Export limit exceeded: 350424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80543 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25127 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2024-11-21 | 7.8 High |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice generatesslcertificate_func function. | ||||
| CVE-2021-25126 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2024-11-21 | 7.8 High |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice downloadkvmjnlp_func function. | ||||
| CVE-2021-25125 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2024-11-21 | 7.8 High |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice delsolrecordedvideo_func function path traversal vulnerability. | ||||
| CVE-2021-25124 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2024-11-21 | 7.8 High |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability. | ||||
| CVE-2021-25123 | 1 Hpe | 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more | 2024-11-21 | 7.8 High |
| The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function. | ||||
| CVE-2021-25119 | 1 Wpsocket | 1 Automatic Grid Image Listing | 2024-11-21 | 7.2 High |
| The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE | ||||
| CVE-2021-25108 | 1 Ip2location | 1 Country Blocker | 2024-11-21 | 7.1 High |
| The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | ||||
| CVE-2021-25095 | 1 Ip2location | 1 Country Blocker | 2024-11-21 | 7.1 High |
| The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | ||||
| CVE-2021-25093 | 1 Ylefebvre | 1 Link Library | 2024-11-21 | 7.5 High |
| The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request | ||||
| CVE-2021-25082 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 8.8 High |
| The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR | ||||
| CVE-2021-25076 | 1 Wedevs | 1 Wp User Frontend | 2024-11-21 | 8.8 High |
| The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting | ||||
| CVE-2021-25073 | 1 Webmaster-source | 1 Wp125 | 2024-11-21 | 8.8 High |
| The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack | ||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2024-11-21 | 7.2 High |
| The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | ||||
| CVE-2021-25064 | 1 Wow-company | 1 Wow Countdowns | 2024-11-21 | 7.2 High |
| The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. | ||||
| CVE-2021-25054 | 1 Wow-company | 1 Wpcalc | 2024-11-21 | 8.8 High |
| The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability. | ||||
| CVE-2021-25053 | 1 Wow-company | 1 Wp Coder | 2024-11-21 | 8.8 High |
| The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25052 | 1 Wow-company | 1 Button Generator | 2024-11-21 | 8.8 High |
| The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25051 | 1 Wow-company | 1 Modal Window | 2024-11-21 | 8.8 High |
| The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE. | ||||
| CVE-2021-25045 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 7.2 High |
| The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | ||||
| CVE-2021-25036 | 1 Aioseo | 1 All In One Seo | 2024-11-21 | 8.8 High |
| The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites. | ||||