CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-25374 An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote... | 8.6 | HIGH | β | 0 |
| CVE-2021-25375 Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-25376 An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | 3.1 | LOW | β | 0 |
| CVE-2021-25377 Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | 3.3 | LOW | β | 0 |
| CVE-2021-25378 Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-25379 Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | 4.0 | MEDIUM | β | 0 |
| CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-25381 Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-21194 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-21195 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-21196 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-21197 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-21198 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 7.4 | HIGH | β | 0 |
| CVE-2021-21199 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag... | 8.8 | HIGH | β | 0 |
| CVE-2021-30480 Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or... | 8.5 | HIGH | β | 0 |
| CVE-2021-20020 A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30485 An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference whi... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28097 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Artrium artrium allows PHP Local File Inclusion.This issue affects Art... | 8.1 | HIGH | β | 0 |
| CVE-2015-20001 In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range p... | 7.5 | HIGH | β | 0 |
| CVE-2020-36317 In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could resu... | 7.5 | HIGH | β | 0 |
| CVE-2020-36318 In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or doubl... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28875 In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | 7.5 | HIGH | β | 0 |
| CVE-2021-28876 In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panic... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-28877 In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due... | 7.5 | HIGH | β | 0 |
| CVE-2026-28098 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | β | 0 |
| CVE-2021-28878 In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used... | 7.5 | HIGH | β | 0 |
| CVE-2021-28879 In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is us... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29379 An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payloa... | 8.8 | HIGH | β | 0 |
| CVE-2020-24285 INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. | 7.5 | HIGH | β | 0 |
| CVE-2021-23371 This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. | 7.5 | HIGH | β | 0 |
| CVE-2020-28872 An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-23368 The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-23369 The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | 5.6 | MEDIUM | β | 0 |
| CVE-2021-23370 This affects the package swiper before 6.5.1. | 7.5 | HIGH | β | 0 |
| CVE-2021-24197 The wpDataTables β Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tam... | 8.1 | HIGH | β | 0 |
| CVE-2021-24198 The wpDataTables β Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tam... | 8.1 | HIGH | β | 0 |
| CVE-2021-24199 The wpDataTables β Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endp... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-24200 The wpDataTables β Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endp... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-24213 The GiveWP β Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-24215 An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS sett... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28124 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | β | 0 |
| CVE-2021-24217 The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. ... | 8.1 | HIGH | β | 0 |
| CVE-2021-24218 The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in ... | 8.8 | HIGH | β | 0 |
| CVE-2021-24219 The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-24220 Thrive βLegacyβ Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes W... | 9.1 | CRITICAL | β | 0 |
| CVE-2021-24221 The Quiz And Survey Master β Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attri... | 8.8 | HIGH | β | 0 |
| CVE-2021-24222 The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and sub... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24223 The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be h... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24224 The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing ... | 8.8 | HIGH | β | 0 |
| CVE-2021-30162 An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-... | 7.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.