CVE List - 2021 / April
Showing 201 - 300 of 1817 CVEs for April 2021 (Page 3 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-1792 | 2021-04-02 | An out-of-bounds read was addressed with improved bounds checking. This... |
| CVE-2021-1789 | 2021-04-02 | A type confusion issue was addressed with improved state handling.... |
| CVE-2021-1791 | 2021-04-02 | An out-of-bounds read issue existed that led to the disclosure... |
| CVE-2021-1790 | 2021-04-02 | An out-of-bounds read was addressed with improved input validation. This... |
| CVE-2021-1794 | 2021-04-02 | An out-of-bounds read was addressed with improved input validation. This... |
| CVE-2021-1795 | 2021-04-02 | An out-of-bounds write was addressed with improved input validation. This... |
| CVE-2021-1793 | 2021-04-02 | This issue was addressed with improved checks. This issue is... |
| CVE-2021-1796 | 2021-04-02 | An out-of-bounds write was addressed with improved input validation. This... |
| CVE-2021-1797 | 2021-04-02 | The issue was addressed with improved permissions logic. This issue... |
| CVE-2021-1800 | 2021-04-02 | A path handling issue was addressed with improved validation. This... |
| CVE-2021-1799 | 2021-04-02 | A port redirection issue was addressed with additional port validation.... |
| CVE-2021-1802 | 2021-04-02 | A logic issue was addressed with improved state management. This... |
| CVE-2021-1803 | 2021-04-02 | The issue was addressed with improved permissions logic. This issue... |
| CVE-2021-1806 | 2021-04-02 | A race condition was addressed with additional validation. This issue... |
| CVE-2021-1801 | 2021-04-02 | This issue was addressed with improved iframe sandbox enforcement. This... |
| CVE-2021-1805 | 2021-04-02 | An out-of-bounds write was addressed with improved input validation. This... |
| CVE-2021-1870 | 2021-04-02 | A logic issue was addressed with improved restrictions. This issue... |
| CVE-2021-1871 | 2021-04-02 | A logic issue was addressed with improved restrictions. This issue... |
| CVE-2021-1844 | 2021-04-02 | A memory corruption issue was addressed with improved validation. This... |
| CVE-2021-1879 | 2021-04-02 | This issue was addressed by improved management of object lifetimes.... |
| CVE-2020-11923 | 2021-04-02 | An issue was discovered in WiZ Colors A60 1.14.0. API... |
| CVE-2021-1818 | 2021-04-02 | A logic issue was addressed with improved state management. This... |
| CVE-2020-11924 | 2021-04-02 | An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi... |
| CVE-2021-3374 | 2021-04-02 | Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers... |
| CVE-2021-1761 | 2021-04-02 | This issue was addressed with improved checks. This issue is... |
| CVE-2021-27973 | 2021-04-02 | SQL injection exists in Piwigo before 11.4.0 via the language... |
| CVE-2021-1753 | 2021-04-02 | An out-of-bounds read was addressed with improved bounds checking. This... |
| CVE-2021-29660 | 2021-04-02 | A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing... |
| CVE-2021-29661 | 2021-04-02 | Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS... |
| CVE-2021-28940 | 2021-04-02 | Because of a incorrect escaped exec command in MagpieRSS in... |
| CVE-2021-28941 | 2021-04-02 | Because of no validation on a curl command in MagpieRSS... |
| CVE-2021-30125 | 2021-04-02 | Jamf Pro before 10.28.0 allows XSS related to inventory history,... |
| CVE-2021-30126 | 2021-04-02 | Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who... |
| CVE-2021-30072 | 2021-04-02 | An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08... |
| CVE-2020-21585 | 2021-04-02 | Vulnerability in emlog v6.0.0 allows user to upload webshells via... |
| CVE-2020-21588 | 2021-04-02 | Buffer overflow in Core FTP LE v2.2 allows local attackers... |
| CVE-2020-21590 | 2021-04-02 | Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers... |
| CVE-2020-27600 | 2021-04-02 | HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote... |
| CVE-2021-30074 | 2021-04-02 | docsify 4.12.1 is affected by Cross Site Scripting (XSS) because... |
| CVE-2021-21529 | 2021-04-02 | Dell System Update (DSU) 1.9 and earlier versions contain a... |
| CVE-2021-21532 | 2021-04-02 | Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper... |
| CVE-2021-21533 | 2021-04-02 | Wyse Management Suite versions up to 3.2 contains a vulnerability... |
| CVE-2021-30127 | 2021-04-03 | TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the... |
| CVE-2020-17453 | 2021-04-05 | WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp... |
| CVE-2021-28832 | 2021-04-05 | VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via... |
| CVE-2021-29261 | 2021-04-05 | The unofficial Svelte extension before 104.8.0 for Visual Studio Code... |
| CVE-2021-29996 | 2021-04-05 | Mark Text through 0.16.3 allows attackers arbitrary command execution. This... |
| CVE-2021-30058 | 2021-04-05 | Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS).... |
| CVE-2021-30057 | 2021-04-05 | A stored HTML injection vulnerability exists in Knowage Suite version... |
| CVE-2021-30056 | 2021-04-05 | Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting... |
| CVE-2021-30055 | 2021-04-05 | A SQL injection vulnerability in Knowage Suite version 7.1 exists... |
| CVE-2021-30109 | 2021-04-05 | Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS).... |
| CVE-2020-4792 | 2021-04-05 | IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability... |
| CVE-2020-4997 | 2021-04-05 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.... |
| CVE-2021-24150 | 2021-04-05 | Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF |
| CVE-2021-24152 | 2021-04-05 | Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24153 | 2021-04-05 | Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24154 | 2021-04-05 | Theme Editor < 2.6 - Authenticated Arbitrary File Download |
| CVE-2021-24155 | 2021-04-05 | Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload |
| CVE-2021-24156 | 2021-04-05 | Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24157 | 2021-04-05 | Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting |
| CVE-2021-24158 | 2021-04-05 | Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation |
| CVE-2021-24159 | 2021-04-05 | Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-24160 | 2021-04-05 | Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File Upload |
| CVE-2021-24161 | 2021-04-05 | Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload |
| CVE-2021-24162 | 2021-04-05 | Responsive Menu < 4.0.4 - CSRF to Settings Update |
| CVE-2021-24163 | 2021-04-05 | Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure |
| CVE-2021-24164 | 2021-04-05 | Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure |
| CVE-2021-24165 | 2021-04-05 | Ninja Forms < 3.4.34 - Administrator Open Redirect |
| CVE-2021-24166 | 2021-04-05 | Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection |
| CVE-2021-24167 | 2021-04-05 | Web-Stat < 1.4.1 - API Key Disclosure |
| CVE-2021-24168 | 2021-04-05 | Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24169 | 2021-04-05 | Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24170 | 2021-04-05 | User Profile Picture < 2.5.0 - Sensitive Information Disclosure |
| CVE-2021-24171 | 2021-04-05 | WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload |
| CVE-2021-24172 | 2021-04-05 | VM Backups <= 1.0 - CSRF to Database Backup Download |
| CVE-2021-24173 | 2021-04-05 | VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2021-24174 | 2021-04-05 | Database Backups <= 1.2.2.6 - CSRF to Backup Download |
| CVE-2021-24175 | 2021-04-05 | The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass |
| CVE-2021-24176 | 2021-04-05 | JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24177 | 2021-04-05 | WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24180 | 2021-04-05 | Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24181 | 2021-04-05 | Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct |
| CVE-2021-24182 | 2021-04-05 | Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question |
| CVE-2021-24183 | 2021-04-05 | Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form |
| CVE-2021-24184 | 2021-04-05 | Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation |
| CVE-2021-24185 | 2021-04-05 | Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating |
| CVE-2021-24186 | 2021-04-05 | Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id |
| CVE-2021-24187 | 2021-04-05 | SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24196 | 2021-04-05 | Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24201 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Column Element |
| CVE-2021-24202 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget |
| CVE-2021-24203 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget |
| CVE-2021-24204 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget |
| CVE-2021-24205 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget |
| CVE-2021-24206 | 2021-04-05 | Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget |
| CVE-2021-24207 | 2021-04-05 | WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to Posts |
| CVE-2021-24208 | 2021-04-05 | WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS) |
| CVE-2021-24209 | 2021-04-05 | WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE) |
| CVE-2021-24210 | 2021-04-05 | PhastPress < 1.111 - Open Redirect |