|
196551
|
6.1 |
MEDIUM
Network
|
mercusys
|
mercury_x18g_firmware
|
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25810
|
2024-11-21 14:55 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196552
|
9.8 |
CRITICAL
Network
|
minthcm
|
minthcm
|
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
|
CWE-521
Weak Password Requirements
|
CVE-2021-25839
|
2024-11-21 14:55 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196553
|
6.1 |
MEDIUM
Network
|
minthcm
|
minthcm
|
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25838
|
2024-11-21 14:55 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196554
|
9.8 |
CRITICAL
Network
|
manta
|
safe-obj
|
Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25928
|
2024-11-21 14:55 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196555
|
9.8 |
CRITICAL
Network
|
safe-flat_project
|
safe-flat
|
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-25927
|
2024-11-21 14:55 |
2021-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196556
|
7.5 |
HIGH
Network
|
void
|
aurall_rec_monitor
|
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable par…
|
CWE-89
SQL Injection
|
CVE-2021-25899
|
2024-11-21 14:55 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196557
|
7.5 |
HIGH
Network
|
void
|
aural_rec_monitor
|
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value…
|
CWE-798
CWE-312
Use of Hard-coded Credentials
Cleartext Storage of Sensitive Information
|
CVE-2021-25898
|
2024-11-21 14:55 |
2021-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196558
|
7.8 |
HIGH
Local
|
siemens
|
tecnomatix_robotexpert
|
A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in …
|
-
|
CVE-2021-25670
|
2024-11-21 14:55 |
2021-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196559
|
7.5 |
HIGH
Network
|
adtran
|
personal_phone_manager
|
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be use…
|
NVD-CWE-noinfo
|
CVE-2021-25681
|
2024-11-21 14:55 |
2021-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196560
|
6.1 |
MEDIUM
Network
|
adtran
|
personal_phone_manager
|
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25680
|
2024-11-21 14:55 |
2021-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
