Total
1628 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26025 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. | |||||
| CVE-2021-25954 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint. | |||||
| CVE-2021-25777 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | |||||
| CVE-2021-25774 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | |||||
| CVE-2021-25506 | 1 Samsung | 1 Health | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | |||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | |||||
| CVE-2021-25410 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | |||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | |||||
| CVE-2021-25356 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | |||||
| CVE-2021-25097 | 1 Creativityjuice | 1 Labtools | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication | |||||
| CVE-2021-24917 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. | |||||
| CVE-2021-24872 | 1 Get Custom Field Values Project | 1 Get Custom Field Values | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata. | |||||
| CVE-2021-24842 | 1 Bulk Datetime Change Project | 1 Bulk Datetime Change | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts. | |||||
| CVE-2021-24824 | 1 Custom Content Shortcode Project | 1 Custom Content Shortcode | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved | |||||
| CVE-2021-24819 | 1 Page\/post Content Shortcode Project | 1 Page\/post Content Shortcode | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors. | |||||
| CVE-2021-24783 | 1 Publishpress | 1 Post Expirator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. | |||||
| CVE-2021-24770 | 1 Stylishpricelist | 1 Stylish Price List | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images. | |||||
| CVE-2021-24757 | 1 Stylishpricelist | 1 Stylish Price List | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images. | |||||
| CVE-2021-24742 | 1 Radiustheme | 1 Logo Slider And Showcase | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check. | |||||
| CVE-2021-24733 | 1 Wp Post Page Clone Project | 1 Wp Post Page Clone | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. | |||||