CVE List - 2021 / April
Showing 601 - 700 of 1817 CVEs for April 2021 (Page 7 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24200 | 2021-04-12 | wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter |
| CVE-2021-24213 | 2021-04-12 | GiveWP < 2.10.0 - Reflected Cross Site Scripting (XSS) |
| CVE-2021-24215 | 2021-04-12 | Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation |
| CVE-2021-24217 | 2021-04-12 | Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain |
| CVE-2021-24218 | 2021-04-12 | Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion |
| CVE-2021-24219 | 2021-04-12 | All Thrive Themes and Plugins - Unauthenticated Option Update |
| CVE-2021-24220 | 2021-04-12 | All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion |
| CVE-2021-24221 | 2021-04-12 | Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode |
| CVE-2021-24222 | 2021-04-12 | WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE |
| CVE-2021-24223 | 2021-04-12 | N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE |
| CVE-2021-24224 | 2021-04-12 | Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload |
| CVE-2021-24225 | 2021-04-12 | Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24226 | 2021-04-12 | AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage |
| CVE-2021-24227 | 2021-04-12 | Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure |
| CVE-2021-24228 | 2021-04-12 | Patreon WordPress < 1.7.2 - Reflected XSS on Login Form |
| CVE-2021-24229 | 2021-04-12 | Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action |
| CVE-2021-24230 | 2021-04-12 | Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta |
| CVE-2021-24231 | 2021-04-12 | Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon |
| CVE-2020-15942 | 2021-04-12 | An information disclosure vulnerability in Web Vulnerability Scan profile of... |
| CVE-2021-24024 | 2021-04-12 | A clear text storage of sensitive information into log file... |
| CVE-2019-17656 | 2021-04-12 | A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of... |
| CVE-2021-22190 | 2021-04-12 | A path traversal vulnerability via the GitLab Workhorse in all... |
| CVE-2021-27486 | 2021-04-12 | FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to... |
| CVE-2020-7924 | 2021-04-12 | Specific command line parameter might result in accepting invalid certificate |
| CVE-2020-15734 | 2021-04-12 | Same-origin policy vulnerability in Bitdefender Safepay |
| CVE-2021-23270 | 2021-04-12 | In Gargoyle OS 1.12.0, when IPv6 is used, a routing... |
| CVE-2021-3125 | 2021-04-12 | In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 <... |
| CVE-2021-3128 | 2021-04-12 | In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS... |
| CVE-2021-29302 | 2021-04-12 | TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow... |
| CVE-2020-4920 | 2021-04-12 | IBM Jazz Team Server products are vulnerable to stored cross-site... |
| CVE-2020-4964 | 2021-04-12 | IBM Jazz Team Server products contain an undisclosed vulnerability that... |
| CVE-2020-4965 | 2021-04-12 | IBM Jazz Team Server products use weaker than expected cryptographic... |
| CVE-2021-20519 | 2021-04-12 | IBM Jazz Team Server products are vulnerable to cross-site scripting.... |
| CVE-2020-15390 | 2021-04-12 | pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that... |
| CVE-2021-29357 | 2021-04-12 | The ECT Provider component in OutSystems Platform Server 10 before... |
| CVE-2019-15059 | 2021-04-12 | In Liberty lisPBX 2.0-4, configuration backup files can be retrieved... |
| CVE-2021-21524 | 2021-04-12 | Dell SRM versions prior to 4.5.0.1 and Dell SMR versions... |
| CVE-2021-21545 | 2021-04-12 | Dell Peripheral Manager 1.3.1 or greater contains remediation for a... |
| CVE-2021-3163 | 2021-04-12 | A vulnerability in the HTML editor of Slab Quill 4.8.0... |
| CVE-2021-21394 | 2021-04-12 | Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints |
| CVE-2021-22497 | 2021-04-12 | Advanced Authentication Improper Session Management |
| CVE-2021-29429 | 2021-04-12 | Information disclosure through temporary directory permissions |
| CVE-2021-21393 | 2021-04-12 | Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints |
| CVE-2021-21392 | 2021-04-12 | Open redirect via transitional IPv6 addresses on dual-stack networks |
| CVE-2021-30039 | 2021-04-12 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the... |
| CVE-2021-30042 | 2021-04-12 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the... |
| CVE-2021-30044 | 2021-04-12 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the... |
| CVE-2021-30034 | 2021-04-12 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the... |
| CVE-2021-30030 | 2021-04-12 | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the... |
| CVE-2021-30503 | 2021-04-13 | The unofficial GLSL Linting extension before 1.4.0 for Visual Studio... |
| CVE-2021-30637 | 2021-04-13 | htmly 2.8.0 allows stored XSS via the blog title, Tagline,... |
| CVE-2021-29054 | 2021-04-13 | Certain Papoo products are affected by: Cross Site Request Forgery... |
| CVE-2021-29003 | 2021-04-13 | Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to... |
| CVE-2021-28938 | 2021-04-13 | Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x... |
| CVE-2021-27905 | 2021-04-13 | SSRF vulnerability with the Replication handler |
| CVE-2021-29262 | 2021-04-13 | Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings |
| CVE-2021-29943 | 2021-04-13 | Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections |
| CVE-2021-29425 | 2021-04-13 | Possible limited path traversal vulnerabily in Apache Commons IO |
| CVE-2021-25250 | 2021-04-13 | An improper access control vulnerability in Trend Micro Apex One,... |
| CVE-2021-25253 | 2021-04-13 | An improper access control vulnerability in Trend Micro Apex One,... |
| CVE-2021-28645 | 2021-04-13 | An incorrect permission assignment vulnerability in Trend Micro Apex One,... |
| CVE-2021-28646 | 2021-04-13 | An insecure file permissions vulnerability in Trend Micro Apex One,... |
| CVE-2021-28647 | 2021-04-13 | Trend Micro Password Manager version 5 (Consumer) is vulnerable to... |
| CVE-2021-30175 | 2021-04-13 | ZEROF Web Server 1.0 (April 2021) allows SQL Injection via... |
| CVE-2021-30176 | 2021-04-13 | The ZEROF Expert pro/2.0 application for mobile devices allows SQL... |
| CVE-2021-22505 | 2021-04-13 | Escalation of privileges vulnerability in Micro Focus Operations Agent, affects... |
| CVE-2020-27233 | 2021-04-13 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of... |
| CVE-2020-27234 | 2021-04-13 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of... |
| CVE-2020-27235 | 2021-04-13 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of... |
| CVE-2020-27236 | 2021-04-13 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of... |
| CVE-2020-27228 | 2021-04-13 | An incorrect default permissions vulnerability exists in the installation functionality... |
| CVE-2020-27227 | 2021-04-13 | An exploitable unatuhenticated command injection exists in the OpenClinic GA... |
| CVE-2020-13566 | 2021-04-13 | SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted... |
| CVE-2020-13568 | 2021-04-13 | SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted... |
| CVE-2021-21731 | 2021-04-13 | A CSRF vulnerability exists in the management page of a... |
| CVE-2021-21730 | 2021-04-13 | A ZTE product is impacted by improper access control vulnerability.... |
| CVE-2021-21729 | 2021-04-13 | Some ZTE products have CSRF vulnerability. Because some pages lack... |
| CVE-2021-23372 | 2021-04-13 | Denial of Service (DoS) |
| CVE-2021-29998 | 2021-04-13 | An issue was discovered in Wind River VxWorks before 6.5.... |
| CVE-2021-29999 | 2021-04-13 | An issue was discovered in Wind River VxWorks through 6.8.... |
| CVE-2021-29997 | 2021-04-13 | An issue was discovered in Wind River VxWorks 7 before... |
| CVE-2021-28973 | 2021-04-13 | The XML Import functionality of the Administration console in Perforce... |
| CVE-2021-29435 | 2021-04-13 | Cross-Site Request Forgery (CSRF) in trestle-auth |
| CVE-2021-29436 | 2021-04-13 | Cross site request forgery vulnerability |
| CVE-2021-21399 | 2021-04-13 | Unauthenticated SubSonic backend access in Ampache |
| CVE-2021-29428 | 2021-04-13 | Local privilege escalation through system temporary directory |
| CVE-2021-29427 | 2021-04-13 | Repository content filters do not work in Settings pluginManagement |
| CVE-2021-23278 | 2021-04-13 | Arbitrary File delete |
| CVE-2021-23276 | 2021-04-13 | Improper Neutralization of Special Elements used in an SQL Command |
| CVE-2021-23279 | 2021-04-13 | Arbitrary File delete |
| CVE-2021-23281 | 2021-04-13 | Remote Code execution |
| CVE-2021-23277 | 2021-04-13 | Improper Neutralization of Directives in Dynamically Evaluated Code |
| CVE-2021-23280 | 2021-04-13 | Arbitrary File upload |
| CVE-2020-28590 | 2021-04-13 | An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh()... |
| CVE-2021-21784 | 2021-04-13 | An out-of-bounds write vulnerability exists in the JPG format SOF... |
| CVE-2021-0438 | 2021-04-13 | In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there... |
| CVE-2021-0443 | 2021-04-13 | In several functions of ScreenshotHelper.java and related files, there is... |
| CVE-2021-0433 | 2021-04-13 | In onCreate of DeviceChooserActivity.java, there is a possible way to... |
| CVE-2021-0446 | 2021-04-13 | In ImportVCardActivity, there is a possible way to bypass user... |
| CVE-2021-0445 | 2021-04-13 | In start of WelcomeActivity.java, there is a possible residual profile... |