Lucene search
K

87966 matches found

OSV
OSV
added 12 hours ago4 views

ROOT-OS-UBUNTU-2204-CVE-2021-26934 CVE-2021-26934 in rootio-linux - Patched by Root

Root has patched CVE-2021-26934 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.8CVSS8.3AI score0.00346EPSS
Exploits0
Nuclei
Nuclei
added 14 hours ago31 views

Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor

Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint "https://192.168.1.2/aboutstate", enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password. id: CVE-2021-40859 info: name: Auerswald COMpact 5500R 7.8A a...

10CVSS7.5AI score0.71979EPSS
Exploits6References4
Nuclei
Nuclei
added 14 hours ago35 views

Ligeo Archives Ligeo Basics - Server Side Request Forgery

Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...

7.5CVSS7.1AI score0.07408EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago19 views

myfactory FMS - Cross-Site Scripting

myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter. id: CVE-2021-42566 info: name: myfactory FMS - Cross-Site Scripting author: madrobot,daffainfo severity: medium description: | myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter. impact...

6.1CVSS6.2AI score0.05832EPSS
Exploits3References2
Nuclei
Nuclei
added 14 hours ago25 views

Clustering Local File Inclusion

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...

7.5CVSS7.5AI score0.15689EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago25 views

myfactory FMS - Cross-Site Scripting

myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. id: CVE-2021-42565 info: name: myfactory FMS - Cross-Site Scripting author: madrobot,daffainfo severity: medium description: | myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. impact: |...

6.1CVSS6.2AI score0.05832EPSS
Exploits3References3
Nuclei
Nuclei
added 14 hours ago117 views

KONGA 0.14.9 - Privilege Escalation

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...

9CVSS7.3AI score0.09469EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago32 views

Apache Superset <=1.3.2 - Default Login

Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...

6.5CVSS6.7AI score0.07863EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago36 views

AppCMS - Cross-Site Scripting

AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. id: CVE-2021-45380 info: name: AppCMS - Cross-Site Scripting author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. impact: | Successfu...

6.1CVSS6.2AI score0.02542EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago60 views

D-Link DAP-1620 - Local File Inclusion

D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading /etc/passwd and /etc/shadow. id: CVE-2021-46381 info: name: D-Link DAP-1620 - Local File Inclusion author: 0xAkoko severity: high description: D-Link DAP-1620 is...

7.5CVSS6.6AI score0.57984EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago36 views

Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. id: CVE-2021-46424 info: name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete author: gy741 severity:...

9.4CVSS7.5AI score0.36834EPSS
Exploits3References5
Nuclei
Nuclei
added 14 hours ago23 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS5.7AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago36 views

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...

7.5CVSS7.2AI score0.20084EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago134 views

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

5.4CVSS6.3AI score0.01675EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago40 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.2AI score0.1449EPSS
Exploits2
Nuclei
Nuclei
added 14 hours ago163 views

MinIO Operator Console Authentication Bypass

MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. id: CVE-2021-41266 info: name: MinIO Operator...

9.8CVSS7.3AI score0.51364EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago68 views

NetBiblio WebOPAC - Cross-Site Scripting

NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. id: CVE-2021-42551 info: name: NetBiblio WebOPAC - Cross-Site Scripting author: compr00t severity: medium...

6.1CVSS6.2AI score0.02671EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago53 views

SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

7.5CVSS7.1AI score0.07845EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago164 views

SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting

SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. id: CVE-2021-42063 info: name: SAP Knowledge Warehouse =7.5.1 to mitigate the XSS vulnerability. reference: -...

6.1CVSS6.7AI score0.22318EPSS
Exploits3References5
Nuclei
Nuclei
added 14 hours ago18 views

Thinfinity Iframe Injection

A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. id: CVE-2021-45092 info: name: Thinfinity Iframe Injection author: danielmofer severity: critical description: A vulnerability exist...

9.8CVSS6.7AI score0.39973EPSS
Exploits7References5
Rows per page
Query Builder