01os (>=0.0.3 <=0.0.14), 102218077-topsis (=0.0.1) +10107 more potentially affected by CVE-2019-16249 via opencv-python (>=3.4.10.35 <=4.1.1.26)

opencv-python PYPI version =3.4.10.35, =0.0.3, =0.0.1, =0.1.0, =0.0.2, =2.13.0, =0.1.0, =0.1.0, =0.10.0, =0.13.0 - a-cv-sift-detection =0.10.0 - a-cv2-calculate-difference =0.10.0 and more Source cves: CVE-2019-16249 Source advisory: OSV:GHSA-X3RM-644H-67M8...

cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +53 more potentially affected by CVE-2020-29204 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.7.1 - com.gitee.zodiacstack:zodiac-xxljob-spring-boot-starter =1.5.16 - com.github.hiwepy:xxljob-spring-boot-starter =1.0.0.RELEASE -...

7ghost (>=4.11.0 <=4.11.46), @heroku-cli/plugin-java (>=3.0.0 <=3.1.1) +55 more potentially affected by CVE-2021-41117 via keypair (>=0.0.5 <=1.0.3)

keypair NPM version =0.0.5, =4.11.0, =3.0.0, =2.3.1, =3.41.6, =1.0.1, =1.0.0, =0.1.2, =0.2.1, =0.4.0, =0.1.2, =0.1.2, =0.1.11 and more Source cves: CVE-2021-41117 Source advisory: OSV:GHSA-3F99-HVG4-QJWJ...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy internal knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki versions 1.31.0 through 1.36.1, which stems from...

PT-2021-21345 · Digi · Digi Realport

Name of the Vulnerable Software and Affected Versions: Digi RealPort versions 4.8.488.0 through 4.10.490 Description: The authentication mechanism in Digi RealPort relies on a challenge-response system that provides access to the server password, rendering the protection ineffective. An attacker...

CVE-2021-20552

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170...

CVE-2021-20372

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518...

CVE-2021-29758

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169...

CVE-2021-39351 WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection

The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the /Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2...

IBM Sterling File Gateway 信息泄露漏洞

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.An information disclosure vulnerability exists in IBM Sterling File Gateway version 6.0.1.0-6.1.0.2. An attack...

UBUNTU-CVE-2021-39886

Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references...

PT-2021-16888 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: Calibre-web versions 0.6.0 through 0.6.12 Description: The issue concerns a Stored XSS in the "Metadata" of the Calibre-web application. An attacker with access to edit metadata information can inject a JavaScript payload in the description...

GitLab EE 跨站脚本漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab EE...

@christianhugo/cli (>=0.7.2-beta.6 <=0.7.3-beta.15), @christianhugo/mobile-builder (>=0.7.2-beta.6 <=0.7.4-beta.9) +72 more potentially affected by CVE-2021-23445 via datatables.net (>=1.10.12 <=1.10.25)

datatables.net NPM version =1.10.12, =0.7.2-beta.6, =0.7.2-beta.6, =0.7.2-beta.6, =0.7.2-beta.6, =0.6.4-beta.10, =0.7.2-beta.7, =0.6.4-beta.10, =0.6.4-beta.10, =1.0.0, =1.0.0, =3.0.0, =3.0.11 and more Source cves: CVE-2021-23445 Source advisory: OSV:GHSA-H73Q-5WMJ-Q8PJ...

Shuup 注入漏洞

Shuup is an open source e-commerce platform based on Django and Python from Shuup, Inc. Shuup suffers from an injection vulnerability that stems from a formula injection vulnerability affecting Shuup applications in versions 0.4.2 through 2.10.8. A customer can inject a payload into the name inpu...

CVE-2021-22946

A user can tell curl = 7.20.0 and = 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line orCURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL withlibcurl. This requirement could be bypassed if the server would return a...

PT-2021-15530 · Unknown · Handsontable

Name of the Vulnerable Software and Affected Versions: handsontable versions 0 through 10.0.0 excluding 10.0.0 Description: The issue concerns a Regular Expression Denial of Service ReDoS in the Handsontable.helper.isNumeric function. This affects the handsontable package, making it vulnerable to...

Underscore.js 1.3.2 < 1.12.1 Arbitrary Code Injection

According to its self-reported version number, Underscore.js is 1.3.2 prior to 1.12.1 or 1.13.x prior to 1.13.0-2. Therefore, it may be affected by an arbitrary code injection via the template function when the variable option is taken from .templateSettings. Note that the scanner has not tested...

PT-2021-11026 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.3.2 through 2.6 Description: A Server Side Request Forgery SSRF issue exists via the email function. When writing an email in an editor, it is possible to upload pictures from remote websites. Recommendations: For version...

com.alejandrohdezma:http4s-munit-testcontainers_2.13 (=0.8.0), com.alejandrohdezma:http4s-munit_2.13 (=0.8.0) +54 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_2.13 (>=0.22.0 <=0.22.4)

org.http4s:http4s-client2.13 MAVEN version =0.22.0, =2.0.0, =0.12.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.12.0, =0.17.0, =0.17.0, =0.12.0, =0.17.0-11-3359289, =0.17.0, =0.17.1 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...