Total
3677 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26551 | 1 Smartfoxserver | 1 Smartfoxserver | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module. | |||||
| CVE-2021-26120 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | |||||
| CVE-2021-25877 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. | |||||
| CVE-2021-25808 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2021-25770 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | |||||
| CVE-2021-25283 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. | |||||
| CVE-2021-25251 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus\+ Security 2020, Antivirus\+ Security 2021 and 6 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. | |||||
| CVE-2021-24721 | 1 Loco Translate Project | 1 Loco Translate | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations. | |||||
| CVE-2021-24546 | 1 Extendify | 1 Editorskit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code | |||||
| CVE-2021-24430 | 1 Optimocha | 1 Speed Booster Pack | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Speed Booster Pack ? PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE | |||||
| CVE-2021-23390 | 1 Totaljs | 1 Total4 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | |||||
| CVE-2021-23389 | 1 Totaljs | 1 Total.js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | |||||
| CVE-2021-23358 | 4 Debian, Fedoraproject, Tenable and 1 more | 4 Debian Linux, Fedora, Tenable.sc and 1 more | 2024-11-21 | 6.5 MEDIUM | 3.3 LOW |
| The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | |||||
| CVE-2021-23344 | 1 Totaljs | 1 Total.js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. | |||||
| CVE-2021-23337 | 4 Lodash, Netapp, Oracle and 1 more | 23 Lodash, Active Iq Unified Manager, Cloud Manager and 20 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | |||||
| CVE-2021-23281 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code. | |||||
| CVE-2021-23277 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands. | |||||
| CVE-2021-22961 | 1 Glasswire | 1 Glasswire | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution. | |||||
| CVE-2021-22395 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22336 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device. | |||||