|
196671
|
9.8 |
CRITICAL
Network
|
impresscms
|
impresscms
|
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2021-26599
|
2024-11-21 14:56 |
2022-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196672
|
5.3 |
MEDIUM
Network
|
impresscms
|
impresscms
|
ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
|
CWE-287
Improper Authentication
|
CVE-2021-26598
|
2024-11-21 14:56 |
2022-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196673
|
10.0 |
CRITICAL
Network
|
genians
|
genian_nac
|
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious…
|
CWE-94
Code Injection
|
CVE-2021-26622
|
2024-11-21 14:56 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196674
|
9.8 |
CRITICAL
Network
|
netu
|
mex01_firmware
|
An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter v…
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-26621
|
2024-11-21 14:56 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196675
|
7.5 |
HIGH
Network
|
iptime
|
nas101_firmware
nas1dual_firmware
nas2dual_firmware
nas3_firmware
nas4_firmware
nas4dual_firmware
nas-i_firmware
nas-ii_firmware
nas-iie_firmware
|
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnera…
|
CWE-287
Improper Authentication
|
CVE-2021-26620
|
2024-11-21 14:56 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196676
|
5.6 |
MEDIUM
Local
|
amd
|
athlon_x4_940_firmware
athlon_x4_950_firmware
athlon_x4_970_firmware
athlon_x4_835_firmware
athlon_x4_845_firmware
athlon_x4_830_firmware
athlon_x4_840_firmware
athlon_x4_860k_fi…
|
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
|
NVD-CWE-noinfo
|
CVE-2021-26401
|
2024-11-21 14:56 |
2022-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196677
|
6.5 |
MEDIUM
Local
|
amd
|
athlon_x4_940_firmware
athlon_x4_950_firmware
athlon_x4_970_firmware
athlon_x4_835_firmware
athlon_x4_845_firmware
athlon_x4_830_firmware
athlon_x4_840_firmware
athlon_x4_860k_fi…
|
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2021-26341
|
2024-11-21 14:56 |
2022-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196678
|
9.8 |
CRITICAL
Network
|
firstmall
|
firstmall
|
This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add func…
|
CWE-20
Improper Input Validation
|
CVE-2021-26617
|
2024-11-21 14:56 |
2022-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196679
|
9.1 |
CRITICAL
Network
|
bigfile
|
bigfileagent
|
An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users.
|
CWE-22
Path Traversal
|
CVE-2021-26619
|
2024-11-21 14:56 |
2022-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196680
|
9.8 |
CRITICAL
Network
|
tmax
|
tooffice
|
An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.
|
CWE-20
Improper Input Validation
|
CVE-2021-26618
|
2024-11-21 14:56 |
2022-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
