| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-36000 | Adobe Character Animator Memory Corruption Arbitrary Code Execution Vulnerability | S | |
| CVE-2021-36001 | Adobe Character Animator PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-36002 | Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation | S | |
| CVE-2021-36003 | Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-36004 | Adobe InDesign CoolType out of bounds write vulnerability could lead to arbitrary stack manipulation | S | |
| CVE-2021-36005 | Adobe Photoshop PSD File Parsing Stack Overflow Vulnerability | S | |
| CVE-2021-36006 | Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability | S | |
| CVE-2021-36007 | Adobe Prelude MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability | S | |
| CVE-2021-36008 | Adobe Illustrator PDF File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2021-36009 | Adobe Illustrator PDF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2021-36010 | Adobe Illustrator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-36011 | Adobe Illustrator improper neutralization of special elements used in an OS command | | |
| CVE-2021-36012 | Magento Commerce Gift Card Business Logic Error | S | |
| CVE-2021-36013 | Adobe Media Encoder VOB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-36014 | Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2021-36015 | Adobe Media Encoder Memory Corruption Could Lead To Remote Code Execution | | |
| CVE-2021-36016 | Adobe Media Encoder FLV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-36017 | Adobe After Effects PDF File Parsing Memory Corruption Remote Code Execution Vulnerability | S | |
| CVE-2021-36018 | Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-36019 | Adobe After Effects PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-36020 | Magento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code Execution | S | |
| CVE-2021-36021 | Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution | | |
| CVE-2021-36022 | Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution | S | |
| CVE-2021-36023 | Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution | | |
| CVE-2021-36024 | Magento Commerce Improper Neutralization of Special Elements Used In A Command | S | |
| CVE-2021-36025 | Magento Commerce Customer Edition Improper Input Validation Could Lead To Remote Code Execution | S | |
| CVE-2021-36026 | Magento Commerce Stored Cross-site Scripting Vulnerability | S | |
| CVE-2021-36027 | Magento Commerce Stored Cross-site Scripting Vulnerability | S | |
| CVE-2021-36028 | Magento Commerce XML Injection Vulnerability Could Lead To Remote Code Execution | S | |
| CVE-2021-36029 | Magento Commerce Improper Authorization Vulnerability Could Lead To Remote Code Execution | S | |
| CVE-2021-36030 | Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation | S | |
| CVE-2021-36031 | Magento Commerce Path Traversal In `theme[preview_image]` Parameter Could Lead To Remote Code Execution | S | |
| CVE-2021-36032 | Magento Commerce Improper Input Validation Could Lead To Information Exposure and Privilege Escalation | S | |
| CVE-2021-36033 | Magento Commerce Widgets Module XML Injection Vulnerability Could Lead To Remote Code Execution | S | |
| CVE-2021-36034 | Magento Commerce Improper Input Validation Could Lead To Remote Code Execution | S | |
| CVE-2021-36035 | Magento Commerce Stock Media Improper Input Validation Could Lead To Remote Code Execution | S | |
| CVE-2021-36036 | Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution | | |
| CVE-2021-36037 | Magento Commerce Improper Authorization Vulnerability Could Lead To Information Exposure | S | |
| CVE-2021-36038 | Magento Commerce Multishipping Module Improper Input Validation Could Lead To Information Exposure | S | |
| CVE-2021-36039 | Magento Commerce `quoteId` parameter Incorrect Authorization Vulnerability Could Lead To Information Disclosure | S | |
| CVE-2021-36040 | Magento Commerce Improper Input Validation Could Lead To Remote Code Execution | S | |
| CVE-2021-36041 | Magento Commerce Improper Input Validation Could Lead To Remote Code Execution | S | |
| CVE-2021-36042 | Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution | S | |
| CVE-2021-36043 | Magento Commerce Authenticated Blind SSRF Could Lead To Remote Code Execution | S | |
| CVE-2021-36044 | Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service | S | |
| CVE-2021-36045 | XMP Toolkit SDK Out-of-bounds Read Vulnerability In PostScriptSupport::ConvertToDate Could Lead To Information Exposure | S | |
| CVE-2021-36046 | XMP Toolkit SDK TIFF_MemoryReader::SortIFD function Memory Corruption | S | |
| CVE-2021-36047 | XMP Toolkit SDK Improper Input Validation Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-36048 | XMP Toolkit SDK Improper Input Validation Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-36049 | Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-36050 | XMP Toolkit SDK Heap-based Buffer Overflow Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-36051 | XMP Toolkit SDK Buffer Overflow Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-36052 | XMPToolkit SDK ImportTIFF_CheckStandardMapping Memory Corruption | S | |
| CVE-2021-36053 | XMP Toolkit SDK Out-of-bounds Read Vulnerability In FindAndReadXMPChunk Could Lead To Information Exposure | S | |
| CVE-2021-36054 | XMP Toolkit SDK Heap-based Buffer Overflow in the PSD_MetaHandler::CacheFileData Could Lead To Application Denial Of Service | S | |
| CVE-2021-36055 | XMP Toolkit SDK Use After Free Vulnerability In ReadingXMPNewDOM Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-36056 | XMP Toolkit SDK Heap-based Buffer Overflow Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-36057 | XMP Toolkit SDK Write-What-Where Condition Could Lead To Local Application Denial Of Service | S | |
| CVE-2021-36058 | XMP Toolkit SDK Integer Overflow Vulnerability Could Result In Application Denial Of Service | S | |
| CVE-2021-36059 | Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-36060 | Adobe Media Encoder MPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-36061 | Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings | S | |
| CVE-2021-36062 | Adobe Connect Reflected Cross-site Scripting via 'campaign-id' parameter | S | |
| CVE-2021-36063 | Adobe Connect Reflected Cross-site Scripting via 'isTabletDeviceHTML' parameter | S | |
| CVE-2021-36064 | XMP Toolkit SDK SVG_Adapter ParseFullNS Buffer Underflow | S | |
| CVE-2021-36065 | Adobe Photoshop Heap-Based Buffer Overflow Could Lead To Arbitrary Code Execution | | |
| CVE-2021-36066 | Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-36067 | Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-36068 | Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-36069 | Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-36070 | Adobe Media Encoder Improper Memory Access When Parsing SVG Files Could Lead To Remote Code Execution | | |
| CVE-2021-36071 | Adobe Bridge PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-36072 | Adobe Bridge SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2021-36073 | Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | S | |
| CVE-2021-36074 | Adobe Bridge PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-36075 | Adobe Bridge Buffer Overflow leads to Arbitrary Code Execution | S | |
| CVE-2021-36076 | Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-36077 | Adobe Bridge SVG File Memory Corruption Could Lead To Application Denial Of Service | S | |
| CVE-2021-36078 | Adobe Bridge PDF File Parsing Memory Corruption Remote Code Execution Vulnerability | S | |
| CVE-2021-36079 | Adobe Bridge SGI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2021-36080 | GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_en... | E S | |
| CVE-2021-36081 | Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.... | E S | |
| CVE-2021-36082 | ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello.... | E S | |
| CVE-2021-36083 | KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTil... | E S | |
| CVE-2021-36084 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_v... | E S | |
| CVE-2021-36085 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verif... | E S | |
| CVE-2021-36086 | The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_r... | E S | |
| CVE-2021-36087 | The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indir... | E S | |
| CVE-2021-36088 | Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parse... | E S | |
| CVE-2021-36089 | Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palett... | E S | |
| CVE-2021-36090 | Apache Commons Compress 1.0 to 1.20 denial of service vulnerability | S | |
| CVE-2021-36091 | Unautorized access to the calendar appointments | S | |
| CVE-2021-36092 | XSS attack using special link in email | S | |
| CVE-2021-36093 | DoS attack using PostMaster filters | S | |
| CVE-2021-36094 | XSS attack in appointment edit popup screen | S | |
| CVE-2021-36095 | User enumeration issue using "lost password" feature | S | |
| CVE-2021-36096 | Support Bundle includes S/Mime and PGP secret or PIN | S | |
| CVE-2021-36097 | Agents are able to lock the ticket without the "Owner" permission | S | |
| CVE-2021-36100 | Authenticated remote code execution | S | |
| CVE-2021-36121 | An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt... | | |
| CVE-2021-36122 | An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/... | | |
| CVE-2021-36123 | An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextR... | | |
| CVE-2021-36124 | An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorizatio... | | |
| CVE-2021-36125 | An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRe... | E S | |
| CVE-2021-36126 | An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abu... | E S | |
| CVE-2021-36127 | An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUs... | E S | |
| CVE-2021-36128 | An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for Centr... | E S | |
| CVE-2021-36129 | An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Ac... | E S | |
| CVE-2021-36130 | An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several... | E S | |
| CVE-2021-36131 | An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several s... | S | |
| CVE-2021-36132 | An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed... | E S | |
| CVE-2021-36133 | The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several mod... | | |
| CVE-2021-36134 | Out of bounds write in Netop Vision Pro | E | |
| CVE-2021-36143 | ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.... | S | |
| CVE-2021-36144 | The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related... | S | |
| CVE-2021-36145 | The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entr... | S | |
| CVE-2021-36146 | ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.... | S | |
| CVE-2021-36147 | An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virti... | S | |
| CVE-2021-36148 | An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an ir... | S | |
| CVE-2021-36150 | SilverStripe Framework through 4.8.1 allows XSS.... | | |
| CVE-2021-36151 | Local Credentials Disclosure Vulnerability | | |
| CVE-2021-36152 | Insecure TrustManager used in LDAP connections | | |
| CVE-2021-36153 | Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote atta... | | |
| CVE-2021-36154 | HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service vi... | | |
| CVE-2021-36155 | LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, w... | | |
| CVE-2021-36156 | An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to con... | S | |
| CVE-2021-36157 | An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to c... | S | |
| CVE-2021-36158 | In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-... | S | |
| CVE-2021-36159 | libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strin... | E S | |
| CVE-2021-36160 | mod_proxy_uwsgi out of bound read | S | |
| CVE-2021-36161 | Unprotected input value toString cause RCE | | |
| CVE-2021-36162 | Unprotected yaml deserialization cause RCE | | |
| CVE-2021-36163 | Unsafe deserialization in providers using the Hessian protocol | | |
| CVE-2021-36165 | RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive ... | E | |
| CVE-2021-36166 | An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to ef... | | |
| CVE-2021-36167 | An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 an... | S | |
| CVE-2021-36168 | A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPo... | | |
| CVE-2021-36169 | A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attac... | | |
| CVE-2021-36170 | An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0... | | |
| CVE-2021-36171 | The use of a cryptographically weak pseudo-random number generator in the password reset feature of ... | | |
| CVE-2021-36172 | An improper restriction of XML external entity reference vulnerability in the parser of XML response... | | |
| CVE-2021-36173 | A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0... | S | |
| CVE-2021-36174 | A memory allocation with excessive size value vulnerability in the license verification function of ... | | |
| CVE-2021-36175 | An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and bel... | | |
| CVE-2021-36176 | Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal befor... | | |
| CVE-2021-36177 | An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below,... | | |
| CVE-2021-36178 | A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows ... | | |
| CVE-2021-36179 | A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows ... | | |
| CVE-2021-36180 | Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in F... | S | |
| CVE-2021-36181 | A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Cond... | | |
| CVE-2021-36182 | A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet Fo... | | |
| CVE-2021-36183 | An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and belo... | | |
| CVE-2021-36184 | A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet F... | | |
| CVE-2021-36185 | A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fort... | | |
| CVE-2021-36186 | A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 an... | | |
| CVE-2021-36187 | A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.... | | |
| CVE-2021-36188 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | | |
| CVE-2021-36189 | A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6... | S | |
| CVE-2021-36190 | A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below,... | S | |
| CVE-2021-36191 | A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, ... | S | |
| CVE-2021-36192 | An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManage... | | |
| CVE-2021-36193 | Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a... | | |
| CVE-2021-36194 | Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 thr... | S | |
| CVE-2021-36195 | Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.... | S | |
| CVE-2021-36198 | Entrapass | S | |
| CVE-2021-36199 | VideoEdge | S | |
| CVE-2021-36200 | Metasys ADS/ADX/OAS with MUI | S | |
| CVE-2021-36201 | CCURE Observable Response Discrepancy | S | |
| CVE-2021-36202 | Metasys UI | S | |
| CVE-2021-36203 | Johnson Controls Metasys SCT Pro | S | |
| CVE-2021-36204 | Insufficiently Protected Credentials in Metasys | S | |
| CVE-2021-36205 | Metasys session token | S | |
| CVE-2021-36206 | CEVAS | S | |
| CVE-2021-36207 | Metasys privilege management | S | |
| CVE-2021-36209 | In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.... | | |
| CVE-2021-36212 | app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.... | S | |
| CVE-2021-36213 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 app... | | |
| CVE-2021-36214 | LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.... | | |
| CVE-2021-36215 | LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address hand... | | |
| CVE-2021-36216 | LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection.... | | |
| CVE-2021-36217 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3502. Reason: This candidate... | R | |
| CVE-2021-36218 | An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-boun... | S | |
| CVE-2021-36219 | An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch... | S | |
| CVE-2021-36221 | Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil... | S | |
| CVE-2021-36222 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) ... | S | |
| CVE-2021-36224 | Western Digital My Cloud devices before OS5 have a nobody account with a blank password.... | E S | |
| CVE-2021-36225 | Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as dem... | E S | |
| CVE-2021-36226 | Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade fil... | E S | |
| CVE-2021-36230 | HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization check... | | |
| CVE-2021-36231 | Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenti... | E | |
| CVE-2021-36232 | Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated at... | E | |
| CVE-2021-36233 | The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an a... | E | |
| CVE-2021-36234 | Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt cre... | | |
| CVE-2021-36235 | An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user w... | | |
| CVE-2021-36260 | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficie... | KEV E | |
| CVE-2021-36276 | Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerabil... | S | |
| CVE-2021-36277 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Ve... | S | |
| CVE-2021-36278 | Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information expos... | S | |
| CVE-2021-36279 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for crit... | S | |
| CVE-2021-36280 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for crit... | S | |
| CVE-2021-36281 | Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerab... | S | |
| CVE-2021-36282 | Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerabi... | S | |
| CVE-2021-36283 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ... | S | |
| CVE-2021-36284 | Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A loc... | | |
| CVE-2021-36285 | Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A loc... | | |
| CVE-2021-36286 | Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an a... | S | |
| CVE-2021-36287 | Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution ... | | |
| CVE-2021-36288 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may ... | | |
| CVE-2021-36289 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vu... | | |
| CVE-2021-36290 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A l... | | |
| CVE-2021-36293 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A l... | | |
| CVE-2021-36294 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerabilit... | | |
| CVE-2021-36295 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code executio... | | |
| CVE-2021-36296 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code executio... | | |
| CVE-2021-36297 | SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows... | | |
| CVE-2021-36298 | Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH compo... | S | |
| CVE-2021-36299 | Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL inj... | S | |
| CVE-2021-36300 | iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthent... | S | |
| CVE-2021-36301 | Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buf... | S | |
| CVE-2021-36302 | All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation... | M | |
| CVE-2021-36305 | Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in... | | |
| CVE-2021-36306 | Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authenticatio... | S | |
| CVE-2021-36307 | Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege esca... | S | |
| CVE-2021-36308 | Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an auth... | S | |
| CVE-2021-36309 | Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vu... | S | |
| CVE-2021-36310 | Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled reso... | S | |
| CVE-2021-36311 | Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local... | S | |
| CVE-2021-36312 | Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote ... | | |
| CVE-2021-36313 | Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remot... | | |
| CVE-2021-36314 | Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A re... | S | |
| CVE-2021-36315 | Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated use... | | |
| CVE-2021-36316 | Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege manag... | S | |
| CVE-2021-36317 | Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstal... | S | |
| CVE-2021-36318 | Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerabilit... | S | |
| CVE-2021-36319 | Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulner... | S | |
| CVE-2021-36320 | Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnera... | S | |
| CVE-2021-36321 | Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vul... | S | |
| CVE-2021-36322 | Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerab... | S | |
| CVE-2021-36323 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ... | | |
| CVE-2021-36324 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ... | | |
| CVE-2021-36325 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ... | | |
| CVE-2021-36326 | Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the Us... | | |
| CVE-2021-36327 | Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerabi... | | |
| CVE-2021-36328 | Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote... | | |
| CVE-2021-36329 | Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerabil... | | |
| CVE-2021-36330 | Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vuln... | | |
| CVE-2021-36332 | Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability.... | S | |
| CVE-2021-36333 | Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low p... | S | |
| CVE-2021-36334 | Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remot... | S | |
| CVE-2021-36335 | Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A ... | S | |
| CVE-2021-36336 | Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could al... | S | |
| CVE-2021-36337 | Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS... | S | |
| CVE-2021-36338 | Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An a... | S | |
| CVE-2021-36339 | The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious... | S | |
| CVE-2021-36340 | Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A loc... | | |
| CVE-2021-36341 | Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A... | S | |
| CVE-2021-36342 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ... | | |
| CVE-2021-36343 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user ... | | |
| CVE-2021-36346 | Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticat... | | |
| CVE-2021-36347 | iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based bu... | | |
| CVE-2021-36348 | iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated... | | |
| CVE-2021-36349 | Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulne... | | |
| CVE-2021-36350 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness ... | S | |
| CVE-2021-36351 | SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the ... | E | |
| CVE-2021-36352 | Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha.... | E | |
| CVE-2021-36356 | KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPag... | E | |
| CVE-2021-36357 | An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian... | S | |
| CVE-2021-36359 | OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XM... | E | |
| CVE-2021-36363 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.... | | |
| CVE-2021-36364 | Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.... | | |
| CVE-2021-36365 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.... | | |
| CVE-2021-36366 | Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.... | | |
| CVE-2021-36367 | PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive... | | |
| CVE-2021-36368 | An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with a... | S | |
| CVE-2021-36369 | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the availab... | | |
| CVE-2021-36370 | An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, ... | E | |
| CVE-2021-36371 | Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client ... | E | |
| CVE-2021-36372 | Original block tokens are persisted and can be retrieved | M | |
| CVE-2021-36373 | Apache Ant TAR archive denial of service vulnerability | S | |
| CVE-2021-36374 | Apache Ant ZIP, and ZIP based, archive denial of service vulerability | S | |
| CVE-2021-36376 | dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from t... | S | |
| CVE-2021-36377 | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate ... | | |
| CVE-2021-36379 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-36380 | Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharact... | KEV E | |
| CVE-2021-36381 | In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary t... | E | |
| CVE-2021-36382 | Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private... | | |
| CVE-2021-36383 | Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as... | E | |
| CVE-2021-36385 | A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to... | | |
| CVE-2021-36386 | report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf... | S | |
| CVE-2021-36387 | In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed fu... | | |
| CVE-2021-36388 | In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an... | | |
| CVE-2021-36389 | In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecu... | | |
| CVE-2021-36392 | In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.... | S | |
| CVE-2021-36393 | In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.... | S | |
| CVE-2021-36394 | In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.... | S | |
| CVE-2021-36395 | In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the ... | S | |
| CVE-2021-36396 | In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allo... | S | |
| CVE-2021-36397 | In Moodle, insufficient capability checks meant message deletions were not limited to the current us... | S | |
| CVE-2021-36398 | In moodle, ID numbers displayed in the web service token list required additional sanitizing to prev... | S | |
| CVE-2021-36399 | In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to preve... | S | |
| CVE-2021-36400 | In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subsc... | S | |
| CVE-2021-36401 | In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a loca... | S | |
| CVE-2021-36402 | In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent... | S | |
| CVE-2021-36403 | In Moodle, in some circumstances, email notifications of messages could have the link back to the or... | S | |
| CVE-2021-36408 | An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decodi... | E | |
| CVE-2021-36409 | There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8... | E | |
| CVE-2021-36410 | A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fal... | E | |
| CVE-2021-36411 | An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ ... | E | |
| CVE-2021-36412 | A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_... | E | |
| CVE-2021-36414 | A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows ... | E S | |
| CVE-2021-36417 | A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get func... | E | |
| CVE-2021-36424 | An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user fiel... | E S | |
| CVE-2021-36425 | Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files... | E S | |
| CVE-2021-36426 | File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafte... | E S | |
| CVE-2021-36431 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and v... | E | |
| CVE-2021-36432 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and v... | E | |
| CVE-2021-36433 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and v... | E | |
| CVE-2021-36434 | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and v... | E | |
| CVE-2021-36436 | An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email address... | E | |
| CVE-2021-36440 | Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the... | E | |
| CVE-2021-36443 | Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege ... | E | |
| CVE-2021-36444 | Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalat... | E | |
| CVE-2021-36450 | Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINA... | E | |
| CVE-2021-36454 | Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse param... | E S | |
| CVE-2021-36455 | SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packa... | E | |
| CVE-2021-36460 | VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and use... | E M | |
| CVE-2021-36461 | An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell ... | E | |
| CVE-2021-36471 | Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privil... | | |
| CVE-2021-36483 | DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure dese... | | |
| CVE-2021-36484 | SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add... | E | |
| CVE-2021-36489 | Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service... | E | |
| CVE-2021-36493 | Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application vi... | E | |
| CVE-2021-36503 | SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL comma... | E | |
| CVE-2021-36512 | An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which m... | S | |
| CVE-2021-36513 | An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch be... | E | |
| CVE-2021-36520 | A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?i... | E | |
| CVE-2021-36530 | ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr... | E S | |
| CVE-2021-36531 | ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() read... | E S | |
| CVE-2021-36532 | Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary... | E | |
| CVE-2021-36535 | Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of servi... | E | |
| CVE-2021-36538 | Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated... | E | |
| CVE-2021-36539 | Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged... | E | |
| CVE-2021-36542 | Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1... | | |
| CVE-2021-36543 | Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <... | E | |
| CVE-2021-36544 | Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive inf... | E | |
| CVE-2021-36545 | Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code ... | E | |
| CVE-2021-36546 | Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive i... | E | |
| CVE-2021-36547 | A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara ... | E | |
| CVE-2021-36548 | A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_... | E | |
| CVE-2021-36550 | TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component... | E | |
| CVE-2021-36551 | TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component... | E | |
| CVE-2021-36560 | Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication b... | E | |
| CVE-2021-36563 | The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various... | E | |
| CVE-2021-36564 | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\l... | E | |
| CVE-2021-36567 | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\F... | E | |
| CVE-2021-36568 | In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a r... | E | |
| CVE-2021-36569 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary... | E S | |
| CVE-2021-36570 | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary... | E S | |
| CVE-2021-36572 | Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary c... | E | |
| CVE-2021-36573 | File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted... | E | |
| CVE-2021-36580 | Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0... | | |
| CVE-2021-36581 | Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extensio... | | |
| CVE-2021-36582 | In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then c... | | |
| CVE-2021-36584 | An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_... | E | |
| CVE-2021-36593 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-36594 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-36601 | GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not... | E | |
| CVE-2021-36603 | Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript co... | E | |
| CVE-2021-36605 | engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname f... | E | |
| CVE-2021-36608 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproj... | E | |
| CVE-2021-36609 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/edi... | E | |
| CVE-2021-36613 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp pro... | E S | |
| CVE-2021-36614 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-c... | E S | |
| CVE-2021-36621 | Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The use... | E | |
| CVE-2021-36622 | Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary Fil... | E | |
| CVE-2021-36623 | Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.... | E | |
| CVE-2021-36624 | Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection v... | E | |
| CVE-2021-36625 | An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POS... | S | |
| CVE-2021-36628 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-40680. Reason: This candidat... | R | |
| CVE-2021-36630 | DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller t... | E M | |
| CVE-2021-36631 | Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to ... | E | |
| CVE-2021-36646 | A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitr... | | |
| CVE-2021-36647 | Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c i... | | |
| CVE-2021-36654 | CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename p... | E | |
| CVE-2021-36665 | An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privilege... | E S | |
| CVE-2021-36666 | An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privilege... | E S | |
| CVE-2021-36667 | Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitra... | E S | |
| CVE-2021-36668 | URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url... | E S | |
| CVE-2021-36686 | Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code vi... | E | |
| CVE-2021-36689 | An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.... | E | |
| CVE-2021-36690 | A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the id... | E S | |
| CVE-2021-36691 | libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(... | E | |
| CVE-2021-36692 | libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageA... | E S | |
| CVE-2021-36695 | Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site sc... | E | |
| CVE-2021-36696 | Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site sc... | E | |
| CVE-2021-36697 | With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the Fi... | E | |
| CVE-2021-36698 | Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.... | E | |
| CVE-2021-36701 | In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete ba... | E | |
| CVE-2021-36702 | The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly ... | E | |
| CVE-2021-36703 | The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a stor... | E | |
| CVE-2021-36705 | In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with... | E | |
| CVE-2021-36706 | In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible wi... | E | |
| CVE-2021-36707 | In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible w... | E | |
| CVE-2021-36708 | In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an a... | E | |
| CVE-2021-36710 | ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and h... | E | |
| CVE-2021-36711 | WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishan... | E | |
| CVE-2021-36712 | Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via im... | E | |
| CVE-2021-36713 | Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers... | E | |
| CVE-2021-36716 | A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before... | | |
| CVE-2021-36717 | Synerion TimeNet version 9.21 - Directory Traversal | S | |
| CVE-2021-36718 | SYNEL - eharmonynew / Synel Reports version 8.0.2 Default credentials , Security miscommunication , Sensetive data exposure | S | |
| CVE-2021-36719 | Cybonet - PineApp | S | |
| CVE-2021-36720 | Cybonet - PineApp | S | |
| CVE-2021-36721 | Sysaid - Sysaid API User Enumeration | S | |
| CVE-2021-36722 | Emuse - eServices / eNvoice SQL injection | S | |
| CVE-2021-36723 | Emuse - eServices / eNvoice Exposure Of Private Personal Information | S | |
| CVE-2021-36724 | ForeScout - SecureConnector Local Service DoS | S | |
| CVE-2021-36734 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36735 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36736 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36737 | XSS in V3 Demo Portlet | M | |
| CVE-2021-36738 | XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet | M | |
| CVE-2021-36739 | XSS vulnerability in the MVCBean JSP portlet maven archetype | M | |
| CVE-2021-36740 | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a larg... | S | |
| CVE-2021-36741 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeSca... | KEV | |
| CVE-2021-36742 | A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan... | KEV | |
| CVE-2021-36744 | Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability w... | S | |
| CVE-2021-36745 | A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, Ser... | S | |
| CVE-2021-36746 | Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTM... | E | |
| CVE-2021-36747 | Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.... | E | |
| CVE-2021-36748 | A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module befor... | E | |
| CVE-2021-36749 | Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920) | M | |
| CVE-2021-36750 | ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers t... | | |
| CVE-2021-36751 | ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to ... | | |
| CVE-2021-36753 | sharkdp BAT before 0.18.2 executes less.exe from the current working directory.... | S | |
| CVE-2021-36754 | PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a sp... | | |
| CVE-2021-36755 | Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For head... | S | |
| CVE-2021-36756 | CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.... | S | |
| CVE-2021-36758 | 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets... | S | |
| CVE-2021-36759 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-35342. Reason: This candidat... | R | |
| CVE-2021-36760 | In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perfo... | | |
| CVE-2021-36761 | The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.... | | |
| CVE-2021-36762 | An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TF... | M | |
| CVE-2021-36763 | In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.... | | |
| CVE-2021-36764 | In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication r... | | |
| CVE-2021-36765 | In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer derefer... | | |
| CVE-2021-36766 | Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the contr... | E | |
| CVE-2021-36767 | In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that give... | | |
| CVE-2021-36769 | A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and T... | | |
| CVE-2021-36770 | Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan... | S | |
| CVE-2021-36771 | Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.... | | |
| CVE-2021-36772 | Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.... | | |
| CVE-2021-36773 | uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting... | E | |
| CVE-2021-36774 | Mysql JDBC Connector Deserialize RCE | M | |
| CVE-2021-36775 | Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings | | |
| CVE-2021-36776 | Steve API proxy impersonation | | |
| CVE-2021-36777 | login-proxy sends password to attacker-provided domain | E S | |
| CVE-2021-36778 | Exposure of repository credentials to external third-party sources | | |
| CVE-2021-36779 | Host operations allowed in privileged Longhorn managed pods | | |
| CVE-2021-36780 | Unauthorized data access from replicas through vulnerable instance manager pods | | |
| CVE-2021-36781 | parsec: dangerous 777 permissions for /run/parsec | E S | |
| CVE-2021-36782 | Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object | E M | |
| CVE-2021-36783 | Rancher: Failure to properly sanitize credentials in cluster template answers | | |
| CVE-2021-36784 | Privilege escalation for users with create/update permissions in Global Roles | | |
| CVE-2021-36785 | The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.... | | |
| CVE-2021-36786 | The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exp... | | |
| CVE-2021-36787 | The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG doc... | E S | |
| CVE-2021-36788 | The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.... | | |
| CVE-2021-36789 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection.... | | |
| CVE-2021-36790 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS.... | | |
| CVE-2021-36791 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of a... | | |
| CVE-2021-36792 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for c... | | |
| CVE-2021-36793 | The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is u... | | |
| CVE-2021-36794 | In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application... | | |
| CVE-2021-36795 | A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6... | | |
| CVE-2021-36797 | In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical a... | | |
| CVE-2021-36798 | A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4... | E | |
| CVE-2021-36799 | KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev... | | |
| CVE-2021-36800 | Akaunting OS Command Injection in 'Money.php' | E | |
| CVE-2021-36801 | Akaunting Authentication Bypass in Company Selection | E | |
| CVE-2021-36802 | Akaunting DoS via User-Controlled 'locale' Variable | E | |
| CVE-2021-36803 | Akaunting Avatar Persistent XSS | E | |
| CVE-2021-36804 | Akaunting Password Reset Relay | E S | |
| CVE-2021-36805 | Akaunting Invoice Footer Persistent XSS | E | |
| CVE-2021-36806 | A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an... | | |
| CVE-2021-36807 | An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of... | | |
| CVE-2021-36808 | A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for... | | |
| CVE-2021-36809 | A local attacker can overwrite arbitrary files on the system with VPN client logs using administrato... | | |
| CVE-2021-36810 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36811 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36812 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36813 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36814 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36815 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36816 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36817 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36818 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36819 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36820 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-36821 | WordPress Forminator plugin <= 1.14.11 - Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36823 | WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36826 | WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36827 | WordPress Ninja Forms Contact Form plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36828 | WordPress WP Maintenance plugin <= 6.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36829 | WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36830 | WordPress Comment Guestbook plugin <= 0.8.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36832 | WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36833 | WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36839 | WordPress Social Media Follow Buttons Bar plugin <= 4.73 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36841 | YITH Maintenance Mode (WordPress plugin) <= 1.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability. | S | |
| CVE-2021-36843 | WordPress Floating Social Media Icon plugin <= 4.3.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36844 | WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36845 | YITH Maintenance Mode (WordPress plugin) <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2021-36846 | WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36847 | WordPress Webba Booking plugin <= 4.2.21 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36848 | WordPress Social Media Feather plugin <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36849 | WordPress Social Media Share Buttons plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36850 | WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2021-36851 | WordPress Testimonial Slider plugin <= 3.5.8.3 - Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36852 | WordPress WP Hotel Booking plugin <= 1.10.5 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2021-36854 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | | |
| CVE-2021-36855 | WordPress Booking Ultra Pro plugin <= 1.1.4 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2021-36857 | WordPress Testimonial Builder plugin <= 1.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36858 | WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36861 | WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2021-36863 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36864 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36865 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability | S | |
| CVE-2021-36866 | WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36867 | WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36869 | WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36870 | WordPress WP Google Maps plugin <= 8.1.12 - Multiple Authenticated Persistent XSS vulnerabilities | S | |
| CVE-2021-36871 | WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent XSS vulnerabilities | S | |
| CVE-2021-36872 | WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36873 | WordPress iQ Block Country plugin <= 1.2.11 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36874 | WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability | S | |
| CVE-2021-36875 | WordPress uListing plugin <= 2.0.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36876 | WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2021-36877 | WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2021-36878 | WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2021-36879 | WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability | E S | |
| CVE-2021-36880 | WordPress uListing plugin <= 2.0.3 - Unauthenticated SQL Injection (SQLi) vulnerability | S | |
| CVE-2021-36884 | WordPress Backup Migration plugin <= 1.1.5 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36885 | WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36886 | WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2021-36887 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) | E S | |
| CVE-2021-36888 | WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise | S | |
| CVE-2021-36889 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2021-36890 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2021-36891 | WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change | | |
| CVE-2021-36893 | WordPress Responsive Tabs plugin <= 4.0.5 - Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36895 | WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload | S | |
| CVE-2021-36896 | WordPress Pricing Table plugin <= 1.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36898 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Auth. SQL Injection (SQLi) vulnerability | S | |
| CVE-2021-36899 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36901 | WordPress Age Gate plugin <= 2.17.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | E S | |
| CVE-2021-36905 | WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2021-36906 | WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities | S | |
| CVE-2021-36908 | WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability | E S | |
| CVE-2021-36909 | WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability | E S | |
| CVE-2021-36910 | WordPress WP-Appbox plugin <= 4.3.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36911 | WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36912 | Andrea Pernici News Sitemap for Google plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2021-36913 | Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability | S | |
| CVE-2021-36914 | WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) | | |
| CVE-2021-36915 | WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2021-36916 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated SQL injection (SQLi) vulnerability | E S | |
| CVE-2021-36917 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability | E S | |
| CVE-2021-36919 | WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2021-36920 | WordPress plugin Download Monitor <= 4.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-36921 | AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices wit... | | |
| CVE-2021-36922 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local l... | | |
| CVE-2021-36923 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local l... | | |
| CVE-2021-36924 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local l... | | |
| CVE-2021-36925 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local l... | | |
| CVE-2021-36926 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | S | |
| CVE-2021-36927 | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | S | |
| CVE-2021-36928 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2021-36929 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2021-36930 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2021-36931 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2021-36932 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | S | |
| CVE-2021-36933 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | S | |
| CVE-2021-36934 | Windows Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-36936 | Windows Print Spooler Remote Code Execution Vulnerability | S | |
| CVE-2021-36937 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | S | |
| CVE-2021-36938 | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | S | |
| CVE-2021-36940 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-36941 | Microsoft Word Remote Code Execution Vulnerability | S | |
| CVE-2021-36942 | Windows LSA Spoofing Vulnerability | KEV E S | |
| CVE-2021-36943 | Azure CycleCloud Elevation of Privilege Vulnerability | S | |
| CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | S | |
| CVE-2021-36946 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | S | |
| CVE-2021-36947 | Windows Print Spooler Remote Code Execution Vulnerability | S | |
| CVE-2021-36948 | Windows Update Medic Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | S | |
| CVE-2021-36950 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2021-36952 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability | S | |
| CVE-2021-36954 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-36956 | Azure Sphere Information Disclosure Vulnerability | S | |
| CVE-2021-36957 | Windows Desktop Bridge Elevation of Privilege Vulnerability | S | |
| CVE-2021-36958 | Windows Print Spooler Remote Code Execution Vulnerability | S | |
| CVE-2021-36959 | Windows Authenticode Spoofing Vulnerability | S | |
| CVE-2021-36960 | Windows SMB Information Disclosure Vulnerability | S | |
| CVE-2021-36961 | Windows Installer Denial of Service Vulnerability | S | |
| CVE-2021-36962 | Windows Installer Information Disclosure Vulnerability | S | |
| CVE-2021-36963 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-36964 | Windows Event Tracing Elevation of Privilege Vulnerability | S | |
| CVE-2021-36965 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | S | |
| CVE-2021-36966 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | S | |
| CVE-2021-36967 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | S | |
| CVE-2021-36968 | Windows DNS Elevation of Privilege Vulnerability | S | |
| CVE-2021-36969 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | S | |
| CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability | S | |
| CVE-2021-36972 | Windows SMB Information Disclosure Vulnerability | S | |
| CVE-2021-36973 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | S | |
| CVE-2021-36974 | Windows SMB Elevation of Privilege Vulnerability | S | |
| CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2021-36976 | libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block ... | | |
| CVE-2021-36977 | matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (... | S | |
| CVE-2021-36978 | QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder... | S | |
| CVE-2021-36979 | Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb an... | S | |
| CVE-2021-36980 | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP ... | S | |
| CVE-2021-36981 | In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenti... | E S | |
| CVE-2021-36982 | AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices wit... | | |
| CVE-2021-36983 | replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a sym... | | |
| CVE-2021-36985 | There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-36986 | There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation o... | | |
| CVE-2021-36987 | There is a issue that nodes in the linked list being freed for multiple times in Huawei Smartphone d... | | |
| CVE-2021-36988 | There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-36989 | There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerabi... | | |
| CVE-2021-36990 | There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation o... | | |
| CVE-2021-36991 | There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path i... | | |
| CVE-2021-36992 | There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-36993 | There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerabi... | | |
| CVE-2021-36994 | There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Sma... | | |
| CVE-2021-36995 | There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-36996 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-36997 | There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Su... | | |
| CVE-2021-36998 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-36999 | There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulner... | |