Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-20746 1 Wordpress Popular Posts Project 1 Wordpress Popular Posts 2024-11-21 5.4 Medium
Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20745 1 Inkdrop 1 Inkdrop 2024-11-21 7.8 High
Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.
CVE-2021-20744 1 Ec-cube 2 Business Form Output, Ec-cube 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.
CVE-2021-20743 1 Ec-cube 2 Ec-cube, Email Newsletters Management 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation.
CVE-2021-20742 1 Ec-cube 2 Business Form Output, Ec-cube 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.
CVE-2021-20741 1 Hitachi 1 Application Server V10 Manual 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V10 Manual (Windows) version 10-11-01 and earlier and Hitachi Application Server V10 Manual (UNIX) version 10-11-01 and earlier) allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20740 2 Hitachi, Nec 13 Virtual File Platform, Nas Gateway Nh4a, Nas Gateway Nh4a Firmware and 10 more 2024-11-21 8.8 High
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2021-20739 1 Elecom 22 Wrc-300febk, Wrc-300febk Firmware, Wrc-733febk and 19 more 2024-11-21 8.8 High
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors.
CVE-2021-20738 1 Elecom 6 Wrc-1167fs-b, Wrc-1167fs-b Firmware, Wrc-1167fs-w and 3 more 2024-11-21 6.5 Medium
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.
CVE-2021-20737 1 Weseek 1 Growi 2024-11-21 6.5 Medium
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.
CVE-2021-20736 1 Weseek 1 Growi 2024-11-21 9.1 Critical
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
CVE-2021-20735 1 Ec-cube 3 Delivery Slip Number, Delivery Slip Number Csv Bulk Registration, Delivery Slip Number Mail 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.
CVE-2021-20733 1 Asken 1 Asken 2024-11-21 6.1 Medium
Improper authorization in handler for custom URL scheme vulnerability in あすけんダイエット (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
CVE-2021-20732 1 Atomtech 1 Smart Life 2024-11-21 5.9 Medium
The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate.
CVE-2021-20731 1 Buffalo 4 Wsr-1166dhp3, Wsr-1166dhp3 Firmware, Wsr-1166dhp4 and 1 more 2024-11-21 8.8 High
WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2021-20730 1 Buffalo 4 Wsr-1166dhp3, Wsr-1166dhp3 Firmware, Wsr-1166dhp4 and 1 more 2024-11-21 4.3 Medium
Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.
CVE-2021-20729 2 Netgate, Pfsense 2 Pfsense Plus, Pfsense 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
CVE-2021-20728 1 Nttr 1 Goo Blog 2024-11-21 5.3 Medium
Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
CVE-2021-20727 1 Zettlr 1 Zettlr 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.
CVE-2021-20726 1 Overwolf 1 Overwolf 2024-11-21 7.8 High
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.