| Page(s) : 1 ... 781 782 783 784 785 786 787 788 789 790 [791] 792 793 794 795 796 797 798 799 800 801 ... | Result(s) : 43532 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2021-03-03 | CVE-2020-29047 | cve | The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 c... |
| 9.1 | 2021-03-03 | CVE-2021-27931 | cve | LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE pa... |
| 9.8 | 2021-03-03 | CVE-2021-27215 | cve | An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use ... |
| 9.8 | 2021-03-03 | CVE-2021-21978 | cve | VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary fi... |
| 9 | 2021-03-03 | CVE-2021-21353 | cve | Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler... |
| 9.8 | 2021-03-03 | CVE-2021-22681 | cve | Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwe... |
| 9.8 | 2021-03-02 | CVE-2020-28657 | cve | In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise. |
| 9.8 | 2021-03-02 | CVE-2021-27730 | cve | Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. |
| 10 | 2021-03-02 | CVE-2021-21321 | cve | fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a s... |
| 9.8 | 2021-03-02 | CVE-2021-27804 | cve | JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. |
| 9.8 | 2021-03-02 | CVE-2021-25309 | cve | The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together wi... |
| 9.8 | 2021-03-02 | CVE-2021-21513 | cve | Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication by... |
| 9.8 | 2021-03-02 | CVE-2021-21322 | cve | fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escap... |
| 9.8 | 2021-03-02 | CVE-2021-27886 | cve | rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: t... |
| 9.8 | 2021-03-01 | CVE-2021-27877 | cve | An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no lon... |
| 9.8 | 2021-03-01 | CVE-2021-25914 | cve | Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. |
| 9.8 | 2021-03-01 | CVE-2021-3342 | cve | EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. |
| 9.8 | 2021-03-01 | CVE-2021-26476 | cve | EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. |
| 9.8 | 2021-03-01 | CVE-2021-26703 | cve | EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. |
| 9.8 | 2021-03-01 | CVE-2021-25833 | cve | A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the reques... |
| Page(s) : 1 ... 781 782 783 784 785 786 787 788 789 790 [791] 792 793 794 795 796 797 798 799 800 801 ... | Result(s) : 43532 |
