|
195981
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortimail
|
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via spec…
|
CWE-89
SQL Injection
|
CVE-2021-24007
|
2024-11-21 14:52 |
2021-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195982
|
6.1 |
MEDIUM
Network
|
chimpgroup
|
foodbakery
|
The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, l…
|
-
|
CVE-2021-24389
|
2024-11-21 14:52 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195983
|
6.1 |
MEDIUM
Network
|
contempothemes
|
real_estate_7
|
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24387
|
2024-11-21 14:52 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195984
|
5.4 |
MEDIUM
Network
|
kubiq
|
wp_svg_images
|
The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by …
|
-
|
CVE-2021-24386
|
2024-11-21 14:52 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195985
|
5.4 |
MEDIUM
Network
|
e4j
|
vikrentcar_car_rental_management_system
|
In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving th…
|
-
|
CVE-2021-24388
|
2024-11-21 14:52 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195986
|
9.8 |
CRITICAL
Network
|
beardev
|
joomsport
|
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter…
|
-
|
CVE-2021-24384
|
2024-11-21 14:52 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195987
|
9.8 |
CRITICAL
Network
|
stockware
|
motor
|
Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unaut…
|
-
|
CVE-2021-24375
|
2024-11-21 14:52 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195988
|
7.5 |
HIGH
Network
|
fortinet
|
fortiauthenticator
|
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuratio…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2021-24005
|
2024-11-21 14:52 |
2021-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195989
|
8.8 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
firefox_esr
|
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Th…
|
CWE-74
Injection
|
CVE-2021-24002
|
2024-11-21 14:52 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195990
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-24001
|
2024-11-21 14:52 |
2021-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
