Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364230 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24129 | 1 Themify | 1 Portfolio Post | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. | ||||
| CVE-2021-24128 | 1 Wpdarko | 1 Team Members | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member. | ||||
| CVE-2021-24127 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation. | ||||
| CVE-2021-24126 | 1 Enviragallery | 1 Envira Gallery | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | ||||
| CVE-2021-24125 | 1 Contact Form Submissions Project | 1 Contact Form Submissions | 2024-11-21 | 7.2 High |
| Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+) | ||||
| CVE-2021-24124 | 1 Terryl | 1 Wp Shieldon | 2024-11-21 | 6.1 Medium |
| Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. | ||||
| CVE-2021-24123 | 1 Blubrry | 1 Powerpress | 2024-11-21 | 7.2 High |
| Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | ||||
| CVE-2021-24117 | 1 Apache | 1 Teaclave Sgx Sdk | 2024-11-21 | 4.9 Medium |
| In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | ||||
| CVE-2021-24116 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 4.9 Medium |
| In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | ||||
| CVE-2021-24115 | 1 Botan Project | 1 Botan | 2024-11-21 | 9.8 Critical |
| In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex). | ||||
| CVE-2021-24114 | 1 Microsoft | 1 Teams | 2024-11-21 | 5.7 Medium |
| Microsoft Teams iOS Information Disclosure Vulnerability | ||||
| CVE-2021-24113 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | 5.4 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2021-24112 | 1 Microsoft | 4 .net, .net Core, Mono and 1 more | 2024-11-21 | 8.1 High |
| .NET Core Remote Code Execution Vulnerability | ||||
| CVE-2021-24111 | 1 Microsoft | 10 .net, .net Framework, Windows 10 and 7 more | 2024-11-21 | 7.5 High |
| .NET Framework Denial of Service Vulnerability | ||||
| CVE-2021-24110 | 1 Microsoft | 1 High Efficiency Video Coding | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-24109 | 1 Microsoft | 1 Azure Kubernetes Service | 2024-11-21 | 6.8 Medium |
| Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-24108 | 1 Microsoft | 3 365 Apps, Excel, Office | 2024-11-21 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2021-24107 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 5.5 Medium |
| Windows Event Tracing Information Disclosure Vulnerability | ||||
| CVE-2021-24106 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 5.5 Medium |
| Windows DirectX Information Disclosure Vulnerability | ||||
| CVE-2021-24104 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.6 Medium |
| Microsoft SharePoint Server Spoofing Vulnerability | ||||