|
196121
|
5.4 |
MEDIUM
Network
|
apache
|
superset
|
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user co…
|
CWE-79
Cross-site Scripting
|
CVE-2021-27907
|
2024-11-21 14:58 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196122
|
9.8 |
CRITICAL
Network
|
bam_project
|
bam
|
An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2021-28027
|
2024-11-21 14:58 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196123
|
9.8 |
CRITICAL
Network
|
msi
|
dragon_center
|
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IO…
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-27965
|
2024-11-21 14:58 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196124
|
9.8 |
CRITICAL
Network
|
sfcyazilim
|
sonlogger
|
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. T…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-27964
|
2024-11-21 14:58 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196125
|
8.2 |
HIGH
Network
|
sfcyazilim
|
sonlogger
|
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or ses…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-27963
|
2024-11-21 14:58 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196126
|
6.1 |
MEDIUM
Network
|
openark
|
orchestrator
|
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2021-27940
|
2024-11-21 14:58 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196127
|
7.5 |
HIGH
Network
|
adguard
|
adguard_home
|
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-27935
|
2024-11-21 14:58 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196128
|
9.1 |
CRITICAL
Network
|
lumis
|
lumis_experience_platform
|
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outc…
|
CWE-611
XXE
|
CVE-2021-27931
|
2024-11-21 14:58 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196129
|
4.4 |
MEDIUM
Local
|
bigprof
|
online_invoicing_system
|
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-27839
|
2024-11-21 14:58 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196130
|
8.8 |
HIGH
Network
|
zabbix
|
zabbix
|
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection m…
|
CWE-352
Origin Validation Error
|
CVE-2021-27927
|
2024-11-21 14:58 |
2021-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
