Topics

Sort by:
Attacker Value
Moderate

CVE-2021-26419

Disclosure Date: May 11, 2021 (last updated May 12, 2021)
Scripting Engine Memory Corruption Vulnerability
1
Attacker Value
Very High
Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products. The impacted products are: * Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance
4
Attacker Value
Low

CVE-2021-31166

Disclosure Date: May 11, 2021 (last updated May 15, 2021)
HTTP Protocol Stack Remote Code Execution Vulnerability
Attacker Value
High

CVE-2021-21551

Disclosure Date: May 04, 2021 (last updated May 08, 2021)
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
Attacker Value
High

CVE-2020-4006

Disclosure Date: November 23, 2020 (last updated December 28, 2020)
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Following speculation that CVE-2020-4006 might be related to the SolarWinds supply chain hack that led to the compromise of U.S. government agencies and global organizations, [VMware said on December 22, 2020](https://blogs.vmware.com/partnernews/2020/12/statement-on-solarwinds-supply-chain-compromise-and-workspace-one.html) that they have no indication they have any involvement on the nation-state attack on SolarWinds.
Attacker Value
Low

CVE-2019-17240

Disclosure Date: October 06, 2019 (last updated September 02, 2020)
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Attacker Value
Very High

CVE-2018-16763

Disclosure Date: September 09, 2018 (last updated June 05, 2020)
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Attacker Value
High

CVE-2021-31799

Last updated April 25, 2021
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Moderate

CVE-2020-25538

Disclosure Date: November 13, 2020 (last updated November 18, 2020)
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
Attacker Value
Moderate

CVE-2020-25557

Disclosure Date: November 13, 2020 (last updated November 24, 2020)
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.