|
197671
|
8.8 |
HIGH
Network
|
fortinet
|
fortiwan
|
Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary co…
|
CWE-78
OS Command
|
CVE-2021-24009
|
2024-11-21 14:52 |
2022-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197672
|
7.2 |
HIGH
Network
|
servmask
|
one-stop_wp_migration
|
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-24216
|
2024-11-21 14:52 |
2022-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197673
|
9.1 |
CRITICAL
Network
|
whatsapp
|
whatsapp
whatsapp_business
|
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7,…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-24043
|
2024-11-21 14:52 |
2022-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197674
|
9.8 |
CRITICAL
Network
|
facebook
|
hermes
|
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/y…
|
CWE-843
Type Confusion
|
CVE-2021-24044
|
2024-11-21 14:52 |
2022-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197675
|
5.3 |
MEDIUM
Network
|
ray-ban
|
stories_rw4003_65582v_48-23_firmware
stories_rw4002_601\/71_50-22_firmware
stories_rw4005_656013_51-20_firmware
stories_rw4005_6563m3_51-20_firmware
|
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2021-24046
|
2024-11-21 14:52 |
2022-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197676
|
9.8 |
CRITICAL
Network
|
whatsapp
|
whatsapp
|
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, Whats…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-24042
|
2024-11-21 14:52 |
2022-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197677
|
9.8 |
CRITICAL
Network
|
facebook
|
hermes
|
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes pe…
|
CWE-843
Type Confusion
|
CVE-2021-24045
|
2024-11-21 14:52 |
2021-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197678
|
9.8 |
CRITICAL
Network
|
whatsapp
|
whatsapp
whatsapp_business
|
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a maliciou…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-24041
|
2024-11-21 14:52 |
2021-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197679
|
4.8 |
MEDIUM
Network
|
ninjaforms
|
contact_form
|
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24381
|
2024-11-21 14:52 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197680
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortianalyzer
|
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a store…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24021
|
2024-11-21 14:52 |
2021-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
