CVE-2020-26153

Summary: CVE-2020-26153 remains a documented XSS vulnerability affecting the Event Espresso Core-Reg plugin (WordPress) prior to 4.10.7.p. The weakness is in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php, where the page parameter is n...

GHSA-X2J7-6HXM-87P3 Craft CMS Remote Code Injection

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes if an attacker were somehow able to hijack an administrator's session...

Craft CMS Remote Code Injection

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes if an attacker were somehow able to hijack an administrator's session...

CVE-2021-20752

CVE-2021-20752 is a cross-site scripting vulnerability affecting IkaIka RSS Reader (all versions). The issue arises from insufficient filtering of user-supplied data in RSS feeds, allowing a remote attacker to cause arbitrary script execution in the victim’s browser when a vulnerable feed is proc...

CVE-2021-22439

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device...

Deserialization of untrusted data

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device...

CVE-2021-22439

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device...

CVE-2021-20749

The CVE-2021-20749 entry describes a Cross-site Scripting (XSS) vulnerability in the WordPress Fudousan plugin family (versions = 5.7.2 (or latest available) to mitigate the vulnerability. Exploitation details are not provided in the supplied documents; no active exploit/availability information ...

CVE-2021-34427

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance...

Design/Logic Flaw

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance...

CVE-2021-34427

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance...

Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM WIoTP MessageGateway

Summary There is a Dojo vulnerability in IBM WebSphere Liberty that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other...

CVE-2021-26461

Apache NuttX (OS) versions prior to 10.1.0 are affected by CVE-2021-26461 due to integer wrap-around in memory management calls (malloc, realloc, memalign). This can lead to arbitrary memory allocation and outcomes such as a crash or remote code execution. Remediation is to update to 10.1.0 or la...

CVE-2021-26461 malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

Security Advisory - Deserialization Vulnerability in Huawei AnyOffice Product

There is a deserialization vulnerability in Huawei AnyOffice product. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. Vulnerability ID:...

CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

CVE-2021-33841

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges...

CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

CVE-2021-33841

CVE-2021-33841 applies to the Circutor SGE-PLC1000 device running firmware version 0.9.2b. The vulnerability is an OS command injection caused by the device’s firmware not handling some requests correctly, enabling a remote attacker to inject code into the operating system with maximum privileges...

Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Dojo

Summary IBM has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2020-5259 DESCRIPTION: Dojo dojox could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to...