|
196021
|
5.4 |
MEDIUM
Network
|
roundcube
fedoraproject
|
webmail
fedora
|
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26925
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196022
|
5.5 |
MEDIUM
Local
|
bitmessage
|
pybitmessage
|
PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not …
|
NVD-CWE-noinfo
|
CVE-2021-26917
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196023
|
9.8 |
CRITICAL
Network
|
probot
|
bot
|
The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified ot…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-26918
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196024
|
6.1 |
MEDIUM
Network
|
nopcommerce
|
nopcommerce
|
In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discount…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26916
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196025
|
8.1 |
HIGH
Network
|
netmotionsoftware
|
netmotion_mobility
|
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-26915
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196026
|
8.1 |
HIGH
Network
|
netmotionsoftware
|
netmotion_mobility
|
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-26914
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196027
|
8.1 |
HIGH
Network
|
netmotionsoftware
|
netmotion_mobility
|
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-26913
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196028
|
8.1 |
HIGH
Network
|
netmotionsoftware
|
netmotion_mobility
|
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-26912
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196029
|
7.0 |
HIGH
Local
|
firejail_project
debian
|
firejail
debian_linux
|
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2021-26910
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196030
|
6.5 |
MEDIUM
Network
|
1password
|
scim_bridge
|
1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.
|
CWE-287
Improper Authentication
|
CVE-2021-26905
|
2024-11-21 14:57 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
