CVE List - 2021 / May
Showing 1 - 100 of 1494 CVEs for May 2021 (Page 1 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-28359 | 2021-05-02 | Apache Airflow Reflected XSS via Origin Query Argument in URL |
| CVE-2021-31996 | 2021-05-03 | An issue was discovered in the algorithmica crate through 2021-03-07... |
| CVE-2021-25631 | 2021-05-03 | denylist of executable filename extensions possible to bypass under windows |
| CVE-2021-29369 | 2021-05-03 | The gnuplot package prior to version 0.1.0 for Node.js allows... |
| CVE-2021-28860 | 2021-05-03 | In Node.js mixme, prior to v0.5.1, an attacker can add... |
| CVE-2021-29241 | 2021-05-03 | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference... |
| CVE-2021-29238 | 2021-05-03 | CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). |
| CVE-2021-29239 | 2021-05-03 | CODESYS Development System 3 before 3.5.17.0 displays or executes malicious... |
| CVE-2021-29242 | 2021-05-03 | CODESYS Control Runtime system before 3.5.17.0 has improper input validation.... |
| CVE-2020-20247 | 2021-05-03 | Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory... |
| CVE-2020-20218 | 2021-05-03 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption... |
| CVE-2021-21264 | 2021-05-03 | Bypass of fix for CVE-2020-26231, Twig sandbox escape |
| CVE-2020-28945 | 2021-05-03 | OX App Suite 7.10.4 and earlier allows XSS via crafted... |
| CVE-2020-35755 | 2021-05-03 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices.... |
| CVE-2020-35756 | 2021-05-03 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices.... |
| CVE-2020-35757 | 2021-05-03 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices.... |
| CVE-2020-35758 | 2021-05-03 | An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices.... |
| CVE-2020-23083 | 2021-05-03 | Unrestricted File Upload in JEECG v4.0 and earlier allows remote... |
| CVE-2021-32020 | 2021-05-03 | The kernel in Amazon Web Services FreeRTOS before 10.4.3 has... |
| CVE-2020-23015 | 2021-05-03 | An open redirect issue was discovered in OPNsense through 20.1.5.... |
| CVE-2021-31164 | 2021-05-04 | Apache Unomi log injection |
| CVE-2021-23343 | 2021-05-04 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-23383 | 2021-05-04 | Prototype Pollution |
| CVE-2021-29240 | 2021-05-04 | The Package Manager of CODESYS Development System 3 before 3.5.17.0... |
| CVE-2021-3154 | 2021-05-04 | An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated... |
| CVE-2021-22547 | 2021-05-04 | Buffer overrun in Google Cloud IoT Device SDK for Embedded C |
| CVE-2020-27518 | 2021-05-04 | All versions of Windscribe VPN for Mac and Windows <=... |
| CVE-2021-29477 | 2021-05-04 | Vulnerability in the STRALGO LCS command |
| CVE-2021-21551 | 2021-05-04 | Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which... |
| CVE-2020-21999 | 2021-05-04 | iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an... |
| CVE-2020-4987 | 2021-05-04 | The IBM FlashSystem 900 user management GUI is vulnerable to... |
| CVE-2021-29478 | 2021-05-04 | Vulnerability in the COPY command for large intsets |
| CVE-2021-26804 | 2021-05-04 | Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2... |
| CVE-2021-31542 | 2021-05-05 | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2... |
| CVE-2021-25179 | 2021-05-05 | SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting... |
| CVE-2020-22428 | 2021-05-05 | SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross... |
| CVE-2020-36334 | 2021-05-05 | themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the... |
| CVE-2020-36333 | 2021-05-05 | themegrill-demo-importer before 1.6.2 does not require authentication for wiping the... |
| CVE-2021-25319 | 2021-05-05 | virtualbox: missing sticky bit for /etc/vbox allows local root exploit for members of vboxusers group |
| CVE-2021-25317 | 2021-05-05 | cups: ownership of /var/log/cups allows the lp user to create files as root |
| CVE-2021-31800 | 2021-05-05 | Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through... |
| CVE-2021-29245 | 2021-05-05 | BTCPay Server through 1.0.7.0 uses a weak method Next to... |
| CVE-2021-29246 | 2021-05-05 | BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows... |
| CVE-2021-29247 | 2021-05-05 | BTCPay Server through 1.0.7.0 could allow a remote attacker to... |
| CVE-2021-29248 | 2021-05-05 | BTCPay Server through 1.0.7.0 could allow a remote attacker to... |
| CVE-2021-29250 | 2021-05-05 | BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site... |
| CVE-2021-20254 | 2021-05-05 | A flaw was found in samba. The Samba smbd file... |
| CVE-2016-20010 | 2021-05-05 | EWWW Image Optimizer before 2.8.5 allows remote command execution because... |
| CVE-2020-13666 | 2021-05-05 | Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does... |
| CVE-2020-13665 | 2021-05-05 | Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API... |
| CVE-2020-13662 | 2021-05-05 | Open Redirect vulnerability in Drupal Core allows a user to... |
| CVE-2020-13664 | 2021-05-05 | Arbitrary PHP code execution vulnerability in Drupal Core under certain... |
| CVE-2021-31517 | 2021-05-05 | Trend Micro Home Network Security 6.5.599 and earlier is vulnerable... |
| CVE-2021-31518 | 2021-05-05 | Trend Micro Home Network Security 6.5.599 and earlier is vulnerable... |
| CVE-2021-32055 | 2021-05-05 | Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through... |
| CVE-2021-29100 | 2021-05-05 | ArcGIS Earth has a File Parsing Directory Traversal Vulnerability |
| CVE-2021-29489 | 2021-05-05 | Options structure open to XSS if passed unfiltered |
| CVE-2020-4883 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information... |
| CVE-2020-4929 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site... |
| CVE-2020-4932 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such... |
| CVE-2020-4979 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure... |
| CVE-2020-4993 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying... |
| CVE-2020-5013 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a... |
| CVE-2021-20397 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site... |
| CVE-2021-20401 | 2021-05-05 | IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such... |
| CVE-2021-31411 | 2021-05-05 | Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 |
| CVE-2021-29101 | 2021-05-05 | ArcGIS GeoEvent Server has a Directory Traversal security vulnerability. |
| CVE-2021-29490 | 2021-05-05 | Unauthenticated GET requests through Remote Image endpoints |
| CVE-2021-24255 | 2021-05-05 | Essential Addons for Elementor < 4.5.4 - Contributor+ Stored Cross-Site Scripting (XSS) |
| CVE-2021-24256 | 2021-05-05 | Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS |
| CVE-2021-24257 | 2021-05-05 | Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS) |
| CVE-2021-24258 | 2021-05-05 | ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS |
| CVE-2021-24259 | 2021-05-05 | Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS |
| CVE-2021-24260 | 2021-05-05 | Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS |
| CVE-2021-24261 | 2021-05-05 | HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS |
| CVE-2021-24262 | 2021-05-05 | WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS |
| CVE-2021-24263 | 2021-05-05 | PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS |
| CVE-2021-24264 | 2021-05-05 | Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS |
| CVE-2021-24265 | 2021-05-05 | Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS |
| CVE-2021-24266 | 2021-05-05 | The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS |
| CVE-2021-24267 | 2021-05-05 | All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS |
| CVE-2021-24268 | 2021-05-05 | JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS |
| CVE-2021-24269 | 2021-05-05 | Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS |
| CVE-2021-24270 | 2021-05-05 | DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS |
| CVE-2021-24271 | 2021-05-05 | Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS |
| CVE-2021-24272 | 2021-05-05 | Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS) |
| CVE-2021-24273 | 2021-05-05 | Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS |
| CVE-2021-24274 | 2021-05-05 | Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS) |
| CVE-2021-24275 | 2021-05-05 | Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS) |
| CVE-2021-24276 | 2021-05-05 | Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS) |
| CVE-2021-24293 | 2021-05-05 | NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-32062 | 2021-05-05 | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and... |
| CVE-2021-24178 | 2021-05-05 | Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS |
| CVE-2021-24179 | 2021-05-05 | Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE |
| CVE-2021-24214 | 2021-05-05 | OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error |
| CVE-2021-24236 | 2021-05-05 | Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE |
| CVE-2021-24243 | 2021-05-05 | WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored Cross-Site Scripting (XSS) |
| CVE-2021-24244 | 2021-05-05 | WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update |
| CVE-2021-24245 | 2021-05-05 | Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24246 | 2021-05-05 | WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS |