|
195581
|
6.5 |
MEDIUM
Network
|
purethemes
|
findeo
realteo
|
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users t…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2021-24238
|
2024-11-21 14:52 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195582
|
6.1 |
MEDIUM
Network
|
purethemes
|
findeo
realteo
|
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its…
|
-
|
CVE-2021-24237
|
2024-11-21 14:52 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195583
|
6.1 |
MEDIUM
Network
|
boostifythemes
|
goto
|
The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
|
-
|
CVE-2021-24235
|
2024-11-21 14:52 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195584
|
6.1 |
MEDIUM
Network
|
ivorysearch
|
ivory_search
|
The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when…
|
-
|
CVE-2021-24234
|
2024-11-21 14:52 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195585
|
6.1 |
MEDIUM
Network
|
boxystudio
|
cooked
|
The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthenticated reflected Cross-Site Scripting issues, due to improper sanitisation of user input while being output back in pages as an…
|
-
|
CVE-2021-24233
|
2024-11-21 14:52 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195586
|
5.4 |
MEDIUM
Network
|
elbtide
|
advanced_booking_calendar
|
The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting is…
|
-
|
CVE-2021-24232
|
2024-11-21 14:52 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195587
|
7.8 |
HIGH
Local
|
mcafee
|
data_loss_prevention_endpoint
|
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel address…
|
NVD-CWE-noinfo
|
CVE-2021-23887
|
2024-11-21 14:52 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195588
|
5.5 |
MEDIUM
Local
|
mcafee
|
data_loss_prevention_endpoint
|
Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modi…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2021-23886
|
2024-11-21 14:52 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195589
|
4.3 |
MEDIUM
Adjacent
|
mcafee
|
content_security_reporter
|
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted passwor…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-23884
|
2024-11-21 14:52 |
2021-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195590
|
9.8 |
CRITICAL
Network
|
facebook
|
thrift
|
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2021-24028
|
2024-11-21 14:52 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
