📄️ CVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Seri
📄️ CVE-2021-1497
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an
📄️ CVE-2021-1498
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an
📄️ CVE-2021-1499
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allo
📄️ CVE-2021-3002
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
📄️ CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attacker
📄️ CVE-2021-3019
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credential
📄️ CVE-2021-3110
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=produc
📄️ CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker
📄️ CVE-2021-3223
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
📄️ CVE-2021-3293
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see
📄️ CVE-2021-3297
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator acces
📄️ CVE-2021-3374
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application s
📄️ CVE-2021-3377
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can b
📄️ CVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a 'Content-Type: image/png' head
📄️ CVE-2021-3577
An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binaton
📄️ CVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noV
📄️ CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and
📄️ CVE-2021-20031
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect
📄️ CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environme
📄️ CVE-2021-20090
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.
📄️ CVE-2021-20091
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware versi
📄️ CVE-2021-20092
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware versi
📄️ CVE-2021-20114
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated
📄️ CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download fu
📄️ CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download fu
📄️ CVE-2021-20137
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site
📄️ CVE-2021-20150
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the
📄️ CVE-2021-20158
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is po
📄️ CVE-2021-20167
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi applic
📄️ CVE-2021-20323
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
📄️ CVE-2021-20792
Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remot
📄️ CVE-2021-20837
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable T
📄️ CVE-2021-21087
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.32
📄️ CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator
📄️ CVE-2021-21287
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before versi
📄️ CVE-2021-21307
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web appli
📄️ CVE-2021-21311
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 an
📄️ CVE-2021-21315
The System Information Library for Node.JS (npm package 'systeminformation') is an open source colle
📄️ CVE-2021-21345
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.
📄️ CVE-2021-21351
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.
📄️ CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress f
📄️ CVE-2021-21402
Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints,
📄️ CVE-2021-21479
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compr
📄️ CVE-2021-21745
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an
📄️ CVE-2021-21799
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech
📄️ CVE-2021-21800
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-S
📄️ CVE-2021-21801
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-Se
📄️ CVE-2021-21802
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-Se
📄️ CVE-2021-21803
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-Se
📄️ CVE-2021-21805
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-See
📄 ️ CVE-2021-21816
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B0
📄️ CVE-2021-21881
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionali
📄️ CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin
📄️ CVE-2021-21973
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to impro
📄️ CVE-2021-21975
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may all
📄️ CVE-2021-21978
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability
📄️ CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input valid
📄️ CVE-2021-22005
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malic
📄️ CVE-2021-22053
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf`
📄️ CVE-2021-22054
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prio
📄️ CVE-2021-22122
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 throu
📄️ CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
📄️ CVE-2021-22205
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was n
📄️ CVE-2021-22214
When requests to the internal network for webhooks are enabled, a server-side request forgery vulner
📄️ CVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affectin
📄️ CVE-2021-22707
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 a
📄️ CVE-2021-22873
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0`
📄️ CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that coul
📄️ CVE-2021-22986
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo
📄️ CVE-2021-23241
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLes
📄️ CVE-2021-24145
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, d
📄️ CVE-2021-24146
Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.
📄️ CVE-2021-24150
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to
📄️ CVE-2021-24155
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure
📄️ CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX ac
📄️ CVE-2021-24169
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export
📄️ CVE-2021-24176
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, w
📄️ CVE-2021-24210
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to
📄️ CVE-2021-24214
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error
📄️ CVE-2021-24215
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plu
📄️ CVE-2021-24226
In the AccessAlly WordPress plugin before 3.5.7, the file 'resource/frontend/product/product-shortco
📄️ CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plug
📄️ CVE-2021-24235
The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on i
📄️ CVE-2021-24236
The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only
📄️ CVE-2021-24237
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the k
📄️ CVE-2021-24239
The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments W
📄️ CVE-2021-24245
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (s
📄️ CVE-2021-24274
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of i
📄️ CVE-2021-24275
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its opti
📄️ CVE-2021-24276
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of i
📄️ CVE-2021-24278
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use t
📄️ CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file up
📄️ CVE-2021-24285
The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin thro
📄️ CVE-2021-24286
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanit
📄️ CVE-2021-24287
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons Word
📄️ CVE-2021-24288
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the re
📄️ CVE-2021-24291
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulner
📄️ CVE-2021-24298
The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped b
📄️ CVE-2021-24300
The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin
📄️ CVE-2021-24316
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's '
📄️ CVE-2021-24320
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape it
📄️ CVE-2021-24335
The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its ser
📄️ CVE-2021-24340
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on
📄️ CVE-2021-24342
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?a
📄️ CVE-2021-24347
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however
📄️ CVE-2021-24351
The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin bef
📄️ CVE-2021-24358
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirec
📄️ CVE-2021-24364
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its
📄️ CVE-2021-24370
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload
📄️ CVE-2021-24387
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community par
📄 ️ CVE-2021-24389
The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did
📄️ CVE-2021-24406
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the log
📄️ CVE-2021-24407
The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its
📄️ CVE-2021-24409
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting
📄️ CVE-2021-24435
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and
📄️ CVE-2021-24436
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting
📄️ CVE-2021-24442
The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, es
📄️ CVE-2021-24452
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (X
📄️ CVE-2021-24472
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have expo
📄️ CVE-2021-24488
The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 se
📄️ CVE-2021-24495
The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the
📄️ CVE-2021-24498
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start'
📄️ CVE-2021-24499
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workrea
📄️ CVE-2021-24510
The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter be
📄️ CVE-2021-24554
The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the
📄️ CVE-2021-24627
The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET paramete
📄️ CVE-2021-24647
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invit
📄️ CVE-2021-24666
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (
📄️ CVE-2021-24731
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invit
📄️ CVE-2021-24746
The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before
📄️ CVE-2021-24750
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise
📄️ CVE-2021-24762
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET pa
📄️ CVE-2021-24791
The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the 'orde
📄️ CVE-2021-24827
The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subsc
📄️ CVE-2021-24838
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the red
📄️ CVE-2021-24849
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, availab
📄️ CVE-2021-24862
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a
📄️ CVE-2021-24875
The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-setti
📄️ CVE-2021-24891
The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input a
📄️ CVE-2021-24910
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a
📄️ CVE-2021-24915
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sa
📄️ CVE-2021-24917
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page
📄️ CVE-2021-24926
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter be
📄️ CVE-2021-24931
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape
📄️ CVE-2021-24940
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before output
📄️ CVE-2021-24943
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape
📄️ CVE-2021-24946
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time
📄️ CVE-2021-24947
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation
📄️ CVE-2021-24956
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise
📄️ CVE-2021-24970
The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab pa
📄️ CVE-2021-24979
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before output
📄️ CVE-2021-24987
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not s
📄️ CVE-2021-24991
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab
📄️ CVE-2021-24997
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API end
📄️ CVE-2021-25003
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenti
📄️ CVE-2021-25008
The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter be
📄️ CVE-2021-25016
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise
📄️ CVE-2021-25028
The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to para
📄️ CVE-2021-25033
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter bef
📄️ CVE-2021-25052
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to
📄️ CVE-2021-25055
The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) with
📄️ CVE-2021-25063
The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab para
📄️ CVE-2021-25065
The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in
📄️ CVE-2021-25067
The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-bui
📄️ CVE-2021-25074
The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does
📄️ CVE-2021-25075
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a f
📄️ CVE-2021-25078
The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP a
📄️ CVE-2021-25079
The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various paramete
📄️ CVE-2021-25085
The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements befor
📄️ CVE-2021-25099
The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before
📄️ CVE-2021-25104
The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used wh
📄️ CVE-2021-25111
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_languag
📄️ CVE-2021-25112
The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter befor
📄️ CVE-2021-25114
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of i
📄️ CVE-2021-25118
The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of f
📄️ CVE-2021-25120
The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their param
📄️ CVE-2021-25281
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth crede
📄️ CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file
📄️ CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file
📄️ CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file
📄️ CVE-2021-25299
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in th
📄️ CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types
📄️ CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendF
📄️ CVE-2021-25899
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attac
📄️ CVE-2021-26084
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th
📄️ CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources