| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-4000 | Open Redirect in star7th/showdoc | E S | |
| CVE-2021-4001 | A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_m... | S | |
| CVE-2021-4002 | A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps s... | E S | |
| CVE-2021-4005 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | E S | |
| CVE-2021-4007 | Rapid7 Insight Agent Privilege Escalation | | |
| CVE-2021-4008 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a... | | |
| CVE-2021-4009 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a... | | |
| CVE-2021-4010 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a... | | |
| CVE-2021-4011 | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a... | | |
| CVE-2021-4014 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-4015 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | E S | |
| CVE-2021-4016 | Rapid7 Insight Agent Improper Access Control | | |
| CVE-2021-4017 | Cross-Site Request Forgery (CSRF) in star7th/showdoc | E S | |
| CVE-2021-4018 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it | E S | |
| CVE-2021-4019 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-4020 | Cross-site Scripting (XSS) - Stored in meetecho/janus-gateway | E S | |
| CVE-2021-4021 | A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a h... | E | |
| CVE-2021-4022 | A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When... | E | |
| CVE-2021-4023 | A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. ... | S | |
| CVE-2021-4024 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual ... | | |
| CVE-2021-4026 | Improper Access Control in bookstackapp/bookstack | E S | |
| CVE-2021-4028 | A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an ... | S | |
| CVE-2021-4029 | A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow a... | | |
| CVE-2021-4030 | A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware coul... | | |
| CVE-2021-4031 | Syltek Insufficient Verification of Data Authenticity | M | |
| CVE-2021-4032 | A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic... | E S | |
| CVE-2021-4033 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 | E S | |
| CVE-2021-4034 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat... | KEV E S | |
| CVE-2021-4035 | Wocu Monitoring stored Cross-Site Scripting (XSS) | S | |
| CVE-2021-4037 | A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel th... | S | |
| CVE-2021-4038 | NSM vulnerable to XSS | | |
| CVE-2021-4039 | A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow... | E S | |
| CVE-2021-4040 | A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of A... | S | |
| CVE-2021-4041 | A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ans... | S | |
| CVE-2021-4042 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-4043 | NULL Pointer Dereference in gpac/gpac | E S | |
| CVE-2021-4044 | Invalid handling of X509_verify_cert() internal errors in libssl | | |
| CVE-2021-4045 | TP-LINK Tapo C200 remote code execution vulnerability | E S | |
| CVE-2021-4046 | TCMAN GIM Cross-Site Scripting (XSS) | S | |
| CVE-2021-4047 | The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch fo... | | |
| CVE-2021-4048 | An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t... | S | |
| CVE-2021-4049 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat | E S | |
| CVE-2021-4050 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat | E S | |
| CVE-2021-4052 | Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced ... | | |
| CVE-2021-4053 | Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to po... | | |
| CVE-2021-4054 | Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker t... | | |
| CVE-2021-4055 | Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who co... | | |
| CVE-2021-4056 | Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potenti... | | |
| CVE-2021-4057 | Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had ... | | |
| CVE-2021-4058 | Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to po... | | |
| CVE-2021-4059 | Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attac... | | |
| CVE-2021-4061 | Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially... | | |
| CVE-2021-4062 | Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who... | | |
| CVE-2021-4063 | Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker t... | | |
| CVE-2021-4064 | Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote... | | |
| CVE-2021-4065 | Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to poten... | | |
| CVE-2021-4066 | Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to poten... | | |
| CVE-2021-4067 | Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote... | | |
| CVE-2021-4068 | Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote... | | |
| CVE-2021-4069 | Use After Free in vim/vim | E S | |
| CVE-2021-4070 | Off-by-one Error in v2fly/v2ray-core | E S | |
| CVE-2021-4072 | Cross-site Scripting (XSS) - Stored in elgg/elgg | E S | |
| CVE-2021-4073 | RegistrationMagic <= 5.0.1.7 Authentication Bypass | E S | |
| CVE-2021-4074 | WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting | S | |
| CVE-2021-4075 | Server-Side Request Forgery (SSRF) in snipe/snipe-it | E S | |
| CVE-2021-4076 | A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of p... | S | |
| CVE-2021-4078 | Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially... | | |
| CVE-2021-4079 | Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to po... | | |
| CVE-2021-4080 | Unrestricted Upload of File with Dangerous Type in crater-invoice/crater | E S | |
| CVE-2021-4081 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore | E S | |
| CVE-2021-4082 | Cross-Site Request Forgery (CSRF) in pimcore/pimcore | E S | |
| CVE-2021-4083 | A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain soc... | S | |
| CVE-2021-4084 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore | E S | |
| CVE-2021-4088 | Blind SQL injection in DLP ePO extension | | |
| CVE-2021-4089 | Improper Access Control in snipe/snipe-it | E S | |
| CVE-2021-4090 | An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity m... | S | |
| CVE-2021-4091 | A double-free was found in the way 389-ds-base handles virtual attributes context in persistent sear... | S | |
| CVE-2021-4092 | Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2021-4093 | A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted ... | E S | |
| CVE-2021-4095 | A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled wi... | E S | |
| CVE-2021-4096 | Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload | S | |
| CVE-2021-4097 | CRLF Injection in phpservermon/phpservermon | E S | |
| CVE-2021-4098 | Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attack... | | |
| CVE-2021-4099 | Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to p... | | |
| CVE-2021-4100 | Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to... | | |
| CVE-2021-4101 | Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacke... | | |
| CVE-2021-4102 | Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentiall... | KEV | |
| CVE-2021-4103 | Cross-site Scripting (XSS) - Stored in vanessa219/vditor | E S | |
| CVE-2021-4104 | Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 | | |
| CVE-2021-4105 | Unauthenticated Remote Code Execution on COSLAT Firewall | S | |
| CVE-2021-4106 | Vulnerability in Snow Inventory Java Scanner | S | |
| CVE-2021-4107 | Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2021-4108 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it | E S | |
| CVE-2021-4110 | NULL Pointer Dereference in mruby/mruby | E S | |
| CVE-2021-4111 | Business Logic Errors in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2021-4112 | A flaw was found in ansible-tower where the default installation is vulnerable to job isolation esca... | | |
| CVE-2021-4113 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-4114 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-4115 | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to proc... | E S | |
| CVE-2021-4116 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2021-4117 | Business Logic Errors in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2021-4118 | Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning | E S | |
| CVE-2021-4119 | Improper Access Control in bookstackapp/bookstack | E S | |
| CVE-2021-4120 | snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths | E S | |
| CVE-2021-4121 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2021-4122 | It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption d... | S | |
| CVE-2021-4123 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat | E S | |
| CVE-2021-4124 | Cross-site Scripting (XSS) - Stored in meetecho/janus-gateway | E S | |
| CVE-2021-4125 | It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift mete... | S | |
| CVE-2021-4126 | When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message l... | | |
| CVE-2021-4127 | An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be e... | E S | |
| CVE-2021-4128 | When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; res... | E S | |
| CVE-2021-4129 | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith,... | E | |
| CVE-2021-4130 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it | E S | |
| CVE-2021-4131 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat | E S | |
| CVE-2021-4132 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat | E S | |
| CVE-2021-4133 | A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with... | | |
| CVE-2021-4134 | Fancy Product Designer <= 4.7.4 Admin+ SQL Injection | E S | |
| CVE-2021-4135 | A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device... | S | |
| CVE-2021-4136 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-4138 | Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the... | | |
| CVE-2021-4139 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore | E S | |
| CVE-2021-4140 | It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. Th... | E S | |
| CVE-2021-4141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-4142 | The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few fa... | S | |
| CVE-2021-4143 | Cross-site Scripting (XSS) - Generic in bigbluebutton/bigbluebutton | E S | |
| CVE-2021-4144 | TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS com... | | |
| CVE-2021-4145 | A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.... | S | |
| CVE-2021-4146 | Business Logic Errors in pimcore/pimcore | E S | |
| CVE-2021-4147 | A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and... | S | |
| CVE-2021-4148 | A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesyste... | E S | |
| CVE-2021-4149 | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to... | E S | |
| CVE-2021-4150 | A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel.... | E | |
| CVE-2021-4154 | A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux ker... | S | |
| CVE-2021-4155 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size i... | S | |
| CVE-2021-4156 | An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is ab... | E S | |
| CVE-2021-4157 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was fo... | | |
| CVE-2021-4158 | A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user wi... | E S | |
| CVE-2021-4159 | A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures... | S | |
| CVE-2021-4160 | BN_mod_exp may produce incorrect results on MIPS | S | |
| CVE-2021-4161 | ICSA-21-357-01 Moxa MGate Protocol Gateways | S | |
| CVE-2021-4162 | Cross-Site Request Forgery (CSRF) in archivy/archivy | E S | |
| CVE-2021-4164 | Cross-Site Request Forgery (CSRF) in janeczku/calibre-web | E S | |
| CVE-2021-4166 | Out-of-bounds Read in vim/vim | E S | |
| CVE-2021-4168 | Cross-Site Request Forgery (CSRF) in star7th/showdoc | E S | |
| CVE-2021-4169 | Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat | E S | |
| CVE-2021-4170 | Cross-site Scripting (XSS) - Stored in janeczku/calibre-web | E S | |
| CVE-2021-4171 | Business Logic Errors in janeczku/calibre-web | E S | |
| CVE-2021-4172 | Cross-site Scripting (XSS) - Stored in star7th/showdoc | E S | |
| CVE-2021-4173 | Use After Free in vim/vim | E S | |
| CVE-2021-4175 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat | E S | |
| CVE-2021-4176 | Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat | E S | |
| CVE-2021-4177 | Generation of Error Message Containing Sensitive Information in livehelperchat/livehelperchat | E S | |
| CVE-2021-4178 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0... | | |
| CVE-2021-4179 | Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat | E S | |
| CVE-2021-4180 | An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover... | S | |
| CVE-2021-4181 | Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service ... | E | |
| CVE-2021-4182 | Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via ... | E S | |
| CVE-2021-4183 | Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file... | E S | |
| CVE-2021-4184 | Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial o... | E | |
| CVE-2021-4185 | Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service... | E | |
| CVE-2021-4186 | Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet inje... | E | |
| CVE-2021-4187 | Use After Free in vim/vim | E S | |
| CVE-2021-4188 | NULL Pointer Dereference in mruby/mruby | E S | |
| CVE-2021-4189 | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV ... | S | |
| CVE-2021-4190 | Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection o... | E S | |
| CVE-2021-4191 | An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and ... | | |
| CVE-2021-4192 | Use After Free in vim/vim | E S | |
| CVE-2021-4193 | Out-of-bounds Read in vim/vim | E S | |
| CVE-2021-4194 | Improper Access Control in bookstackapp/bookstack | E | |
| CVE-2021-4195 | XSS in Firmanet Software and Technology Customer Relation Manager | S | |
| CVE-2021-4197 | An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces s... | | |
| CVE-2021-4198 | messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016) | S | |
| CVE-2021-4199 | Incorrect Permission Assignment for Critical Resource vulnerability in BDReinit.exe (VA-10017) | S | |
| CVE-2021-4200 | Write access to the Catalog for any user when restricted-admin role is enabled | | |
| CVE-2021-4201 | Pre-authentication session hijacking | S | |
| CVE-2021-4202 | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NC... | E S | |
| CVE-2021-4203 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and ... | E S | |
| CVE-2021-4204 | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper In... | S | |
| CVE-2021-4206 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_allo... | E | |
| CVE-2021-4207 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled val... | E | |
| CVE-2021-4208 | ExportFeed <= 2.0.1.0 - Admin+ SQL Injection | E | |
| CVE-2021-4209 | A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally ca... | S | |
| CVE-2021-4210 | A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Deskto... | S | |
| CVE-2021-4211 | A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some L... | S | |
| CVE-2021-4212 | A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some L... | S | |
| CVE-2021-4213 | A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory ... | S | |
| CVE-2021-4214 | A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with loc... | E | |
| CVE-2021-4215 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-4216 | A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in murast... | S | |
| CVE-2021-4217 | A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, whi... | E S | |
| CVE-2021-4218 | A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the ... | E | |
| CVE-2021-4219 | A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and ... | | |
| CVE-2021-4220 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-4221 | If a domain name contained a RTL character, it would cause the domain to be rendered to the right of... | E | |
| CVE-2021-4222 | WP Paginate < 2.1.4 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2021-4225 | SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload | E | |
| CVE-2021-4226 | RSFirewall < 1.1.25 - IP Block Bypass | E | |
| CVE-2021-4227 | Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment | E | |
| CVE-2021-4228 | Hard-coded TLS Certificate | | |
| CVE-2021-4229 | ua-parser-js Crypto Mining backdoor | S | |
| CVE-2021-4230 | Airfield Online MySQL Backup improper authentication | | |
| CVE-2021-4231 | Angular Comment cross site scripting | S | |
| CVE-2021-4232 | Zoo Management System manage-ticket.php cross site scripting | | |
| CVE-2021-4234 | OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a res... | | |
| CVE-2021-4235 | Denial of service in gopkg.in/yaml.v2 | E S | |
| CVE-2021-4236 | Panic or authentication bypass in github.com/ecnepsnai/web | E S | |
| CVE-2021-4237 | Rejected reason: reserved but not needed... | R | |
| CVE-2021-4238 | Insufficient randomness in github.com/Masterminds/goutils | E S | |
| CVE-2021-4239 | Weak encryption and denial of service in github.com/flynn/noise | S | |
| CVE-2021-4240 | phpservermon User.php generatePasswordResetToken predictable algorithm in random number generator | E S | |
| CVE-2021-4241 | phpservermon User.php setUserLoggedIn predictable algorithm in random number generator | E S | |
| CVE-2021-4242 | Sapido BR270n/BRC76n/GR297/RB1732 syscmd.htm os command injection | E | |
| CVE-2021-4243 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-32850. Reason: This candidat... | R | |
| CVE-2021-4244 | yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting | S | |
| CVE-2021-4245 | chbrown rfc6902 pointer.ts prototype pollution | E S | |
| CVE-2021-4246 | roxlukas LMeve Login Page sql injection | S | |
| CVE-2021-4247 | OWASP NodeGoat Query Parameter research.js denial of service | E S | |
| CVE-2021-4248 | kapetan dns Request.cs entropy | S | |
| CVE-2021-4249 | xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loop | S | |
| CVE-2021-4250 | cgriego active_attr Regex boolean_typecaster.rb call denial of service | E S | |
| CVE-2021-4251 | as include.cdn.php getFullURL cross site scripting | S | |
| CVE-2021-4252 | WP-Ban ban-options.php toggle_checkbox cross site scripting | S | |
| CVE-2021-4253 | ctrlo lenio Ticket Lenio.pm cross site scripting | S | |
| CVE-2021-4254 | ctrlo lenio Notice main.tt cross site scripting | S | |
| CVE-2021-4255 | ctrlo lenio contractor.tt cross site scripting | S | |
| CVE-2021-4256 | ctrlo lenio index.tt cross site scripting | S | |
| CVE-2021-4257 | ctrlo lenio Task task.tt cross site scripting | S | |
| CVE-2021-4258 | whohas Package Information cleartext transmission | S | |
| CVE-2021-4259 | phpRedisAdmin login.inc.php authHttpDigest wrong operator in string comparison | S | |
| CVE-2021-4260 | oils-js Web.js redirect | S | |
| CVE-2021-4261 | pacman-canvas db-handler.php addHighscore sql injection | S | |
| CVE-2021-4262 | laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection | S | |
| CVE-2021-4263 | leanote history.js define cross site scripting | S | |
| CVE-2021-4264 | LinkedIn dustjs prototype pollution | E S | |
| CVE-2021-4265 | siwapp-ror cross site scripting | S | |
| CVE-2021-4266 | Webdetails cpf DependenciesPackage.java cross site scripting | S | |
| CVE-2021-4267 | tad_discuss cross site scripting | S | |
| CVE-2021-4268 | phpRedisAdmin cross-site request forgery | S | |
| CVE-2021-4269 | SimpleRisk common.js checkAndSetValidation cross site scripting | S | |
| CVE-2021-4270 | Imprint CMS ViewHelpers.cs SearchForm cross site scripting | S | |
| CVE-2021-4271 | panicsteve w2wiki Markdown index.php toHTML cross site scripting | S | |
| CVE-2021-4272 | studygolang topics.js cross site scripting | S | |
| CVE-2021-4273 | studygolang search.go Search cross site scripting | S | |
| CVE-2021-4274 | sileht bird-lg layout.html cross site scripting | S | |
| CVE-2021-4275 | katlings pyambic-pentameter cross-site request forgery | S | |
| CVE-2021-4276 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated a... | S | |
| CVE-2021-4277 | fredsmith utils Filename screenshot_sync predictable state | S | |
| CVE-2021-4278 | cronvel tree-kit prototype pollution | S | |
| CVE-2021-4279 | Starcounter-Jack JSON-Patch prototype pollution | E S | |
| CVE-2021-4280 | styler_praat_scripts Slash file_segmenter.praat denial of service | S | |
| CVE-2021-4281 | Brave UX for-the-badge combine-prs.yml os command injection | S | |
| CVE-2021-4282 | FreePBX voicemail page.voicemail.php cross site scripting | S | |
| CVE-2021-4283 | FreeBPX voicemail Settings ssettings.php cross site scripting | S | |
| CVE-2021-4284 | OpenMRS HTML Form Entry UI Framework Integration Module cross site scripting | S | |
| CVE-2021-4285 | Nagios NCPA tail.html cross site scripting | S | |
| CVE-2021-4286 | cocagne pysrp _ctsrp.py calculate_x information exposure | S | |
| CVE-2021-4287 | ReFirm Labs binwalk Archive Extraction extractor.py symlink | S | |
| CVE-2021-4288 | OpenMRS openmrs-module-referenceapplication userApp.gsp cross site scripting | S | |
| CVE-2021-4289 | OpenMRS openmrs-module-referenceapplication User App Page UserAppPageController.java post cross site scripting | S | |
| CVE-2021-4290 | DHBW Fallstudie Login passport.js sql injection | S | |
| CVE-2021-4291 | OpenMRS Admin UI Module location.gsp cross site scripting | S | |
| CVE-2021-4292 | OpenMRS Admin UI Module Manage Privilege Page privilege.gsp cross site scripting | S | |
| CVE-2021-4293 | gnuboard youngcart5 menu_list_update.php cross site scripting | S | |
| CVE-2021-4294 | OpenShift OSIN CheckClientSecret timing discrepancy | S | |
| CVE-2021-4295 | ONC code-validator-api XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations xml external entity reference | S | |
| CVE-2021-4296 | w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting | S | |
| CVE-2021-4297 | trampgeek jobe Restapi.php runs_post Privilege Escalation | S | |
| CVE-2021-4298 | Hesburgh Libraries of Notre Dame Sipity search_criteria_for_works_parameter.rb SearchCriteriaForWorksParameter sql injection | S | |
| CVE-2021-4299 | cronvel string-kit naturalSort.js naturalSort redos | S | |
| CVE-2021-4300 | ghostlander Halcyon Block Verification main.cpp AddToBlockIndex access control | S | |
| CVE-2021-4301 | slackero phpwcms sql injection | S | |
| CVE-2021-4302 | slackero phpwcms SVG File cross site scripting | S | |
| CVE-2021-4303 | shannah Xataface Installer install_form.js.php testftp cross site scripting | S | |
| CVE-2021-4304 | eprintsug ulcc-core toolbox command injection | S | |
| CVE-2021-4305 | Woorank robots-txt-guard patterns.js makePathPattern redos | E S | |
| CVE-2021-4306 | cronvel terminal-kit redos | S | |
| CVE-2021-4307 | Yomguithereal Baobab prototype pollution | E S | |
| CVE-2021-4308 | WebPA sql injection | S | |
| CVE-2021-4309 | 01-Scripts 01ACP cross site scripting | S | |
| CVE-2021-4310 | 01-Scripts 01-Artikelsystem 01article.php cross site scripting | S | |
| CVE-2021-4311 | Talend Open Studio for MDM XML xml external entity reference | S | |
| CVE-2021-4312 | Th3-822 Rapidleech zip.php zip_go cross site scripting | S | |
| CVE-2021-4313 | NethServer phonenehome index.php get_country_coor sql injection | S | |
| CVE-2021-4314 | It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate ... | | |
| CVE-2021-4315 | NYUCCL psiTurk experiment.py special elements used in a template engine | E S | |
| CVE-2021-4316 | Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote atta... | E | |
| CVE-2021-4317 | Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform ... | E | |
| CVE-2021-4318 | Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to poten... | E | |
| CVE-2021-4319 | Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform ... | E | |
| CVE-2021-4320 | Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had co... | E | |
| CVE-2021-4321 | Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass co... | E | |
| CVE-2021-4322 | Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced ... | E | |
| CVE-2021-4323 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allo... | E | |
| CVE-2021-4324 | Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a re... | E | |
| CVE-2021-4325 | NHN TOAST UI Chart Legend cross site scripting | S | |
| CVE-2021-4326 | Imperative Local Command Injection allows Activity Masking | S | |
| CVE-2021-4327 | SerenityOS TypedArray.cpp initialize_typed_array_from_array_buffer integer overflow | E S | |
| CVE-2021-4328 | 狮子鱼CMS ApiController.class.php goods_detail sql injection | E | |
| CVE-2021-4329 | json-logic-js logic.js command injection | S | |
| CVE-2021-4330 | The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arb... | S | |
| CVE-2021-4331 | The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions... | | |
| CVE-2021-4332 | The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions... | | |
| CVE-2021-4333 | The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to... | S | |
| CVE-2021-4334 | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site o... | | |
| CVE-2021-4335 | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and mod... | | |
| CVE-2021-4336 | ITRS Group monitor-ninja scheduled_reports.php sql injection | S | |
| CVE-2021-4337 | Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a... | E | |
| CVE-2021-4338 | The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability ... | E S | |
| CVE-2021-4339 | The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability ... | E | |
| CVE-2021-4340 | The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parame... | E | |
| CVE-2021-4341 | The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capa... | E | |
| CVE-2021-4342 | Rejected reason: CVE split into individual CVE IDs for each software record.... | R | |
| CVE-2021-4343 | The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account C... | E S | |
| CVE-2021-4344 | The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up ... | E | |
| CVE-2021-4345 | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability an... | E S | |
| CVE-2021-4346 | The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in vers... | E S | |
| CVE-2021-4347 | The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for Wo... | E | |
| CVE-2021-4348 | The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and e... | E | |
| CVE-2021-4349 | The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery... | E S | |
| CVE-2021-4350 | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in ve... | E | |
| CVE-2021-4351 | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in ... | E | |
| CVE-2021-4352 | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missi... | E | |
| CVE-2021-4353 | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated ... | E | |
| CVE-2021-4354 | The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type ... | E | |
| CVE-2021-4355 | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing cap... | E | |
| CVE-2021-4356 | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Downl... | E S | |
| CVE-2021-4357 | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability ch... | E S | |
| CVE-2021-4358 | The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an u... | E | |
| CVE-2021-4359 | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Delet... | E S | |
| CVE-2021-4360 | The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions u... | E | |
| CVE-2021-4361 | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missi... | E | |
| CVE-2021-4362 | The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing ca... | E | |
| CVE-2021-4363 | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in... | E | |
| CVE-2021-4364 | The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missi... | E | |
| CVE-2021-4365 | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Sc... | E S | |
| CVE-2021-4366 | The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing cap... | E | |
| CVE-2021-4367 | The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Sit... | E | |
| CVE-2021-4368 | The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in ver... | E S | |
| CVE-2021-4369 | The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in... | E S | |
| CVE-2021-4370 | The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoint... | E S | |
| CVE-2021-4371 | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to,... | E | |
| CVE-2021-4372 | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Sit... | E | |
| CVE-2021-4373 | The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to... | E S | |
| CVE-2021-4374 | The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions ... | E | |
| CVE-2021-4375 | The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing c... | E | |
| CVE-2021-4376 | The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versi... | S | |
| CVE-2021-4377 | The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up ... | E S | |
| CVE-2021-4378 | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in ve... | E | |
| CVE-2021-4379 | The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a m... | E | |
| CVE-2021-4380 | The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing ca... | E | |
| CVE-2021-4381 | The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing ... | E S | |
| CVE-2021-4382 | The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type v... | | |
| CVE-2021-4383 | The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in version... | E | |
| CVE-2021-4384 | The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request... | | |
| CVE-2021-4385 | The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers... | | |
| CVE-2021-4386 | The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... | | |
| CVE-2021-4387 | The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ... | E | |
| CVE-2021-4388 | The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up... | E | |
| CVE-2021-4389 | The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, an... | E S | |
| CVE-2021-4390 | The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... | E | |
| CVE-2021-4391 | The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request For... | E S | |
| CVE-2021-4392 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site ... | E S | |
| CVE-2021-4393 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site ... | E S | |
| CVE-2021-4394 | The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, an... | E S | |
| CVE-2021-4395 | The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request... | S | |
| CVE-2021-4396 | The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and inc... | S | |
| CVE-2021-4397 | The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi... | S | |
| CVE-2021-4398 | The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in ... | S | |
| CVE-2021-4399 | The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t... | S | |
| CVE-2021-4400 | The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to... | S | |
| CVE-2021-4401 | The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a... | S | |
| CVE-2021-4402 | The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t... | S | |
| CVE-2021-4403 | The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to... | S | |
| CVE-2021-4404 | The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi... | S | |
| CVE-2021-4405 | The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... | S | |
| CVE-2021-4406 | Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others | S | |
| CVE-2021-4407 | The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t... | S | |
| CVE-2021-4408 | The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... | S | |
| CVE-2021-4409 | The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in... | S | |
| CVE-2021-4410 | The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up ... | S | |
| CVE-2021-4411 | The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forge... | S | |
| CVE-2021-4412 | The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, an... | S | |
| CVE-2021-4413 | The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery... | S | |
| CVE-2021-4414 | The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request For... | S | |
| CVE-2021-4415 | The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... | S | |
| CVE-2021-4416 | The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and ... | S | |
| CVE-2021-4417 | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable... | E S | |
| CVE-2021-4418 | The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in version... | E S | |
| CVE-2021-4419 | The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions... | S | |
| CVE-2021-4420 | The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a... | S | |
| CVE-2021-4421 | The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up ... | S | |
| CVE-2021-4422 | The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up... | S | |
| CVE-2021-4423 | The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, an... | S | |
| CVE-2021-4424 | The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ... | S | |
| CVE-2021-4425 | The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions u... | E S | |
| CVE-2021-4426 | The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up... | E S | |
| CVE-2021-4427 | The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site ... | E S | |
| CVE-2021-4428 | what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosure | S | |
| CVE-2021-4430 | Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure | S | |
| CVE-2021-4431 | msyk FMDataAPI FMDataAPI_Sample.php cross site scripting | S | |
| CVE-2021-4432 | PCMan FTP Server USER Command denial of service | E | |
| CVE-2021-4433 | Karjasoft Sami HTTP Server HTTP HEAD Rrequest denial of service | E | |
| CVE-2021-4434 | The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, an... | E | |
| CVE-2021-4435 | Yarn: untrusted search path | S | |
| CVE-2021-4436 | 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2021-4437 | dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos | S | |
| CVE-2021-4438 | kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components | S | |
| CVE-2021-4439 | isdn: cpai: check ctr->cnr to avoid array index out of bound | S | |
| CVE-2021-4440 | x86/xen: Drop USERGS_SYSRET64 paravirt call | S | |
| CVE-2021-4441 | spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() | S | |
| CVE-2021-4442 | tcp: add sanity tests to TCP_QUEUE_SEQ | E S | |
| CVE-2021-4443 | WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation | | |
| CVE-2021-4444 | Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization | | |
| CVE-2021-4445 | Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update | E S | |
| CVE-2021-4446 | Essential Addons for Elementor <= 4.6.4 - Missing Authorization | | |
| CVE-2021-4447 | Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation | | |
| CVE-2021-4448 | Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization | | |
| CVE-2021-4449 | ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2021-4450 | Post Grid <= 2.1.12 - Contributor+ SQL Injection | S | |
| CVE-2021-4451 | NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization | S | |
| CVE-2021-4452 | Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting | S | |
| CVE-2021-4453 | drm/amd/pm: fix a potential gpu_metrics_table memory leak | S | |
| CVE-2021-4454 | can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate | | |
| CVE-2021-4455 | Wordpress Plugin Smart Product Review <= 1.0.4 - Unauthenticated Arbitrary File Upload | | |
| CVE-2021-4457 | ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2021-4458 | Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection | S | |
| CVE-2021-4459 | SMA: Directory Traversal in Sunny Boy <3.10.27.R | |