|
194661
|
7.8 |
HIGH
Local
|
htmldoc_project
|
htmldoc
|
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-26259
|
2024-11-21 14:55 |
2022-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194662
|
7.8 |
HIGH
Local
|
htmldoc_project
redhat
fedoraproject
|
htmldoc
enterprise_linux
fedora
|
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-26252
|
2024-11-21 14:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194663
|
7.5 |
HIGH
Network
|
libreoffice
fedoraproject
|
libreoffice
fedora
|
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature …
|
CWE-295
Improper Certificate Validation
|
CVE-2021-25636
|
2024-11-21 14:55 |
2022-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194664
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiproxy
fortios
|
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and F…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26092
|
2024-11-21 14:55 |
2022-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194665
|
6.1 |
MEDIUM
Network
|
ays-pro
|
survey_maker
|
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).
|
CWE-79
Cross-site Scripting
|
CVE-2021-26256
|
2024-11-21 14:55 |
2022-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194666
|
9.8 |
CRITICAL
Network
|
if-me
|
ifme
|
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/n…
|
-
|
CVE-2021-25992
|
2024-11-21 14:55 |
2022-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194667
|
2.7 |
LOW
Network
|
arangodb
|
arangodb
|
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests pe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-25939
|
2024-11-21 14:55 |
2022-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194668
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26247
|
2024-11-21 14:55 |
2022-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194669
|
3.0 |
LOW
Network
|
kubernetes
|
kubernetes
|
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as…
|
NVD-CWE-Other
|
CVE-2021-25743
|
2024-11-21 14:55 |
2022-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194670
|
8.8 |
HIGH
Network
|
userfrosting
|
userfrosting
|
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” f…
|
CWE-74
Injection
|
CVE-2021-25994
|
2024-11-21 14:55 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
