CVE List - 2021 / April
Showing 901 - 1000 of 1817 CVEs for April 2021 (Page 10 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-27260 | 2021-04-14 | This vulnerability allows local attackers to disclose sensitive information on... |
| CVE-2021-28856 | 2021-04-14 | In Deark before v1.5.8, a specially crafted input file can... |
| CVE-2021-28855 | 2021-04-14 | In Deark before 1.5.8, a specially crafted input file can... |
| CVE-2020-35419 | 2021-04-14 | Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via... |
| CVE-2020-35418 | 2021-04-14 | Cross Site Scripting (XSS) in the contact page of Group... |
| CVE-2021-28060 | 2021-04-14 | A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196... |
| CVE-2021-28825 | 2021-04-14 | TIBCO Messaging - Eclipse Mosquitto Distribution - Core Windows Platform Installation vulnerability |
| CVE-2021-28826 | 2021-04-14 | TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge Windows Platform Installation vulnerability |
| CVE-2020-28124 | 2021-04-14 | Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address... |
| CVE-2020-35660 | 2021-04-14 | Cross Site Scripting (XSS) in Monica before 2.19.1 via the... |
| CVE-2021-27710 | 2021-04-14 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and... |
| CVE-2021-28484 | 2021-04-14 | An issue was discovered in the /api/connector endpoint handler in... |
| CVE-2021-3017 | 2021-04-14 | The web interface on Intelbras WIN 300 and WRN 342... |
| CVE-2021-30459 | 2021-04-14 | A SQL Injection issue in the SQL Panel in Jazzband... |
| CVE-2021-26030 | 2021-04-14 | [20210401] - Core - Escape xss in logo parameter error pages |
| CVE-2021-26031 | 2021-04-14 | [20210402] - Core - Inadequate filters on module layout settings |
| CVE-2021-29654 | 2021-04-14 | AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the... |
| CVE-2021-28048 | 2021-04-14 | An overly permissive CORS policy in Devolutions Server before 2021.1... |
| CVE-2021-28157 | 2021-04-14 | An SQL Injection issue in Devolutions Server before 2021.1 and... |
| CVE-2021-29449 | 2021-04-14 | Multiple Privilege Escalation Vulnerabilities Pihole |
| CVE-2021-27180 | 2021-04-14 | An issue was discovered in MDaemon before 20.0.4. There is... |
| CVE-2021-27181 | 2021-04-14 | An issue was discovered in MDaemon before 20.0.4. Remote Administration... |
| CVE-2021-27182 | 2021-04-14 | An issue was discovered in MDaemon before 20.0.4. There is... |
| CVE-2021-27183 | 2021-04-14 | An issue was discovered in MDaemon before 20.0.4. Administrators can... |
| CVE-2021-30487 | 2021-04-14 | In the topic moving API in Zulip Server 3.x before... |
| CVE-2021-30477 | 2021-04-14 | An issue was discovered in Zulip Server before 3.4. A... |
| CVE-2020-36288 | 2021-04-14 | The issue navigation and search view in Jira Server and... |
| CVE-2021-26075 | 2021-04-14 | The Jira importers plugin AttachTemporaryFile rest resource in Jira Server... |
| CVE-2021-26076 | 2021-04-14 | The jira.editor.user.mode cookie set by the Jira Editor Plugin in... |
| CVE-2021-30478 | 2021-04-14 | An issue was discovered in Zulip Server before 3.4. A... |
| CVE-2021-30479 | 2021-04-14 | An issue was discovered in Zulip Server before 3.4. A... |
| CVE-2021-20288 | 2021-04-15 | An authentication flaw was found in ceph in versions before... |
| CVE-2021-23884 | 2021-04-15 | Clear text exposure of password in McAfee CSR ePO extension |
| CVE-2021-27850 | 2021-04-15 | Bypass of the fix for CVE-2019-0195 |
| CVE-2020-7308 | 2021-04-15 | Transmission of data in clear text by McAfee ENS |
| CVE-2021-23886 | 2021-04-15 | Local Denial of Service in McAfee DLP Endpoint for Windows |
| CVE-2021-23887 | 2021-04-15 | Privilege escalation in McAfee DLP Endpoint for Windows |
| CVE-2020-7269 | 2021-04-15 | Sensitive Information Exposure in McAfee ATD |
| CVE-2020-7270 | 2021-04-15 | Sensitive Information Exposure in McAfee ATD |
| CVE-2021-27129 | 2021-04-15 | CASAP Automated Enrollment System version 1.0 contains a cross-site scripting... |
| CVE-2021-27544 | 2021-04-15 | Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul... |
| CVE-2021-27545 | 2021-04-15 | SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour... |
| CVE-2021-0488 | 2021-04-15 | In pb_write of pb_encode.c, there is a possible out of... |
| CVE-2021-30209 | 2021-04-15 | Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a... |
| CVE-2020-27237 | 2021-04-15 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of... |
| CVE-2020-27238 | 2021-04-15 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of... |
| CVE-2020-27239 | 2021-04-15 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of... |
| CVE-2020-28592 | 2021-04-15 | A heap-based buffer overflow vulnerability exists in the configuration server... |
| CVE-2020-28593 | 2021-04-15 | A unauthenticated backdoor exists in the configuration server functionality of... |
| CVE-2021-21094 | 2021-04-15 | Adobe Bridge PDF File Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution |
| CVE-2021-21096 | 2021-04-15 | Adobe Bridge Genuine Software Service Incorrect Permission Assignment could lead to Denial-of-Service |
| CVE-2021-28242 | 2021-04-15 | SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows... |
| CVE-2021-21100 | 2021-04-15 | Adobe Digital Editions Arbitrary file system write vulnerability |
| CVE-2021-27672 | 2021-04-15 | SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario... |
| CVE-2021-27673 | 2021-04-15 | Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal... |
| CVE-2021-21093 | 2021-04-15 | Adobe Bridge SGI File Parsing Memory Corruption vulnerability could lead to arbitrary code execution |
| CVE-2021-21095 | 2021-04-15 | Adobe Bridge TTF Font Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution |
| CVE-2021-28549 | 2021-04-15 | Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution |
| CVE-2021-21091 | 2021-04-15 | Adobe Bridge HEIC File Parsing Out-Of-Bounds Read vulnerability could lead to information disclosure |
| CVE-2021-21092 | 2021-04-15 | Adobe Bridge DCM File Parsing Memory Corruption could lead to arbitrary code execution |
| CVE-2021-21087 | 2021-04-15 | ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser |
| CVE-2021-28548 | 2021-04-15 | Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution |
| CVE-2021-31229 | 2021-04-15 | An issue was discovered in libezxml.a in ezXML 0.8.6. The... |
| CVE-2021-27112 | 2021-04-15 | LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php... |
| CVE-2021-29448 | 2021-04-15 | Stored DOM XSS in Pi-hole Admin Web Interface |
| CVE-2021-3243 | 2021-04-15 | Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An... |
| CVE-2021-26582 | 2021-04-15 | A security vulnerability in HPE IceWall SSO Domain Gateway Option... |
| CVE-2021-29433 | 2021-04-15 | Denial of service (via resource exhaustion) due to improper input validation |
| CVE-2020-28898 | 2021-04-15 | In QED ResourceXpress through 4.9k, a large numeric or alphanumeric... |
| CVE-2021-31402 | 2021-04-15 | The dio package 4.0.0 for Dart allows CRLF injection if... |
| CVE-2021-28055 | 2021-04-15 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.... |
| CVE-2021-30245 | 2021-04-15 | Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks |
| CVE-2021-29430 | 2021-04-15 | Denial of service attack via memory exhaustion |
| CVE-2021-29432 | 2021-04-15 | Malicious users could control the content of invitation emails |
| CVE-2021-29431 | 2021-04-15 | SSRF in Sydent due to missing validation of hostnames |
| CVE-2021-29447 | 2021-04-15 | WordPress Authenticated XXE attack when installation is running PHP 8 |
| CVE-2021-29450 | 2021-04-15 | WordPress Authenticated disclosure of password-protected posts and pages |
| CVE-2021-21405 | 2021-04-15 | BLS Signature "Malleability" |
| CVE-2021-27692 | 2021-04-15 | Command Injection in Tenda G1 and G3 routers with firmware... |
| CVE-2021-27691 | 2021-04-15 | Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN... |
| CVE-2018-19942 | 2021-04-16 | Cross-site Scripting Vulnerability in File Station |
| CVE-2021-26073 | 2021-04-16 | Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2... |
| CVE-2021-26074 | 2021-04-16 | Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version... |
| CVE-2021-31414 | 2021-04-16 | The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code... |
| CVE-2021-22539 | 2021-04-16 | Code execution in VSCode-bazel via malicious Bazel config files |
| CVE-2021-20491 | 2021-04-16 | IBM Spectrum Protect Server 7.1 and 8.1 is subject to... |
| CVE-2020-9667 | 2021-04-16 | Uncontrolled Search Path Element in AGSService.exe |
| CVE-2020-9668 | 2021-04-16 | AGSService program mishandling symbolic links |
| CVE-2020-9681 | 2021-04-16 | Adobe Genuine Service privilege escalation vulnerability |
| CVE-2021-26830 | 2021-04-16 | SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers... |
| CVE-2021-31347 | 2021-04-16 | An issue was discovered in libezxml.a in ezXML 0.8.6. The... |
| CVE-2021-29443 | 2021-04-16 | Padding Oracle Attack due to Observable Timing Discrepancy in jose |
| CVE-2021-31348 | 2021-04-16 | An issue was discovered in libezxml.a in ezXML 0.8.6. The... |
| CVE-2021-27394 | 2021-04-16 | A vulnerability has been identified in Mendix Applications using Mendix... |
| CVE-2021-29452 | 2021-04-16 | Any logged in user could edit any other logged in user. |
| CVE-2021-29451 | 2021-04-16 | Missing validation of JWT signature in `ManyDesigns/Portofino` |
| CVE-2021-29444 | 2021-04-16 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime |
| CVE-2021-29445 | 2021-04-16 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime |
| CVE-2021-29446 | 2021-04-16 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime |
| CVE-2020-2509 | 2021-04-17 | Command Injection Vulnerability in QTS and QuTS hero |