Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-74

CVE IDCVSSVendorExploitPatchTrends
CVE-2021-3197An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
CVSS 9.8Fedoraproject, et al

-

Patched

Trending graph for this CVE
CVE-2021-3169An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2021-3154An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
CVSS 7.5Solarwinds

-

Patched

Trending graph for this CVE
CVE-2021-31402The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.
CVSS 7.5Flutterchina

Exploit

Patched

Trending graph for this CVE
CVE-2021-31249A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
CVSS 6.5Chiyu-tech

Exploit

Patched

Trending graph for this CVE
CVE-2021-31164Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
CVSS 7.5Apache

-

Patched

Trending graph for this CVE
CVE-2021-30777An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.
CVSS 7.8Apple

-

Patched

Trending graph for this CVE
CVE-2021-30653This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.
CVSS 7.8Apple

-

Patched

Trending graph for this CVE
CVE-2021-30540Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSS 6.5Fedoraproject, et al

Exploit

Patched

Trending graph for this CVE
CVE-2021-30506Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
CVSS 8.8Fedoraproject, et al

-

Patched

Trending graph for this CVE
CVE-2021-3027app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.
CVSS 6.5

-

Patched

Trending graph for this CVE
CVE-2021-30214Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
CVSS 5.4Eng

Exploit

-

Trending graph for this CVE
CVE-2021-30057A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
CVSS 4.8Eng

Exploit

-

Trending graph for this CVE
CVE-2021-29955A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
CVSS 5.3Mozilla

-

Patched

Trending graph for this CVE
CVE-2021-29795IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.
CVSS 6Ibm

-

Patched

Trending graph for this CVE
CVE-2021-29702Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.
CVSS 7.5Ibm

-

Patched

Trending graph for this CVE
CVE-2021-29676IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
CVSS 5.4Ibm

-

Patched

Trending graph for this CVE
CVE-2021-29502WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally.
CVSS 6.5Warnsystem project

-

Patched

Trending graph for this CVE
CVE-2021-29501Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable the exploitable code.
CVSS 6.5Dav-cogs project

-

Patched

Trending graph for this CVE
CVE-2021-29454Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
CVSS 8.8Fedoraproject, et al

-

Patched

Trending graph for this CVE
CVE-2021-29416An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
CVSS 6.5Portswigger

Exploit

Patched

Trending graph for this CVE
CVE-2021-29414STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
CVSS 6.1St

-

-

Trending graph for this CVE
CVE-2021-29210A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.
CVSS 4.8Hp

-

Patched

Trending graph for this CVE
CVE-2021-29209A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.
CVSS 4.8Hp

-

Patched

Trending graph for this CVE
CVE-2021-29208A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.
CVSS 4.8Hp

-

Patched

Trending graph for this CVE
CVE-2021-29156ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
CVSS 7.5Forgerock

Exploit

Patched

Trending graph for this CVE
CVE-2021-29085Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVSS 7.5Synology

-

Patched

Trending graph for this CVE
CVE-2021-29084Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVSS 7.5Synology

-

Patched

Trending graph for this CVE
CVE-2021-28979SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.
CVSS 6.5Thalesgroup

-

Patched

Trending graph for this CVE
CVE-2021-28963Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
CVSS 5.3Debian, et al

-

Patched

Trending graph for this CVE
CVE-2021-28829The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.
CVSS 8Tibco

-

Patched

Trending graph for this CVE
CVE-2021-27971Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.
CVSS 7.8Alpsalpine

Exploit

-

Trending graph for this CVE
CVE-2021-27908In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
CVSS 4.4Acquia

Exploit

-

Trending graph for this CVE
CVE-2021-27730Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
CVSS 9.8Accellion

-

-

Trending graph for this CVE
CVE-2021-27614SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application.
CVSS 7.1Sap

-

Patched

Trending graph for this CVE
CVE-2021-27611SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.
CVSS 6.7Sap

-

Patched

Trending graph for this CVE
CVE-2021-27493Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
CVSS 6.5Philips

-

Patched

Trending graph for this CVE
CVE-2021-27185The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.
CVSS 9.8Samba-client project

Exploit

Patched

Trending graph for this CVE
CVE-2021-27182An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVSS 8.8Altn

Exploit

Patched

Trending graph for this CVE
CVE-2021-27132SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVSS 9.8Sercomm

Exploit

-

Trending graph for this CVE
CVE-2021-26543The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5.
CVSS 8.8Wayfair

Exploit

-

Trending graph for this CVE
CVE-2021-26084In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVSS 9.8Atlassian

Exploit

Patched

Trending graph for this CVE
CVE-2021-26069Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.
CVSS 5.3Atlassian

-

Patched

Trending graph for this CVE
CVE-2021-26068An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.
CVSS 8.8Atlassian

-

Patched

Trending graph for this CVE
CVE-2021-25994In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
CVSS 8.8Userfrosting

Exploit

Patched

Trending graph for this CVE
CVE-2021-25980In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
CVSS 8.8Talkyard

-

Patched

Trending graph for this CVE
CVE-2021-25682It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVSS 7.8Canonical

Exploit

-

Trending graph for this CVE
CVE-2021-24948The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts
CVSS 7.5Posimyth

Exploit

Patched

Trending graph for this CVE
CVE-2021-24144Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.
CVSS 7.8Ciphercoin

-

-

Trending graph for this CVE
CVE-2021-24002When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVSS 8.8Mozilla

-

Patched

Trending graph for this CVE
CVE-2021-23400The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.
CVSS 8.8Nodemailer

Exploit

Patched

Trending graph for this CVE
CVE-2021-23335All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.
CVSS 7.5Is-user-valid project

Exploit

-

Trending graph for this CVE
CVE-2021-22910A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
CVSS 9.8Rocket.chat

Exploit

-

Trending graph for this CVE
CVE-2021-22879Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
CVSS 8.8Nextcloud, et al

Exploit

Patched

Trending graph for this CVE
CVE-2021-22331There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
CVSS 7.5Huawei

-

Patched

Trending graph for this CVE
CVE-2021-22232HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE
CVSS 5.4Gitlab

-

Patched

Trending graph for this CVE
CVE-2021-22204Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVSS 7.8Exiftool project, et al

Exploit

Patched

Trending graph for this CVE
CVE-2021-22191Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
CVSS 8.8Wireshark, et al

Exploit

Patched

Trending graph for this CVE
CVE-2021-22055The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.
CVSS 5.3Vmware

-

-

Trending graph for this CVE
CVE-2021-22035VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
CVSS 4.3Vmware

-

Patched

Trending graph for this CVE
CVE-2021-21743ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.
CVSS 4.3Zte

-

Patched

Trending graph for this CVE
CVE-2021-21580Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
CVSS 4.3Dell

-

Patched

Trending graph for this CVE
CVE-2021-21510Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVSS 6.1Dell

-

Patched

Trending graph for this CVE
CVE-2021-21479In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
CVSS 9.1Sap

-

-

Trending graph for this CVE
CVE-2021-21420vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.
CVSS 7.8Stripe

-

-

Trending graph for this CVE
CVE-2021-21381Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.
CVSS 8.2Fedoraproject, et al

-

Patched

Trending graph for this CVE
CVE-2021-21372Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
CVSS 8.8Nim-lang

Exploit

Patched

Trending graph for this CVE
CVE-2021-21353Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
CVSS 9Pugjs

Exploit

Patched

Trending graph for this CVE
CVE-2021-21333Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0.
CVSS 6.1Fedoraproject, et al

-

Patched

Trending graph for this CVE
CVE-2021-21316less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0.
CVSS 7.8Less-openui5 project

-

Patched

Trending graph for this CVE
CVE-2021-21313GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript:alert(document.cookie)&_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket (Payload triggered if you click on the button). /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id=(){};(function%20(){alert(document.cookie);})();function%20a&#.
CVSS 6.1Glpi-project

-

-

Trending graph for this CVE
CVE-2021-21305CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.
CVSS 8.8Carrierwave project

Exploit

Patched

Trending graph for this CVE
CVE-2021-21303Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used "as is" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data.
CVSS 6.8Helm

-

Patched

Trending graph for this CVE
CVE-2021-21278RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint.
CVSS 9.8Rsshub

-

Patched

Trending graph for this CVE
CVE-2021-21277angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where "userControlledInput" is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a ".constructor.constructor" technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput.
CVSS 8.8Peerigon

-

Patched

Trending graph for this CVE
CVE-2021-21263Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.
CVSS 5.3Laravel

-

Patched

Trending graph for this CVE
CVE-2021-21261Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0.
CVSS 8.8Flatpak, et al

-

Patched

Trending graph for this CVE
CVE-2021-21249OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using `SafeConstructor`) allows the instantiation of arbitrary classes. We can leverage that to run arbitrary code by instantiating classes such as `javax.script.ScriptEngineManager` and using `URLClassLoader` to load the script engine provider, resulting in the instantiation of a user controlled class. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by only allowing certain known classes to be deserialized
CVSS 8.8Onedev project

-

Patched

Trending graph for this CVE
CVE-2021-21248OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job parameters can run arbitrary code on OneDev's server by injecting arbitrary Groovy code. The ultimate result is in the injection of a static constructor that will run arbitrary code. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by escaping special characters such as quote from user input.
CVSS 8.8Onedev project

-

Patched

Trending graph for this CVE
CVE-2021-21247OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can access this listener by submitting a POST request to any page. This issue may lead to `post-auth RCE` This endpoint is subject to authentication and, therefore, requires a valid user to carry on the attack. This issue was addressed in 4.0.3 by encrypting serialization payload with secrets only known to server.
CVSS 8.8Onedev project

-

-

Trending graph for this CVE
CVE-2021-21244OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely.
CVSS 9.8Onedev project

-

Patched

Trending graph for this CVE
CVE-2021-21243OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue was fixed in 4.0.3 by not using deserialization at KubernetesResource side.
CVSS 9.8Onedev project

-

Patched

Trending graph for this CVE
CVE-2021-21242OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or authorization checks. This issue may lead to pre-auth remote code execution. This issue was fixed in 4.0.3 by removing AttachmentUploadServlet and not using deserialization
CVSS 9.8Onedev project

-

Patched

Trending graph for this CVE
CVE-2021-21141Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
CVSS 6.5Google, et al

-

Patched

Trending graph for this CVE
CVE-2021-21137Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
CVSS 6.5Google, et al

Exploit

Patched

Trending graph for this CVE
CVE-2021-20802HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.
CVSS 5.3Cybozu

-

Patched

Trending graph for this CVE
CVE-2021-20736NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
CVSS 9.1Weseek

-

Patched

Trending graph for this CVE
CVE-2021-20644ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.
CVSS 6.1Elecom

-

Patched

Trending graph for this CVE
CVE-2021-20574IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252.
CVSS 8.8Ibm

-

Patched

Trending graph for this CVE
CVE-2021-20543IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929.
CVSS 5.4Ibm

-

Patched

Trending graph for this CVE
CVE-2021-20509IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.
CVSS 9.8Ibm

-

Patched

Trending graph for this CVE
CVE-2021-20101Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content.
CVSS 6.1Machform

Exploit

-

Trending graph for this CVE
CVE-2021-1432A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
CVSS 7.3Cisco

-

Patched

Trending graph for this CVE
CVE-2021-1221A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.
CVSS 4.1Cisco

-

Patched

Trending graph for this CVE
CVE-2021-0594In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176445224
CVSS 8Google

Exploit

Patched

Trending graph for this CVE
CVE-2021-0567In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179461812
CVSS 7.8Google

-

Patched

Trending graph for this CVE
CVE-2021-0553In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038
CVSS 7.3Google

-

Patched

Trending graph for this CVE
CVE-2021-0551In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039
CVSS 6.5Google

-

Patched

Trending graph for this CVE
CVE-2021-0268An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1.
CVSS 9.3Juniper

-

Patched

Trending graph for this CVE
CVE-2020-9757The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
CVSS 9.8Craftcms

Exploit

Patched

Trending graph for this CVE