|
196351
|
4.4 |
MEDIUM
Local
|
google
|
android
|
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
|
CWE-787
Out-of-bounds Write
|
CVE-2021-25500
|
2024-11-21 14:55 |
2021-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196352
|
4.3 |
MEDIUM
Network
|
fortinet
|
fortimanager
|
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other…
|
NVD-CWE-Other
|
CVE-2021-26107
|
2024-11-21 14:55 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196353
|
6.5 |
MEDIUM
Network
|
publify_project
|
publify
|
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2021-25973
|
2024-11-21 14:55 |
2021-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196354
|
6.1 |
MEDIUM
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session c…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25878
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196355
|
7.2 |
HIGH
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
|
CWE-94
Code Injection
|
CVE-2021-25877
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196356
|
6.1 |
MEDIUM
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform a…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25876
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196357
|
6.1 |
MEDIUM
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators'…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25875
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196358
|
7.5 |
HIGH
Network
|
youphptube
|
youphptube
|
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases informati…
|
CWE-89
SQL Injection
|
CVE-2021-25874
|
2024-11-21 14:55 |
2021-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196359
|
7.1 |
HIGH
Network
|
kubernetes
netapp
|
ingress-nginx
trident
|
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
|
NVD-CWE-noinfo
|
CVE-2021-25742
|
2024-11-21 14:55 |
2021-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196360
|
5.4 |
MEDIUM
Network
|
dotnetfoundation
|
piranha_cms
|
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigg…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25977
|
2024-11-21 14:55 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
