Total
5288 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25877 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.2 High |
| AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. | ||||
| CVE-2021-25808 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.8 High |
| A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2021-25770 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 9.8 Critical |
| In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | ||||
| CVE-2021-25470 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.9 High |
| An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. | ||||
| CVE-2021-25416 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 6.5 Medium |
| Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. | ||||
| CVE-2021-25415 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 5.5 Medium |
| Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. | ||||
| CVE-2021-25411 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 4.4 Medium |
| Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. | ||||
| CVE-2021-25393 | 1 Google | 1 Android | 2024-11-21 | 6.6 Medium |
| Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. | ||||
| CVE-2021-25315 | 3 Opensuse, Saltstack, Suse | 3 Tumbleweed, Salt, Suse Linux Enterprise Server | 2024-11-21 | 9.8 Critical |
| CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. | ||||
| CVE-2021-25283 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 9.8 Critical |
| An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. | ||||
| CVE-2021-25251 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus\+ Security 2020, Antivirus\+ Security 2021 and 6 more | 2024-11-21 | 7.2 High |
| The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. | ||||
| CVE-2021-25003 | 1 Wptaskforce | 1 Wpcargo Track \& Trace | 2024-11-21 | 9.8 Critical |
| The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | ||||
| CVE-2021-24721 | 1 Loco Translate Project | 1 Loco Translate | 2024-11-21 | 6.5 Medium |
| The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations. | ||||
| CVE-2021-24546 | 1 Extendify | 1 Editorskit | 2024-11-21 | 8.8 High |
| The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code | ||||
| CVE-2021-24537 | 1 Shareaholic | 1 Similar Posts | 2024-11-21 | 7.2 High |
| The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin. | ||||
| CVE-2021-24430 | 1 Optimocha | 1 Speed Booster Pack | 2024-11-21 | 7.2 High |
| The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE | ||||
| CVE-2021-24312 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 7.2 High |
| The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209. | ||||
| CVE-2021-24209 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 7.2 High |
| The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. | ||||
| CVE-2021-23406 | 1 Pac-resolver Project | 1 Pac-resolver | 2024-11-21 | 8.1 High |
| This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. | ||||
| CVE-2021-23390 | 1 Totaljs | 1 Total4 | 2024-11-21 | 9.8 Critical |
| The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | ||||