CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-25313 A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: S... | 7.1 | HIGH | β | 0 |
| CVE-2021-28027 An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28028 An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28029 An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. | 7.5 | HIGH | β | 0 |
| CVE-2021-28030 An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. | 7.5 | HIGH | β | 0 |
| CVE-2021-28031 An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28032 An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28033 An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27531 A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-28036 An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketA... | 7.5 | HIGH | β | 0 |
| CVE-2021-28037 An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20663 Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20664 Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Ser... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20665 Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advan... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-48118 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment wc-partial-shipment allows SQL Injection.This issue aff... | N/A | NONE | β | 0 |
| CVE-2021-27907 Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user cou... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-28026 jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a den... | 7.8 | HIGH | β | 0 |
| CVE-2020-29134 The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 | 8.6 | HIGH | β | 0 |
| CVE-2021-26960 A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based man... | 8.8 | HIGH | β | 0 |
| CVE-2021-26961 A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based man... | 8.8 | HIGH | β | 0 |
| CVE-2021-26962 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remot... | 7.2 | HIGH | β | 0 |
| CVE-2020-28050 Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | 9.1 | CRITICAL | β | 0 |
| CVE-2020-29032 Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManag... | 8.4 | HIGH | β | 0 |
| CVE-2020-35594 Zoho ManageEngine ADManager Plus before 7066 allows XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-21725 A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting i... | 5.7 | MEDIUM | β | 0 |
| CVE-2021-26963 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remot... | 7.2 | HIGH | β | 0 |
| CVE-2021-26964 A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interfac... | 7.1 | HIGH | β | 0 |
| CVE-2021-26965 A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an auth... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26966 A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an auth... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26967 A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-26968 A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management in... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-26969 A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML enti... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26970 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management i... | 6.3 | MEDIUM | β | 0 |
| CVE-2021-26971 A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management i... | 6.3 | MEDIUM | β | 0 |
| CVE-2021-27098 In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Serverβs Legacy Node API can result in the possible issu... | 8.1 | HIGH | β | 0 |
| CVE-2020-28502 This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into ... | 8.1 | HIGH | β | 0 |
| CVE-2021-27099 In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issua... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-28038 An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-27575 Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form con... | 8.8 | HIGH | β | 0 |
| CVE-2021-28039 An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-28040 An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem w... | 7.5 | HIGH | β | 0 |
| CVE-2021-26705 An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate ... | 9.1 | CRITICAL | β | 0 |
| CVE-2021-27254 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific fla... | 8.8 | HIGH | β | 0 |
| CVE-2021-27255 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability.... | 8.8 | HIGH | β | 0 |
| CVE-2020-11227 Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consu... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27256 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this... | 8.8 | HIGH | β | 0 |
| CVE-2021-27257 This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not r... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-29020 Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea ... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-29028 Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. | 6.3 | MEDIUM | β | 0 |
| CVE-2020-29029 Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager a... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.