CVE-2020-24036
Summary: PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote...
Vulnerabilities
CVE-2021-32740
Summary: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource...
CVE-2021-28931
Summary: Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes...
CVE-2020-25868
Summary: Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can...
CVE-2020-24144
Summary: Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to...
CVE-2021-34620
Summary: The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site...
CVE-2021-21807
Summary: An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file...
CVE-2021-21775
Summary: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A...
CVE-2021-34549
Summary: An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data....
CVE-2021-34550
Summary: An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory...
CVE-2021-35331
Summary: ** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated...
CVE-2020-25868
Summary: Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can...
CVE-2020-24144
Summary: Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to...
CVE-2021-26690
Summary: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL...
CVE-2021-31618
Summary: Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured...
CVE-2021-26038
Summary: An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks...
CVE-2021-3606
Summary: OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration...
CVE-2021-3613
Summary: OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file...
CVE-2021-3500
Summary: A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may...
CVE-2021-3517
Summary: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who...
CVE-2019-25048
Summary: LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). Reference Links(if available):...
CVE-2021-1723
Summary: ASP.NET Core and Visual Studio Denial of Service Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723 CVSS Score (if available) v2: /...
CVE-2021-1723
Summary: ASP.NET Core and Visual Studio Denial of Service Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723 CVSS Score (if available) v2: /...
CVE-2021-32704
Summary: DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability...
