CVE-2021-24402 WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

CVE-2021-24401

CVE-2021-24401 affects the WP Domain Redirect WordPress plugin (

CVE-2021-33704

Summary: CVE-2021-33704 affects SAP Business One 10.0 Service Layer. An authenticated attacker can invoke functions that should be restricted, enabling reading, modification, or deletion of restricted data. The vulnerability arises from missing authorization checks and can be exploited over the n...

body-parser-xml code issue vulnerability

body-parser-xml is an XML body parser that converts incoming XML data into a JSON representation. a code issue vulnerability exists in body-parser-xml, which stems from an error in the product's implementation of certain functionality. No details of the vulnerability are currently available...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1253-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-40354

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The "surrogate" functionality on the user profile of the application does not perform sufficien...

Design/Logic Flaw

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The "surrogate" functionality on the user profile of the application does not perform sufficien...

CVE-2021-40354

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The "surrogate" functionality on the user profile of the application does not perform sufficien...

OPENSUSE-SU-2021:1252-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fixed security issues boo1190291: - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Inserti...

EulerOS 2.0 SP2 : rpm (EulerOS-SA-2021-2443)

According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to...

Inefficient Regular Expression Complexity in terkelg/prompts

✍️ Description The prompts package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS is...

PT-2021-5033 · Intel +5 · Intel Processors +5

Name of the Vulnerable Software and Affected Versions: IntelR processors affected versions not specified Description: The issue is related to the activation of test or debug logic at runtime for some IntelR processors, which may allow an unauthenticated user to potentially enable escalation of...

Fedora: Security Advisory for libtpms (FEDORA-2021-96b2a3b3ee)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 33 Update: libtpms-0.8.5-0.20210901git18ba4c0206.fc33

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

[SECURITY] Fedora 34 Update: libtpms-0.8.5-0.20210901git18ba4c0206.fc34.0

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

Privilege Escalation

github.com/hashicorp/consul is vulnerable to Privilege Escalation. The vulnerability exists due to a lack of sanitization of authorization which may allow non-server agents with valid certificate signed by the same CA to access server-only functionality...

GHSA-593V-WCQX-HQ2W Incorrect version tags linked to external repository

Impact A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse...

CVE-2021-32801

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...

Authorities Arrest Another TrickBot Gang Member in South Korea

Another alleged member of the TrickBot gang has been apprehended, this time when trying to leave South Korea, according to published reports. The Russian national, who is an alleged developer of the notorious crimeware, reportedly had been trapped in South Korea since February 2020 due to COVID-1...

Privilege escalation

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2...