CVE List - 2021 / July
Showing 101 - 200 of 1581 CVEs for July 2021 (Page 2 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-36415 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple... |
| CVE-2020-36416 | 2021-07-02 | A stored cross scripting (XSS) vulnerability in CMS Made Simple... |
| CVE-2021-32737 | 2021-07-02 | XSS Injection in Media Collection Title was possible |
| CVE-2021-32738 | 2021-07-02 | Utils.readChallengeTx does not verify the server account signature |
| CVE-2021-33889 | 2021-07-02 | OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because... |
| CVE-2021-30554 | 2021-07-02 | Use after free in WebGL in Google Chrome prior to... |
| CVE-2021-30555 | 2021-07-02 | Use after free in Sharing in Google Chrome prior to... |
| CVE-2021-30556 | 2021-07-02 | Use after free in WebAudio in Google Chrome prior to... |
| CVE-2021-30557 | 2021-07-02 | Use after free in TabGroups in Google Chrome prior to... |
| CVE-2021-34807 | 2021-07-02 | An open redirect vulnerability exists in the /preauth Servlet in... |
| CVE-2021-35209 | 2021-07-02 | An issue was discovered in ProxyServlet.java in the /proxy servlet... |
| CVE-2021-35208 | 2021-07-02 | An issue was discovered in ZmMailMsgView.js in the Calendar Invite... |
| CVE-2021-35207 | 2021-07-02 | An issue was discovered in Zimbra Collaboration Suite 8.8 before... |
| CVE-2021-36148 | 2021-07-02 | An issue was discovered in ACRN before 2.5. dmar_free_irte in... |
| CVE-2021-36147 | 2021-07-02 | An issue was discovered in ACRN before 2.5. It allows... |
| CVE-2021-36146 | 2021-07-02 | ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for... |
| CVE-2021-36145 | 2021-07-02 | The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c... |
| CVE-2021-36144 | 2021-07-02 | The polling timer handler in ACRN before 2.5 has a... |
| CVE-2021-36143 | 2021-07-02 | ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. |
| CVE-2021-34527 | 2021-07-02 | Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2021-33192 | 2021-07-05 | Display information UI XSS |
| CVE-2021-23401 | 2021-07-05 | Open Redirect |
| CVE-2020-26763 | 2021-07-05 | The Rocket.Chat desktop application 2.17.11 opens external links without user... |
| CVE-2021-35331 | 2021-07-05 | In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might... |
| CVE-2021-36158 | 2021-07-05 | In the xrdp package (in branches through 3.14) for Alpine... |
| CVE-2021-32233 | 2021-07-05 | SmarterTools SmarterMail before Build 7776 allows XSS. |
| CVE-2021-3598 | 2021-07-06 | There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior... |
| CVE-2021-24005 | 2021-07-06 | Usage of hard-coded cryptographic keys to encrypt configuration files and... |
| CVE-2021-24375 | 2021-07-06 | Motor theme < 3.1.0 - Local File Inclusion |
| CVE-2021-24384 | 2021-07-06 | JoomSport < 5.1.8 - Unauthenticated PHP Object Injection |
| CVE-2021-24386 | 2021-07-06 | WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG |
| CVE-2021-24387 | 2021-07-06 | Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24388 | 2021-07-06 | Vik Rent Car < 1.1.7 - CSRF to Stored XSS |
| CVE-2021-24389 | 2021-07-06 | FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24405 | 2021-07-06 | Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting |
| CVE-2021-24406 | 2021-07-06 | wpForo Forum < 1.9.7 - Open Redirect |
| CVE-2021-24407 | 2021-07-06 | Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24451 | 2021-07-06 | Export Users With Meta < 0.6.5 - Authenticated SQL Injection |
| CVE-2021-24494 | 2021-07-06 | WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS) |
| CVE-2021-32559 | 2021-07-06 | An integer overflow exists in pywin32 prior to version b301... |
| CVE-2021-27930 | 2021-07-06 | Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows... |
| CVE-2021-32740 | 2021-07-06 | Regular Expression Denial of Service in Addressable templates |
| CVE-2021-35440 | 2021-07-06 | Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A... |
| CVE-2021-34190 | 2021-07-06 | A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of... |
| CVE-2020-22251 | 2021-07-06 | Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the... |
| CVE-2020-22249 | 2021-07-06 | Remote Code Execution vulnerability in phplist 3.5.1. The application does... |
| CVE-2021-22229 | 2021-07-06 | An issue has been discovered in GitLab CE/EE affecting all... |
| CVE-2021-22232 | 2021-07-06 | HTML injection was possible via the full name field before... |
| CVE-2020-23697 | 2021-07-06 | Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the... |
| CVE-2021-22226 | 2021-07-06 | Under certain conditions, some users were able to push to... |
| CVE-2021-22228 | 2021-07-06 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2021-22223 | 2021-07-06 | Client-Side code injection through Feature Flag name in GitLab CE/EE... |
| CVE-2021-35039 | 2021-07-07 | kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification,... |
| CVE-2021-20738 | 2021-07-07 | WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent... |
| CVE-2021-20739 | 2021-07-07 | WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S,... |
| CVE-2021-20776 | 2021-07-07 | Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker... |
| CVE-2021-20777 | 2021-07-07 | Improper authorization in handler for custom URL scheme vulnerability in... |
| CVE-2021-20779 | 2021-07-07 | Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer... |
| CVE-2021-20780 | 2021-07-07 | Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency... |
| CVE-2021-26035 | 2021-07-07 | [20210701] - Core - XSS in JForm Rules field |
| CVE-2021-26036 | 2021-07-07 | [20210702] - Core - DoS through usergroup table manipulation |
| CVE-2021-26037 | 2021-07-07 | [20210703] - Core - Lack of enforced session termination |
| CVE-2021-26038 | 2021-07-07 | [20210704] - Core - Privilege escalation through com_installer |
| CVE-2021-26039 | 2021-07-07 | [20210705] - Core - XSS in com_media imagelist |
| CVE-2021-22231 | 2021-07-07 | A denial of service in user's profile page is found... |
| CVE-2021-22227 | 2021-07-07 | A reflected cross-site script vulnerability in GitLab before versions 13.11.6,... |
| CVE-2021-22230 | 2021-07-07 | Improper code rendering while rendering merge requests could be exploited... |
| CVE-2021-22225 | 2021-07-07 | Insufficient input sanitization in markdown in GitLab version 13.11 and... |
| CVE-2021-22555 | 2021-07-07 | Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE |
| CVE-2021-22224 | 2021-07-07 | A cross-site request forgery vulnerability in the GraphQL API in... |
| CVE-2021-25952 | 2021-07-07 | Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows... |
| CVE-2021-34622 | 2021-07-07 | ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation |
| CVE-2021-34620 | 2021-07-07 | CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation |
| CVE-2021-34623 | 2021-07-07 | ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in Image Uploader Component |
| CVE-2021-34621 | 2021-07-07 | ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation |
| CVE-2021-34624 | 2021-07-07 | ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component |
| CVE-2021-34626 | 2021-07-07 | WP Upload Restriction <= 2.2.3 - Missing Access Control in deleteCustomType function |
| CVE-2021-34627 | 2021-07-07 | WP Upload Restriction <= 2.2.3 - Missing Access Control in getSelectedMimeTypesByRole function |
| CVE-2021-34625 | 2021-07-07 | WP Upload Restriction <= 2.2.3 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-36212 | 2021-07-07 | app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the... |
| CVE-2021-22233 | 2021-07-07 | An information disclosure vulnerability in GitLab EE versions 13.10 and... |
| CVE-2020-20211 | 2021-07-07 | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure... |
| CVE-2020-20212 | 2021-07-07 | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption... |
| CVE-2020-20213 | 2021-07-07 | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion... |
| CVE-2020-20215 | 2021-07-07 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption... |
| CVE-2020-20216 | 2021-07-07 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption... |
| CVE-2021-35451 | 2021-07-07 | In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can... |
| CVE-2020-20225 | 2021-07-07 | Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion... |
| CVE-2020-24038 | 2021-07-07 | myFax version 229 logs sensitive information in the export log... |
| CVE-2020-24141 | 2021-07-07 | Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress... |
| CVE-2020-24142 | 2021-07-07 | Server-side request forgery in the Video Downloader for TikTok (aka... |
| CVE-2020-24143 | 2021-07-07 | Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok)... |
| CVE-2020-24144 | 2021-07-07 | Directory traversal in the Media File Organizer (aka media-file-organizer) plugin... |
| CVE-2020-24145 | 2021-07-07 | Cross Site Scripting (XSS) vulnerability in the CM Download Manager... |
| CVE-2020-24146 | 2021-07-07 | Directory traversal in the CM Download Manager (aka cm-download-manager) plugin... |
| CVE-2020-24147 | 2021-07-07 | Server-side request forgery (SSR) vulnerability in the WP Smart Import... |
| CVE-2020-24148 | 2021-07-07 | Server-side request forgery (SSRF) in the Import XML and RSS... |
| CVE-2020-24149 | 2021-07-07 | Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline)... |
| CVE-2020-25868 | 2021-07-07 | Pexip Infinity 22.x through 24.x before 24.2 has Improper Input... |
| CVE-2020-25925 | 2021-07-07 | Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient... |