OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName'...
N/A 2021-09-24 CVE-2021-40654 cve An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
N/A 2021-09-24 CVE-2021-40655 cve An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.p...
N/A 2021-09-24 CVE-2021-40099 cve An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.
N/A 2021-09-24 CVE-2021-40100 cve An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
N/A 2021-09-24 CVE-2021-40102 cve An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup ma...
N/A 2021-09-24 CVE-2021-41586 cve In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
N/A 2021-09-24 CVE-2021-41587 cve In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.
N/A 2021-09-24 CVE-2021-41588 cve In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.
Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... Result(s) : 171161