|
195991
|
5.4 |
MEDIUM
Network
|
phpgurukul
|
daily_expense_tracker_system
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26304
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195992
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
daily_expense_tracker_system
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.
|
CWE-79
Cross-site Scripting
|
CVE-2021-26303
|
2024-11-21 14:56 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195993
|
5.3 |
MEDIUM
Network
|
godaddy
|
node-config-shield
|
scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a v…
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2021-26276
|
2024-11-21 14:56 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195994
|
6.5 |
MEDIUM
Network
|
ckeditor
oracle
|
ckeditor
webcenter_sites
agile_plm
commerce_merchandising
jd_edwards_enterpriseone_tools
financial_services_model_management_and_governance
financial_services_analytical_application…
|
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plug…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2021-26272
|
2024-11-21 14:56 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195995
|
6.5 |
MEDIUM
Network
|
ckeditor
oracle
|
ckeditor
webcenter_sites
agile_plm
jd_edwards_enterpriseone_tools
financial_services_analytical_applications_infrastructure
siebel_ui_framework
application_express
|
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs pl…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2021-26271
|
2024-11-21 14:56 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195996
|
7.5 |
HIGH
Network
|
cpanel
|
cpanel
|
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
|
NVD-CWE-noinfo
|
CVE-2021-26267
|
2024-11-21 14:56 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195997
|
7.5 |
HIGH
Network
|
cpanel
|
cpanel
|
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
|
NVD-CWE-Other
|
CVE-2021-26266
|
2024-11-21 14:56 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195998
|
6.5 |
MEDIUM
Network
|
intel
|
openvino
|
Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access.
|
CWE-20
Improper Input Validation
|
CVE-2021-26251
|
2024-11-21 14:55 |
2022-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195999
|
6.3 |
MEDIUM
Network
|
kubernetes
|
kubernetes
|
Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port”) as a LoadBalancer
Service when the LoadBalancer controller
does not …
|
NVD-CWE-noinfo
|
CVE-2021-25736
|
2024-11-21 14:55 |
2023-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196000
|
7.2 |
HIGH
Network
|
supermicro-cms_project
|
supermicro-cms
|
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.
|
NVD-CWE-noinfo
|
CVE-2021-25857
|
2024-11-21 14:55 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
