Vulnerabilities (CVE)
Yack CVE helps teams search and track vulnerabilities.
TOTAL
358,413 CVE
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. |
NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. |
3Debian FedoraprojectMediawiki3Debian Linux FedoraMediawikiJun 17, 2026 Jul 2, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages th...Show more |
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. N...Show more |
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access...Show more |
Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). |
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. |
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. |
3Debian FedoraprojectOisf3Debian Linux FedoraSuricataJun 17, 2026 Jul 22, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." |
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of t...Show more |
1Drk Odenwaldkreis 1Testerfassung Jun 17, 2026 Aug 30, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components. |
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. |
OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter. |
Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run. |
Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. |
1Fidelissecurity 2Deception NetworkJun 17, 2026 Jun 25, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the appl...Show more |
1Fidelissecurity 2Deception NetworkJun 17, 2026 Jun 25, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on t...Show more |
1Fidelissecurity 2Deception NetworkJun 17, 2026 Jun 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis so...Show more |
1Fidelissecurity 2Deception NetworkJun 17, 2026 Jun 25, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring F...Show more |
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. |
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. |
3Antisamy Project NetappOracle11Active Iq Unified Manager AntisamyBanking Enterprise Default Management+8 moreJun 17, 2026 Jul 19, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character. |
2Djangoproject Fedoraproject2Django FedoraJun 17, 2026 Jul 2, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. |
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decode...Show more |
2Debian Linux2Debian Linux Linux KernelJun 17, 2026 Jul 7, 2021 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not oc...Show more |