CVE-2021-25xxx

There are 727 CVE in this subgroup.
Last updated: 
← Back to 2021
ID Summary Flags Max Score
CVE-2021-25000 Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module
E
CVE-2021-25001 Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module
E
CVE-2021-25002 Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure
E
CVE-2021-25003 WPCargo < 6.9.0 - Unauthenticated RCE
E
CVE-2021-25004 SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download
E
CVE-2021-25005 SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-25006 MOLIE <= 0.5 - Reflected Cross-Site Scripting
E
CVE-2021-25007 MOLIE <= 0.5 - Authenticated SQL Injection
E
CVE-2021-25008 Code Snippets < 2.14.3 - Reflected Cross-Site Scripting
E
CVE-2021-25009 CorreosExpress <= 2.6.0 - Sensitive Information Disclosure
E
CVE-2021-25010 Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting
E
CVE-2021-25011 WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update
E
CVE-2021-25012 Pz-LinkCard <= 2.4.4.4 - Reflected Cross-Site Scripting
E
CVE-2021-25013 Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion
E
CVE-2021-25014 Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS
E
CVE-2021-25015 myCred < 2.4 - Reflected Cross-Site Scripting
E S
CVE-2021-25016 Chaty < 2.8.3 - Reflected Cross-Site Scripting
E
CVE-2021-25017 Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting
E S
CVE-2021-25018 PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS
E
CVE-2021-25019 SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting
E
CVE-2021-25020 CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal
E
CVE-2021-25021 OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal
E
CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting
E S
CVE-2021-25023 Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection
E
CVE-2021-25024 Event Calendar < 1.1.51 - Reflected Cross-Site Scripting
E
CVE-2021-25025 Event Calendar < 1.1.51 - Subscriber+ Event Creation
E
CVE-2021-25026 Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-25027 PowerPack Addons for Elementor < 2.6.2 - Reflected Cross-Site Scripting
E S
CVE-2021-25028 Event Tickets < 5.2.2 - Open Redirect
E
CVE-2021-25029 Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting
E
CVE-2021-25030 Events Made Easy < 2.2.36 - Subscriber+ SQL Injection
E
CVE-2021-25031 Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting
E S
CVE-2021-25032 PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
E S
CVE-2021-25033 Noptin < 1.6.5 - Open Redirect
E S
CVE-2021-25034 WP User < 7.0 - Reflected Cross-Site Scripting
E
CVE-2021-25035 Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
E S
CVE-2021-25036 All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation
E S
CVE-2021-25037 All In One SEO < 4.1.5.3 - Authenticated SQL Injection
E S
CVE-2021-25038 Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting
E
CVE-2021-25039 Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting
E
CVE-2021-25040 Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting
E
CVE-2021-25041 Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)
E S
CVE-2021-25042 WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS
E
CVE-2021-25043 WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting
E S
CVE-2021-25044 Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting
E
CVE-2021-25045 Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id
E S
CVE-2021-25046 Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS
E
CVE-2021-25047 10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-25048 KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2021-25049 Mobile Events Manager < 1.4.4 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-25050 Remove Footer Credit < 1.0.11 - Admin+ Stored Cross-Site Scripting
E S
CVE-2021-25051 Modal Window < 5.2.2 - RFI leading to RCE via CSRF
E S
CVE-2021-25052 Button Generator < 2.3.3 - RFI leading to RCE via CSRF
E S
CVE-2021-25053 WP Coder < 2.5.2 - RFI leading to RCE via CSRF
E S
CVE-2021-25054 WPcalc <= 2.1 - Authenticated SQL Injection
E
CVE-2021-25055 FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-25056 Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-25057 Translation Exchange <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)
E
CVE-2021-25058 The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS)
E
CVE-2021-25059 Download Plugin < 2.0.0 - Subscriber+ Website Download
E
CVE-2021-25060 Five Star Business Profile and Schema < 2.1.7 - Subscriber+ Page Creation & Settings Update to Stored XSS
E
CVE-2021-25061 WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)
E S
CVE-2021-25062 Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting
E S
CVE-2021-25063 Contact Form 7 Skins < 2.5.1 - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-25064 Wow Countdowns <= 3.1.2 - Admin+ SQLi
E
CVE-2021-25065 Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-25066 Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
E
CVE-2021-25067 Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2021-25068 Sync WooCommerce Product feed to Google Shopping <= 1.2.4 - Admin+ SQLi
E
CVE-2021-25069 WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS
E
CVE-2021-25070 WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi
E
CVE-2021-25071 Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting
E
CVE-2021-25072 NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF
E
CVE-2021-25073 WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF
E S
CVE-2021-25074 WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect
E
CVE-2021-25075 Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS
E
CVE-2021-25076 WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
E S
CVE-2021-25077 Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting
E S
CVE-2021-25078 Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting
E S
CVE-2021-25079 Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting
E
CVE-2021-25080 Contact Form Entries < 1.1.7 - Unauthenticated Stored Cross-Site Scripting
E S
CVE-2021-25081 WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF
E
CVE-2021-25082 Popup Builder < 4.0.7 - LFI to RCE
E
CVE-2021-25083 Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting
E S
CVE-2021-25084 Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion
E
CVE-2021-25085 WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting
E S
CVE-2021-25086 Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2021-25087 Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure
E
CVE-2021-25088 Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-25089 UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting
E
CVE-2021-25090 GridKit Portfolio < 2.1.0 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2021-25091 Link Library < 7.2.9 - Reflected Cross-Site Scripting
E
CVE-2021-25092 Link Library < 7.2.8 - Library Settings Reset via CSRF
CVE-2021-25093 Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion
E
CVE-2021-25094 Tatsu < 3.3.12 - Unauthenticated RCE
E
CVE-2021-25095 IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban
E S
CVE-2021-25096 IP2Location Country Blocker < 2.26.5 - Ban Bypass
E S
CVE-2021-25097 LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion
CVE-2021-25098 Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF
E
CVE-2021-25099 Give < 2.17.3 - Unauthenticated Reflected Cross-Site Scripting
E
CVE-2021-25100 Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard
E
CVE-2021-25101 Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting
E
CVE-2021-25102 All In One WP Security < 4.4.11 - Authenticated Reflected Cross-Site Scripting
E
CVE-2021-25103 GTranslate < 2.9.7 - Reflected Cross-Site Scripting
E
CVE-2021-25104 Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting
E
CVE-2021-25105 Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting
E
CVE-2021-25106 WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS
E
CVE-2021-25107 Form Store to DB < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
E S
CVE-2021-25108 IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF
E S
CVE-2021-25109 Futurio Extra < 1.6.3 - Authenticated SQL Injection
E
CVE-2021-25110 Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
E
CVE-2021-25111 English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect
E
CVE-2021-25112 WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)
E
CVE-2021-25113 Dropdown Menu Widget <= 1.9.7 - Subscriber+ Arbitrary Settings Update to Stored XSS
E
CVE-2021-25114 Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
E
CVE-2021-25115 WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)
E S
CVE-2021-25116 Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion
E
CVE-2021-25117 WP Postratings < 1.86.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2021-25118 Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure
E
CVE-2021-25119 AGIL <= 1.0 - Admin+ Arbitrary File Upload
E
CVE-2021-25120 Easy Social Feed < 6.2.7 - Reflected Cross-Site Scripting
E
CVE-2021-25121 Rating by BestWebSoft < 1.6 - Rating Denial of Service
E
CVE-2021-25122 Apache Tomcat h2c request mix-up
S
CVE-2021-25123 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25124 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25125 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25126 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25127 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25128 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25129 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25130 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25131 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25132 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25133 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25134 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25135 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25136 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25137 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25138 The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 G...
CVE-2021-25139 A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.2...
CVE-2021-25140 A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.2...
CVE-2021-25141 A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A da...
CVE-2021-25142 The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0...
CVE-2021-25143 A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IA...
S
CVE-2021-25144 A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) produ...
S
CVE-2021-25145 A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant A...
S
CVE-2021-25146 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P...
S
CVE-2021-25147 A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management ...
CVE-2021-25148 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point...
S
CVE-2021-25149 A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) produ...
S
CVE-2021-25150 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P...
S
CVE-2021-25151 A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform ...
CVE-2021-25152 A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform ...
CVE-2021-25153 A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) ...
CVE-2021-25154 A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform v...
CVE-2021-25155 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point...
S
CVE-2021-25156 A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point ...
E S
CVE-2021-25157 A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) p...
E S
CVE-2021-25158 A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) p...
E S
CVE-2021-25159 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point...
E S
CVE-2021-25160 A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point...
S
CVE-2021-25161 A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point ...
E S
CVE-2021-25162 A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P...
E S
CVE-2021-25163 A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi...
CVE-2021-25164 A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi...
CVE-2021-25165 A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform versi...
CVE-2021-25166 A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform versi...
CVE-2021-25167 A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform versi...
CVE-2021-25168 The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0...
CVE-2021-25169 The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0...
CVE-2021-25170 The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0...
CVE-2021-25171 The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0...
CVE-2021-25172 The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0...
S
CVE-2021-25173 An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation wit...
S
CVE-2021-25174 An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vul...
S
CVE-2021-25175 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue...
S
CVE-2021-25176 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer derefere...
S
CVE-2021-25177 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue ...
S
CVE-2021-25178 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer ov...
S
CVE-2021-25179 SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header....
CVE-2021-25195 Windows PKU2U Elevation of Privilege Vulnerability
S
CVE-2021-25197 Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows re...
E
CVE-2021-25200 Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attack...
E
CVE-2021-25201 SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute a...
E
CVE-2021-25202 SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attacke...
E
CVE-2021-25203 Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code v...
E
CVE-2021-25204 Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote at...
E
CVE-2021-25205 SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to ex...
E
CVE-2021-25206 Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attack...
E
CVE-2021-25207 Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to e...
E
CVE-2021-25208 Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attacker...
E
CVE-2021-25209 SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attack...
CVE-2021-25210 Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attacker...
CVE-2021-25211 Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to exec...
E
CVE-2021-25212 SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers...
E
CVE-2021-25213 SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers...
E
CVE-2021-25214 A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
S
CVE-2021-25215 An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself
S
CVE-2021-25216 A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
S
CVE-2021-25217 A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
E S
CVE-2021-25218 A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use
E S
CVE-2021-25219 Lame cache can be abused to severely degrade resolver performance
S
CVE-2021-25220 DNS forwarders - cache poisoning vulnerability
S
CVE-2021-25221 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2021-25222 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2021-25223 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2021-25224 A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local att...
S
CVE-2021-25225 A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local att...
S
CVE-2021-25226 A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local att...
S
CVE-2021-25227 Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability tha...
S
CVE-2021-25228 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S...
S
CVE-2021-25229 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X...
S
CVE-2021-25230 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X...
S
CVE-2021-25231 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S...
S
CVE-2021-25232 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X...
S
CVE-2021-25233 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S...
S
CVE-2021-25234 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S...
S
CVE-2021-25235 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X...
S
CVE-2021-25236 A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan ...
S
CVE-2021-25237 An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenti...
S
CVE-2021-25238 An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and...
S
CVE-2021-25239 An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and W...
S
CVE-2021-25240 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S...
S
CVE-2021-25241 A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One an...
S
CVE-2021-25242 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S...
S
CVE-2021-25243 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S...
S
CVE-2021-25244 An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an una...
S
CVE-2021-25245 An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an una...
S
CVE-2021-25246 An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as...
S
CVE-2021-25247 A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below cou...
CVE-2021-25248 An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS...
S
CVE-2021-25249 An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and Saa...
S
CVE-2021-25250 An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service ...
CVE-2021-25251 The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code inject...
CVE-2021-25252 Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a me...
S
CVE-2021-25253 An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service ...
CVE-2021-25254 Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
CVE-2021-25255 Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
CVE-2021-25261 Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low ...
CVE-2021-25262 Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
CVE-2021-25263 Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low ...
CVE-2021-25264 In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary...
CVE-2021-25265 A malicious website could execute code remotely in Sophos Connect Client before version 2.1....
S
CVE-2021-25266 An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve T...
CVE-2021-25267 Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in...
CVE-2021-25268 Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS ...
CVE-2021-25269 A local administrator could prevent the HMPA service from starting despite tamper protection using a...
CVE-2021-25270 A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert befor...
CVE-2021-25271 A local attacker could read or write arbitrary files with administrator privileges in HitmanPro befo...
CVE-2021-25273 Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before versio...
E
CVE-2021-25274 The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queu...
E S
CVE-2021-25275 SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses...
E
CVE-2021-25276 In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (tha...
E
CVE-2021-25277 FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file sub...
E
CVE-2021-25278 FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the ...
CVE-2021-25281 An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth crede...
E
CVE-2021-25282 An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write m...
E
CVE-2021-25283 An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect...
CVE-2021-25284 An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credent...
CVE-2021-25287 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku...
CVE-2021-25288 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku...
CVE-2021-25289 An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when dec...
CVE-2021-25290 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy w...
CVE-2021-25291 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in T...
CVE-2021-25292 An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDo...
CVE-2021-25293 An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c....
CVE-2021-25294 OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code...
E S
CVE-2021-25295 OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues....
E
CVE-2021-25296 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file...
KEV E
CVE-2021-25297 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file...
KEV E
CVE-2021-25298 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file...
KEV E
CVE-2021-25299 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in th...
E
CVE-2021-25306 A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices all...
CVE-2021-25309 The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not i...
CVE-2021-25310 The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows re...
E
CVE-2021-25311 condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTO...
CVE-2021-25312 HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a fla...
CVE-2021-25313 Rancher: XSS on /v3/cluster/
CVE-2021-25314 hawk: Insecure file permissions
E
CVE-2021-25315 salt-api unauthenticated remote code execution
CVE-2021-25316 Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools
E
CVE-2021-25317 cups: ownership of /var/log/cups allows the lp user to create files as root
CVE-2021-25318 rancher: API group not properly specified when creating Kubernetes RBAC resources
CVE-2021-25319 virtualbox: missing sticky bit for /etc/vbox allows local root exploit for members of vboxusers group
S
CVE-2021-25320 Rancher: Cloud credentials can be used through proxy API by users without access
CVE-2021-25321 arpwatch: Local privilege escalation from runtime user to root
E
CVE-2021-25322 python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root
E
CVE-2021-25323 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmati...
S
CVE-2021-25324 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters...
S
CVE-2021-25325 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Re...
S
CVE-2021-25326 Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability...
E
CVE-2021-25327 Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerabili...
E
CVE-2021-25328 Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability...
E
CVE-2021-25329 Incomplete fix for CVE-2020-9484
S
CVE-2021-25330 Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows un...
CVE-2021-25331 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access ...
CVE-2021-25332 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access ...
CVE-2021-25333 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access ...
CVE-2021-25334 Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 ...
CVE-2021-25335 Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2...
CVE-2021-25336 Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-202...
CVE-2021-25337 Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release...
KEV
CVE-2021-25338 Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allo...
CVE-2021-25339 Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows...
CVE-2021-25340 Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 al...
CVE-2021-25341 Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actio...
CVE-2021-25342 Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions inclu...
CVE-2021-25343 Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) an...
CVE-2021-25344 Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to ...
CVE-2021-25345 Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 ...
CVE-2021-25346 A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021...
CVE-2021-25347 Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows ...
CVE-2021-25348 Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to file...
CVE-2021-25349 Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers un...
CVE-2021-25350 Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically pr...
CVE-2021-25351 Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1...
CVE-2021-25352 Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers ...
CVE-2021-25353 Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to re...
CVE-2021-25354 Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-e...
CVE-2021-25355 Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauth...
CVE-2021-25356 An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allow...
E
CVE-2021-25357 A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O...
CVE-2021-25358 A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows l...
CVE-2021-25359 An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP infor...
CVE-2021-25360 An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release...
CVE-2021-25361 An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows loc...
CVE-2021-25362 An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted ...
CVE-2021-25363 An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untruste...
CVE-2021-25364 A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unpr...
CVE-2021-25365 An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applic...
CVE-2021-25366 Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate a...
CVE-2021-25367 Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access ...
CVE-2021-25368 Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when...
CVE-2021-25369 An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sen...
KEV
CVE-2021-25370 An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 r...
KEV
CVE-2021-25371 A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF li...
KEV
CVE-2021-25372 An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory...
KEV
CVE-2021-25373 Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4...
CVE-2021-25374 An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in v...
CVE-2021-25375 Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote att...
CVE-2021-25376 An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in ce...
CVE-2021-25377 Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2...
CVE-2021-25378 Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote tempo...
CVE-2021-25379 Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute pri...
CVE-2021-25380 Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to e...
CVE-2021-25381 Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and ...
CVE-2021-25382 An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release ...
CVE-2021-25383 An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to ...
CVE-2021-25384 An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in li...
CVE-2021-25385 An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library ...
CVE-2021-25386 An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library ...
CVE-2021-25387 An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior t...
CVE-2021-25388 Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to...
CVE-2021-25389 Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use lock...
CVE-2021-25390 Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to e...
E
CVE-2021-25391 Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers t...
E
CVE-2021-25392 Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allo...
E
CVE-2021-25393 Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local...
E
CVE-2021-25394 A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Releas...
KEV
CVE-2021-25395 A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to byp...
KEV
CVE-2021-25396 An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows ar...
CVE-2021-25397 An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local...
E
CVE-2021-25398 Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access co...
CVE-2021-25399 Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the fil...
CVE-2021-25400 Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to e...
CVE-2021-25401 Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute ...
CVE-2021-25402 Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to ac...
CVE-2021-25403 Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and ...
CVE-2021-25404 Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to acce...
CVE-2021-25405 An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2....
CVE-2021-25406 Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrust...
CVE-2021-25407 A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows ar...
CVE-2021-25408 A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitr...
CVE-2021-25409 Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate ...
CVE-2021-25410 Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows loca...
E
CVE-2021-25411 Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root pri...
CVE-2021-25412 An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows...
CVE-2021-25413 Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows ...
E
CVE-2021-25414 Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows ...
E
CVE-2021-25415 Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 a...
CVE-2021-25416 Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 a...
CVE-2021-25417 Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage....
CVE-2021-25418 Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows un...
CVE-2021-25419 Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 al...
CVE-2021-25420 Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows...
CVE-2021-25421 Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allow...
CVE-2021-25422 Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows...
CVE-2021-25423 Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allow...
CVE-2021-25424 Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Rele...
CVE-2021-25425 Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read interna...
CVE-2021-25426 Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR Jul...
E
CVE-2021-25427 SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access...
CVE-2021-25428 Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows un...
CVE-2021-25429 Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release ...
CVE-2021-25430 Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allo...
CVE-2021-25431 Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 i...
CVE-2021-25432 Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) ...
CVE-2021-25433 Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021...
CVE-2021-25434 Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Releas...
CVE-2021-25435 Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Releas...
CVE-2021-25436 Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Rele...
CVE-2021-25437 Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Releas...
CVE-2021-25438 Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8....
CVE-2021-25439 Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8....
CVE-2021-25440 Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted ap...
E
CVE-2021-25441 Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10...
CVE-2021-25442 Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM user...
CVE-2021-25443 A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows maliciou...
CVE-2021-25444 An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom k...
CVE-2021-25445 Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted appli...
CVE-2021-25446 Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted app...
CVE-2021-25447 Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted app...
CVE-2021-25448 Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary ...
CVE-2021-25449 An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release...
CVE-2021-25450 Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attac...
CVE-2021-25451 A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows atta...
CVE-2021-25452 An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021...
CVE-2021-25453 Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted appl...
CVE-2021-25454 OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attacke...
CVE-2021-25455 OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attacke...
CVE-2021-25456 OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attacke...
CVE-2021-25457 An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows loca...
CVE-2021-25458 NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attacker...
CVE-2021-25459 An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 R...
CVE-2021-25460 An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 R...
CVE-2021-25461 An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer...
CVE-2021-25462 NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attacker...
CVE-2021-25463 Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage l...
CVE-2021-25464 An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive...
CVE-2021-25465 An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to...
CVE-2021-25466 Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers ...
CVE-2021-25467 Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kern...
CVE-2021-25468 A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct...
CVE-2021-25469 A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Rele...
CVE-2021-25470 An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can ...
CVE-2021-25471 A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 ...
CVE-2021-25472 An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release ...
CVE-2021-25473 Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadi...
CVE-2021-25474 Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspan...
CVE-2021-25475 A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Relea...
CVE-2021-25476 An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows at...
CVE-2021-25477 An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows mod...
CVE-2021-25478 A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Rele...
CVE-2021-25479 A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Relea...
CVE-2021-25480 A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem pr...
CVE-2021-25481 An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local ...
CVE-2021-25482 SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted appl...
CVE-2021-25483 Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 all...
CVE-2021-25484 Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the...
CVE-2021-25485 Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attac...
CVE-2021-25486 Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker ...
CVE-2021-25487 Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2...
KEV
CVE-2021-25488 Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021...
CVE-2021-25489 Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR...
KEV
CVE-2021-25490 A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger I...
CVE-2021-25491 A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-poin...
CVE-2021-25492 Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note ...
CVE-2021-25493 Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note ...
CVE-2021-25494 A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung No...
CVE-2021-25495 A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsu...
CVE-2021-25496 A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes ...
CVE-2021-25497 A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes ...
CVE-2021-25498 A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Note...
CVE-2021-25499 Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version...
CVE-2021-25500 A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrit...
CVE-2021-25501 An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR N...
CVE-2021-25502 A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-20...
CVE-2021-25503 Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to ...
CVE-2021-25504 Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access conta...
CVE-2021-25505 Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication w...
CVE-2021-25506 Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malici...
CVE-2021-25507 Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Sam...
CVE-2021-25508 Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows...
CVE-2021-25509 A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attac...
CVE-2021-25510 An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local ...
CVE-2021-25511 An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attack...
CVE-2021-25512 An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers t...
CVE-2021-25513 An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Releas...
CVE-2021-25514 An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to ...
CVE-2021-25515 An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows atta...
CVE-2021-25516 An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Rel...
CVE-2021-25517 An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers ...
CVE-2021-25518 An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arb...
CVE-2021-25519 An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attack...
CVE-2021-25520 Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to ...
CVE-2021-25521 Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted ...
CVE-2021-25522 Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 ...
CVE-2021-25523 Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker...
CVE-2021-25524 Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to ge...
CVE-2021-25525 Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to v...
CVE-2021-25526 Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attac...
CVE-2021-25527 Improper export of Android application components vulnerability in Samsung Pay (India only) prior to...
CVE-2021-25630 "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" ...
CVE-2021-25631 denylist of executable filename extensions possible to bypass under windows
E
CVE-2021-25633 Content Manipulation with Double Certificate Attack
S
CVE-2021-25634 Timestamp Manipulation with Signature Wrapping
S
CVE-2021-25635 Content Manipulation with Certificate Validation Attack
CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children
CVE-2021-25640 Open Redirect or SSRF vulnerability usage of parseURL
CVE-2021-25641 Dubbo Zookeeper does not check serialization id
CVE-2021-25642 Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
CVE-2021-25643 An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Interna...
CVE-2021-25644 An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect comm...
CVE-2021-25645 An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6....
CVE-2021-25646 Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
E M
CVE-2021-25647 Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in th...
CVE-2021-25648 Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the admini...
CVE-2021-25649 Avaya Utility Services Sensitive Information Disclosure Vulnerability
CVE-2021-25650 Avaya Aura Utility Services Privilege Escalation Vulnerability
CVE-2021-25651 Avaya Aura Utility Services Privilege Escalation Vulnerability
CVE-2021-25652 Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability
CVE-2021-25653 Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability
CVE-2021-25654 Avaya Aura Device Services Arbitrary Code Execution Vulnerability
CVE-2021-25655 URL redirection to untrusted site possible in Avaya Aura Experience Portal
S
CVE-2021-25656 Avaya Aura Experience Portal XSS vulnerabilities
S
CVE-2021-25657 Avaya IP Office Privilege Escalation Vulnerability
E S
CVE-2021-25659 A vulnerability has been identified in Automation License Manager 5 (All versions), Automation Licen...
S
CVE-2021-25660 A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL...
S
CVE-2021-25661 A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL...
CVE-2021-25662 A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL...
CVE-2021-25663 A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital E...
CVE-2021-25664 A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital E...
CVE-2021-25665 A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The st...
S
CVE-2021-25666 A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < ...
CVE-2021-25667 A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE ...
S
CVE-2021-25668 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P...
S
CVE-2021-25669 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P...
S
CVE-2021-25670 A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected appli...
CVE-2021-25671 A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions <...
S
CVE-2021-25672 A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1...
CVE-2021-25673 A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local...
CVE-2021-25674 A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local...
CVE-2021-25675 A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local...
CVE-2021-25676 A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615...
CVE-2021-25677 A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P...
S
CVE-2021-25678 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2...
CVE-2021-25679 The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scrip...
E
CVE-2021-25680 The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting ...
E
CVE-2021-25681 AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration...
E
CVE-2021-25682 apport improperly parses /proc/pid/status
E
CVE-2021-25683 apport improperly parses /proc/pid/stat
E
CVE-2021-25684 apport can be stalled by reading a FIFO
E
CVE-2021-25688 Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PC...
CVE-2021-25689 An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow a...
CVE-2021-25690 A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an at...
CVE-2021-25692 Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and ...
S
CVE-2021-25693 An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a n...
CVE-2021-25694 Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker co...
CVE-2021-25695 The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands fro...
CVE-2021-25698 The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled wit...
CVE-2021-25699 The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled wi...
CVE-2021-25701 The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object mana...
CVE-2021-25735 Validating Admission Webhook does not observe some previous fields
S
CVE-2021-25736 Windows kube-proxy LoadBalancer contention
S
CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack
S
CVE-2021-25738 Code exec via yaml parsing
CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack
M
CVE-2021-25741 Symlink Exchange Can Allow Host Filesystem Access
M
CVE-2021-25742 Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
E M
CVE-2021-25743 ANSI escape characters in kubectl output are not being filtered
CVE-2021-25745 Ingress-nginx path can be pointed to service account token file
M
CVE-2021-25746 Ingress-nginx directive injection via annotations
M
CVE-2021-25748 Ingress-nginx `path` sanitization can be bypassed with newline character
M
CVE-2021-25749 runAsNonRoot logic bypass for Windows containers
S
CVE-2021-25755 In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, cou...
E
CVE-2021-25756 In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories inste...
CVE-2021-25757 In JetBrains Hub before 2020.1.12629, an open redirect was possible....
CVE-2021-25758 In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace mode...
CVE-2021-25759 In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other use...
CVE-2021-25760 In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible....
CVE-2021-25761 In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible....
CVE-2021-25762 In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible....
CVE-2021-25763 In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default....
CVE-2021-25764 In JetBrains PhpStorm before 2020.3, source code could be added to debug logs....
CVE-2021-25765 In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible....
CVE-2021-25766 In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made....
CVE-2021-25767 In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack comma...
CVE-2021-25768 In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperl...
CVE-2021-25769 In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachmen...
CVE-2021-25770 In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which ...
CVE-2021-25771 In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed....
CVE-2021-25772 In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration....
CVE-2021-25773 JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages....
CVE-2021-25774 In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another...
CVE-2021-25775 In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any o...
CVE-2021-25776 In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters....
CVE-2021-25777 In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly....
CVE-2021-25778 In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly....
CVE-2021-25779 Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpag...
E
CVE-2021-25780 An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The...
E
CVE-2021-25783 Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Arti...
E
CVE-2021-25784 Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit...
E
CVE-2021-25785 Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the compon...
E
CVE-2021-25786 An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code vi...
E S
CVE-2021-25790 Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental ...
E
CVE-2021-25791 Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online ...
E
CVE-2021-25801 A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 al...
CVE-2021-25802 A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3....
S
CVE-2021-25803 A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Play...
CVE-2021-25804 A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of se...
CVE-2021-25808 A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arb...
E
CVE-2021-25809 UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the ad...
E
CVE-2021-25810 Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values ...
E
CVE-2021-25811 MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_h...
CVE-2021-25812 Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a P...
CVE-2021-25827 Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header ...
E
CVE-2021-25828 Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a craf...
E S
CVE-2021-25829 An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentS...
E
CVE-2021-25830 A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v...
E
CVE-2021-25831 A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5....
E
CVE-2021-25832 A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ON...
E
CVE-2021-25833 A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-...
E
CVE-2021-25834 Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM modu...
CVE-2021-25835 Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in ...
S
CVE-2021-25836 Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. T...
E
CVE-2021-25837 Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. D...
E
CVE-2021-25838 The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (X...
CVE-2021-25839 A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE ...
E
CVE-2021-25845 Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series...
CVE-2021-25846 Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series...
CVE-2021-25847 Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort...
CVE-2021-25848 Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort...
CVE-2021-25849 An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, ver...
CVE-2021-25856 An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via cr...
E
CVE-2021-25857 An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execu...
E
CVE-2021-25863 Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account....
E
CVE-2021-25864 node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendF...
E M
CVE-2021-25874 AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in t...
E
CVE-2021-25875 AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vul...
E
CVE-2021-25876 AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via t...
E
CVE-2021-25877 AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged use...
E
CVE-2021-25878 AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabil...
E
CVE-2021-25893 Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the s...
E
CVE-2021-25894 Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /...
E S
CVE-2021-25898 An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in ...
E
CVE-2021-25899 An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attac...
E
CVE-2021-25900 An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is ...
E S
CVE-2021-25901 An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound,...
S
CVE-2021-25902 An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_arr...
E
CVE-2021-25903 An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereference...
E
CVE-2021-25904 An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, l...
E
CVE-2021-25905 An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can re...
E S
CVE-2021-25906 An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent...
E
CVE-2021-25907 An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util:...
E
CVE-2021-25908 An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From can lead t...
E
CVE-2021-25909 ZIV AUTOMATION 4CCT Denial of Service vulnerability
S
CVE-2021-25910 ZIV AUTOMATION 4CCT vulnerable to improper authentication
S
CVE-2021-25912 Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause ...
E S
CVE-2021-25913 Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to...
E S
CVE-2021-25914 Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker ...
E S
CVE-2021-25915 Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to ...
E S
CVE-2021-25916 Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to...
E S
CVE-2021-25917 In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user ...
S
CVE-2021-25918 In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user ...
S
CVE-2021-25919 In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user ...
S
CVE-2021-25920 In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a n...
S
CVE-2021-25921 In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to u...
S
CVE-2021-25922 In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to us...
S
CVE-2021-25923 In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not en...
E S
CVE-2021-25924 In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF ...
S
CVE-2021-25925 in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due ...
E S
CVE-2021-25926 In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (...
E S
CVE-2021-25927 Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to ...
E S
CVE-2021-25928 Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to c...
E
CVE-2021-25929 In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions...
E S
CVE-2021-25930 In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions...
E S
CVE-2021-25931 In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions...
E S
CVE-2021-25932 In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions...
E S
CVE-2021-25933 In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions...
E S
CVE-2021-25934 In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions m...
E S
CVE-2021-25935 In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions m...
E S
CVE-2021-25938 In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since t...
E S
CVE-2021-25939 ArangoDB - Blind SSRF when Downloading Foxx Service from URL
E S
CVE-2021-25940 ArangoDB - Insufficient Session Expiration after Password Change
S
CVE-2021-25941 Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker...
E S
CVE-2021-25943 Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause ...
E
CVE-2021-25944 Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to...
E
CVE-2021-25945 Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cau...
E
CVE-2021-25946 Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to...
E
CVE-2021-25947 Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cau...
E
CVE-2021-25948 Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker t...
E
CVE-2021-25949 Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial...
E
CVE-2021-25950 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2021-25951 XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service....
E
CVE-2021-25952 Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker...
E S
CVE-2021-25953 Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to ca...
E
CVE-2021-25954 Improper Access Control in “Dolibarr”
S
CVE-2021-25955 Stored XSS in “Dolibarr” leads to privilege escalation
S
CVE-2021-25956 Improper User Access Control in "Dolibarr" Leads to Account Takeover
S
CVE-2021-25957 Account Takeover in "Dolibarr" via Password Reset Functionality
S
CVE-2021-25958 Generation of Error Message Containing Sensitive Information in Apache OFBiz
S
CVE-2021-25959 OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality
S
CVE-2021-25960 SuiteCRM - CSV Injection in Accounts Module
S
CVE-2021-25961 SuiteCRM - Account Takeover in Password Reset Functionality
S
CVE-2021-25962 Shuup - Formula Injection in Checkout Addresses
S
CVE-2021-25963 Shuup - Reflected XSS in Error Page
S
CVE-2021-25964 Stored Cross-Site Scripting (XSS) in Calibre-web via Description Field in Metadata
S
CVE-2021-25965 Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF)
S
CVE-2021-25966 Orchard Core CMS - Improper Session Termination after Password Change
E
CVE-2021-25967 CKAN - Stored Cross-Site Scripting (XSS) via SVG File Upload
S
CVE-2021-25968 OpenCMS - Stored Cross-Site Scripting (XSS) in Sitemap
S
CVE-2021-25969 Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments
S
CVE-2021-25970 Camaleon CMS - Insufficient Session Expiration after Password Change
S
CVE-2021-25971 Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature
S
CVE-2021-25972 Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature
S
CVE-2021-25973 Publify - Improper Authorization Leads to Guest Signup Restriction Bypass
S
CVE-2021-25974 Publify - Stored Cross-Site Scripting (XSS) in Editor
S
CVE-2021-25975 Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload
S
CVE-2021-25976 Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF)
S
CVE-2021-25977 Piranha CMS - Stored XSS in Page Title
S
CVE-2021-25978 Apostrophe - XSS
S
CVE-2021-25979 Apostrophe - Insufficient Session Expiration
S
CVE-2021-25980 Talkyard - Host-Header Injection Leads to Account Takeover
S
CVE-2021-25981 Talkyard - Insufficient Session Expiration
S
CVE-2021-25982 FactorJS - Reflected Cross-Site Scripting (XSS) in Search Functionality
S
CVE-2021-25983 FactorJS - Reflected Cross-Site Scripting (XSS) in Tags and Categories Functionality
S
CVE-2021-25984 FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality
S
CVE-2021-25985 FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover
S
CVE-2021-25986 Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section
S
CVE-2021-25987 Hexo - Stored XSS
S
CVE-2021-25988 ifme - Stored Cross-Site Scripting (XSS) in Notifications section
E S
CVE-2021-25989 ifme - Stored Cross-Site Scripting (XSS) in Groups section
E S
CVE-2021-25990 ifme - Stored Cross-Site Scripting (XSS) in Contacts section
E S
CVE-2021-25991 ifme - Improper Access Control leads to admin deactivation
E S
CVE-2021-25992 ifme - Insufficient Session Expiration
E S
CVE-2021-25993 Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor
E S
CVE-2021-25994 Userfrosting - Host-Header Injection Leads to Account Takeover
E S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.