Total
3863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42139 | 1 Deno | 1 Deno Standard Modules | 2024-08-04 | 9.8 Critical |
| Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. | ||||
| CVE-2021-42057 | 1 Obsidian | 1 Obsidian Dataview | 2024-08-04 | 7.8 High |
| Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases. | ||||
| CVE-2021-41749 | 1 Nystudio107 | 1 Seomatic | 2024-08-04 | 9.8 Critical |
| In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. | ||||
| CVE-2021-41619 | 1 Gradle | 1 Enterprise | 2024-08-04 | 7.2 High |
| An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application. | ||||
| CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-08-04 | 9.8 Critical |
| The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | ||||
| CVE-2021-41402 | 1 Flatcore | 1 Flatcore-cms | 2024-08-04 | 8.8 High |
| flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. | ||||
| CVE-2021-41269 | 2 Cron-utils Project, Redhat | 4 Cron-utils, Camel Quarkus, Openshift Application Runtimes and 1 more | 2024-08-04 | 10 Critical |
| cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known. | ||||
| CVE-2021-41228 | 1 Google | 1 Tensorflow | 2024-08-04 | 7.5 High |
| TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | ||||
| CVE-2021-40889 | 1 Cmsuno Project | 1 Cmsuno | 2024-08-04 | 9.8 Critical |
| CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code. | ||||
| CVE-2021-40553 | 1 Piwigo | 1 Piwigo | 2024-08-04 | 8.8 High |
| piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | ||||
| CVE-2021-40499 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-04 | 9.8 Critical |
| Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2021-40348 | 2 Spacewalk Project, Uyuni-project | 2 Spacewalk, Uyuni | 2024-08-04 | 8.8 High |
| Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. | ||||
| CVE-2021-40373 | 1 Playsms | 1 Playsms | 2024-08-04 | 9.8 Critical |
| playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | ||||
| CVE-2021-40323 | 1 Cobbler Project | 1 Cobbler | 2024-08-04 | 9.8 Critical |
| Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. | ||||
| CVE-2021-40219 | 1 Bolt | 1 Bolt Cms | 2024-08-04 | 8.8 High |
| Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. | ||||
| CVE-2021-40084 | 1 Artixlinux | 1 Opensysusers | 2024-08-04 | 9.8 Critical |
| opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do that. | ||||
| CVE-2021-39979 | 1 Huawei | 1 Harmonyos | 2024-08-04 | 9.8 Critical |
| HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | ||||
| CVE-2021-39908 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 6.5 Medium |
| In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | ||||
| CVE-2021-39503 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 7.2 High |
| PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. | ||||
| CVE-2021-39426 | 1 Seacms | 1 Seacms | 2024-08-04 | 9.8 Critical |
| An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. | ||||