Topics

Sort by:
Attacker Value
Very High

CVE-2021-40539

Disclosure Date: September 07, 2021 (last updated September 15, 2021)
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Attacker Value
Very High

CVE-2021-37928

Disclosure Date: October 07, 2021 (last updated October 16, 2021)
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Attacker Value
Unknown

CVE-2021-41379

Disclosure Date: November 10, 2021 (last updated November 13, 2021)
Windows Installer Elevation of Privilege Vulnerability
Attacker Value
High

CVE-2021-3064

Disclosure Date: November 10, 2021 (last updated November 11, 2021)
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
Attacker Value
Very High

CVE-2021-41648

Disclosure Date: October 01, 2021 (last updated October 08, 2021)
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.
Attacker Value
Unknown

CVE-2013-3307

Last updated June 05, 2020
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Unknown

CVE-2021-42321

Disclosure Date: November 10, 2021 (last updated November 11, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2021-41675

Disclosure Date: October 29, 2021 (last updated November 03, 2021)
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .
Attacker Value
Very High

CVE-2021-42671

Disclosure Date: November 05, 2021 (last updated November 10, 2021)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Attacker Value
Very High

CVE-2021-43141

Disclosure Date: November 03, 2021 (last updated November 06, 2021)
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.