Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4350 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2024-11-21 | N/A | 7.2 HIGH |
|
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay.
|
|||||
| CVE-2021-4347 | 1 Zorem | 1 Advanced Shipment Tracking For Woocommerce | 2024-11-21 | N/A | 9.9 CRITICAL |
|
The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue.
|
|||||
| CVE-2021-4346 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog, such as changing the admin account's email address.
|
|||||
| CVE-2021-4345 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities.
|
|||||
| CVE-2021-4343 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges.
|
|||||
| CVE-2021-4341 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.
|
|||||
| CVE-2021-4339 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | N/A | 7.5 HIGH |
|
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database.
|
|||||
| CVE-2021-4338 | 1 Duckdev | 1 404 To 301 | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections.
|
|||||
| CVE-2021-4337 | 1 Xforwoocommerce | 16 Add Product Tabs, Autopilot Seo, Bulk Add To Cart and 13 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product ...
Show More |
|||||
| CVE-2021-4089 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
snipe-it is vulnerable to Improper Access Control
|
|||||
| CVE-2021-4074 | 1 I-plugins | 1 Whmcs Bridge | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
|
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.
|
|||||
| CVE-2021-46820 | 1 Xos-shop | 1 Xos Shop System | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php
|
|||||
| CVE-2021-46075 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
|
|||||
| CVE-2021-44857 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead.
|
|||||
| CVE-2021-44840 | 1 Deltarm | 1 Delta Rm | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is als ...
Show More |
|||||
| CVE-2021-44795 | 1 Krontech | 1 Single Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating.
|
|||||
| CVE-2021-44794 | 1 Krontech | 1 Single Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.
|
|||||
| CVE-2021-44793 | 1 Krontech | 1 Single Connect | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials.
|
|||||
| CVE-2021-44792 | 1 Krontech | 1 Single Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information.
|
|||||
| CVE-2021-44595 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
|
|||||
| CVE-2021-44233 | 1 Sap | 1 Access Control | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.
|
|||||
| CVE-2021-44055 | 1 Qnap | 1 Video Station | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
|
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later
|
|||||
| CVE-2021-43938 | 1 Smartptt | 1 Scada Server | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.
|
|||||
| CVE-2021-43847 | 1 Humhub | 1 Humhub | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
|
|||||
| CVE-2021-43781 | 1 Inveniosoftware | 1 Invenio-drafts-resources | 2024-11-21 | 4.0 MEDIUM | 6.4 MEDIUM |
|
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated a user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled ...
Show More |
|||||
| CVE-2021-42851 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
|
|||||
| CVE-2021-42848 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
|
|||||
| CVE-2021-42367 | 1 Variation Swatches For Woocommerce Project | 1 Variation Swatches For Woocommerce | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
|
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.
|
|||||
| CVE-2021-42359 | 1 Legalweb | 1 Wp Dsgvo Tools | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending s ...
Show More |
|||||
| CVE-2021-42331 | 1 Xinheinformation | 1 Xinhe Teaching Platform System | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.
|
|||||
| CVE-2021-42062 | 1 Sap | 1 Erp Human Capital Management | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
|
|||||
| CVE-2021-41729 | 1 Baicloud-cms Project | 1 Baicloud-cms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php.
|
|||||
| CVE-2021-41554 | 1 Archibus | 1 Web Central | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it ...
Show More |
|||||
| CVE-2021-41241 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended ...
Show More |
|||||
| CVE-2021-41239 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds.
|
|||||
| CVE-2021-41238 | 1 Hangfire | 1 Hangfire | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, `LocalRequestsOnlyAuthorizationFilter` filter is being used to allow only local requests and prohibit all the remote requests to provide sensible, protected by de ...
Show More |
|||||
| CVE-2021-41233 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text applica ...
Show More |
|||||
| CVE-2021-41112 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by cal ...
Show More |
|||||
| CVE-2021-41077 | 1 Travis-ci | 1 Travis Ci | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, ...
Show More |
|||||
| CVE-2021-41066 | 1 Bopsoft | 1 Listary | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary).
|
|||||