|
195571
|
6.1 |
MEDIUM
Network
|
jamovi
|
jamovi
|
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a…
|
CWE-79
Cross-site Scripting
|
CVE-2021-28079
|
2024-11-21 14:59 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195572
|
6.5 |
MEDIUM
Network
|
eclipse
|
openj9
|
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static me…
|
CWE-909
Missing Initialization of Resource
|
CVE-2021-28167
|
2024-11-21 14:59 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195573
|
4.9 |
MEDIUM
Network
|
unisys
|
stealth
|
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.
|
NVD-CWE-Other
|
CVE-2021-28492
|
2024-11-21 14:59 |
2021-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195574
|
7.5 |
HIGH
Network
|
hashicorp
|
consul
|
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
|
NVD-CWE-noinfo
|
CVE-2021-28156
|
2024-11-21 14:59 |
2021-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195575
|
6.5 |
MEDIUM
Network
|
centreon
|
centreon
|
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2021-28055
|
2024-11-21 14:59 |
2021-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195576
|
7.8 |
HIGH
Local
|
adobe
|
photoshop
|
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could lever…
|
-
|
CVE-2021-28549
|
2024-11-21 14:59 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195577
|
7.8 |
HIGH
Local
|
adobe
|
photoshop
|
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could lever…
|
-
|
CVE-2021-28548
|
2024-11-21 14:59 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195578
|
8.8 |
HIGH
Network
|
b2evolution
|
b2evolution
|
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when c…
|
CWE-89
SQL Injection
|
CVE-2021-28242
|
2024-11-21 14:59 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195579
|
5.5 |
MEDIUM
Local
|
eclipse
oracle
|
jersey
communications_cloud_native_core_policy
communications_cloud_native_core_unified_data_repository
|
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of t…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-28168
|
2024-11-21 14:59 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195580
|
7.2 |
HIGH
Network
|
devolutions
|
devolutions_server
|
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/u…
|
CWE-89
SQL Injection
|
CVE-2021-28157
|
2024-11-21 14:59 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
