CVE-2021-41868

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality...

SUSE: Security Advisory (SUSE-SU-2021:14821-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for libtpms (FEDORA-2021-c4edcdbf1c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-41300 ECOA BAS controller - Insufficiently Protected Credentials-2

ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality...

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

PT-2021-21204 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 Description: The issue concerns an arbitrary file deletion vulnerability that can be exploited using the Windows feature of NTFS called Symbolic links...

A New Jupyter Malware Version is Being Distributed via MSI Installers

Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions. The new delivery chain, spotted by Morphisec on September 8, underscores...

IBM Aspera Cross-Site Scripting Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM U.S. A cross-site scripting vulnerability exists in IBM Aspera Cloud, which could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended...

GHSA-65P7-PJJ8-GGMR Member account takeover

Impact An error in the implementation of the member email change functionality allows unauthenticated users to change the email address of arbitrary member accounts to one they control by crafting a request to the relevant API endpoint, and validating the new address via magic link sent to the ne...

CVE-2021-24397

The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

Sql injection

The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

Sql injection

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

Sql injection

The Orders functionality in the WordPress Page Contact plugin through 1.0 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

CVE-2021-24402 WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

CVE-2021-24401

CVE-2021-24401 affects the WP Domain Redirect WordPress plugin (

CVE-2021-33704

Summary: CVE-2021-33704 affects SAP Business One 10.0 Service Layer. An authenticated attacker can invoke functions that should be restricted, enabling reading, modification, or deletion of restricted data. The vulnerability arises from missing authorization checks and can be exploited over the n...

body-parser-xml code issue vulnerability

body-parser-xml is an XML body parser that converts incoming XML data into a JSON representation. a code issue vulnerability exists in body-parser-xml, which stems from an error in the product's implementation of certain functionality. No details of the vulnerability are currently available...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1253-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-40354

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The "surrogate" functionality on the user profile of the application does not perform sufficien...

Design/Logic Flaw

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The "surrogate" functionality on the user profile of the application does not perform sufficien...