108841 matches found
ROOT-OS-UBUNTU-2404-CVE-2021-26934 CVE-2021-26934 in rootio-linux - Patched by Root
Root has patched CVE-2021-26934 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2021-3864 CVE-2021-3864 in rootio-linux - Patched by Root
Root has patched CVE-2021-3864 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2021-3714 CVE-2021-3714 in rootio-linux - Patched by Root
Root has patched CVE-2021-3714 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2021-4095 CVE-2021-4095 in rootio-linux - Patched by Root
Root has patched CVE-2021-4095 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2021-47432 CVE-2021-47432 in rootio-linux - Patched by Root
Root has patched CVE-2021-47432 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2021-3714 CVE-2021-3714 in rootio-linux - Patched by Root
Root has patched CVE-2021-3714 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2204-CVE-2021-26934 CVE-2021-26934 in rootio-linux - Patched by Root
Root has patched CVE-2021-26934 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
Hospital Management System 1.0 - Cross-Site Scripting
Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in doctor/search.php and patient-search.php. id: CVE-2021-39411 info: name: Hospital Management System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Hospital...
FlatPress 1.2.1 - Stored Cross-Site Scripting
FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...
Grafana Unauthenticated Snapshot Creation
Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...
Apache Superset <=1.3.2 - Default Login
Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...
CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized...
SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. id: CVE-2021-42063 info: name: SAP Knowledge Warehouse =7.5.1 to mitigate the XSS vulnerability. reference: -...
KodExplorer - Cross-Site Scripting
KodExplorer is susceptible to a reflected cross-site scripting XSS vulnerability in the file view functionality.The vulnerability exists in app/template/api/view.html where user-supplied input in the 'path' parameter is directly echoed without proper sanitization.This allows attackers to inject...
BIQS IT Biqs-drive v1.83 Local File Inclusion
A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution. id: CVE-2021-21389 info: name: BuddyPress REST API 7.2.1 - Privilege Escalation/Remote Code Execution author: lotusdll severity: high descriptio...
FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting
The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the playerid parameter found in the /view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727. id: CVE-2021-39350 info: name: FV Flowplayer Video...
MKdocs 1.2.2 - Directory Traversal
The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...
Doctor Appointment System 1.0 - SQL Injection
SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0. id: CVE-2021-27124 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: medium description: | SQL injection in the expertise parameter in searchresult.php in Doctor...
Cacti - Cross-Site Scripting
Cacti contains a cross-site scripting vulnerability via "http:///authchangepassword.php?ref=alert1" which can successfully execute the JavaScript payload present in the "ref" URL parameter. id: CVE-2021-26247 info: name: Cacti - Cross-Site Scripting author: dhiyaneshDK severity: medium descriptio...