|
196391
|
9.8 |
CRITICAL
Network
|
wpdatatables
|
wpdatatables
|
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.
|
CWE-89
SQL Injection
|
CVE-2021-26754
|
2024-11-21 14:56 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196392
|
7.5 |
HIGH
Network
|
sthttpd_project
|
sthttpd
|
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-26843
|
2024-11-21 14:56 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196393
|
6.1 |
MEDIUM
Network
|
jenzabar
|
jenzabar
|
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26723
|
2024-11-21 14:56 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196394
|
6.1 |
MEDIUM
Network
|
linkedin
|
oncall
|
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26722
|
2024-11-21 14:56 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196395
|
5.3 |
MEDIUM
Network
|
redwood
|
report2web
|
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parame…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2021-26711
|
2024-11-21 14:56 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196396
|
6.1 |
MEDIUM
Network
|
redwood
|
report2web
|
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26710
|
2024-11-21 14:56 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196397
|
7.0 |
HIGH
Local
|
linux
netapp
|
linux_kernel
cloud_backup
fas_baseboard_management_controller
aff_baseboard_management_controller
solidfire_\&_hci_management_node
solidfire_baseboard_management_controller
base…
|
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The ra…
|
CWE-667
Improper Locking
|
CVE-2021-26708
|
2024-11-21 14:56 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196398
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).
|
CWE-416
Use After Free
|
CVE-2021-26689
|
2024-11-21 14:56 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196399
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).
|
NVD-CWE-noinfo
|
CVE-2021-26688
|
2024-11-21 14:56 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196400
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (Februa…
|
NVD-CWE-noinfo
|
CVE-2021-26687
|
2024-11-21 14:56 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
