|
196901
|
7.8 |
HIGH
Local
|
opendesign
siemens
|
drawings_software_development_kit
jt2go
teamcenter_visualization
comos
|
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potent…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-25174
|
2024-11-21 14:54 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196902
|
7.8 |
HIGH
Local
|
opendesign
siemens
|
drawings_software_development_kit
jt2go
teamcenter_visualization
comos
|
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to c…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2021-25173
|
2024-11-21 14:54 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196903
|
6.1 |
MEDIUM
Network
|
opencats
|
opencats
|
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25295
|
2024-11-21 14:54 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196904
|
9.8 |
CRITICAL
Network
|
opencats
|
opencats
|
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:Activ…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-25294
|
2024-11-21 14:54 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196905
|
6.1 |
MEDIUM
Network
|
wpfastestcache
|
wp_fastest_cache
|
The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, wh…
|
CWE-352
Origin Validation Error
|
CVE-2021-24870
|
2024-11-21 14:53 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196906
|
8.8 |
HIGH
Network
|
wpfastestcache
|
wp_fastest_cache
|
The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low priv…
|
CWE-89
SQL Injection
|
CVE-2021-24869
|
2024-11-21 14:53 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196907
|
5.4 |
MEDIUM
Network
|
nickmomrik
|
simple_post
|
The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Auth…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24567
|
2024-11-21 14:53 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196908
|
8.8 |
HIGH
Network
|
pluginus
|
fox_-_currency_switcher_professional_for_woocommerce
|
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
|
NVD-CWE-Other
|
CVE-2021-24566
|
2024-11-21 14:53 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196909
|
5.4 |
MEDIUM
Network
|
patrickposner
|
qyrr
|
The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJ…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24559
|
2024-11-21 14:53 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196910
|
5.4 |
MEDIUM
Network
|
yukimichi
|
simple_sort\&search
|
The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24433
|
2024-11-21 14:53 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
