CVE-2021-27196 - Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC... read CVE-2021-27196
Published: June 14, 2021; 6:15:11 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-26273 - The Agent in NinjaRMM 5.0.909 has Incorrect Access Control.
Published: July 07, 2021; 10:15:10 AM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

CVE-2021-26274 - The Agent in NinjaRMM 5.0.909 has Insecure Permissions.
Published: July 07, 2021; 10:15:10 AM -0400

V3.1: 7.1 HIGH
V2.0: 3.6 LOW

CVE-2021-32529 - Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands.
Published: July 07, 2021; 10:15:11 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-32530 - OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter.
Published: July 07, 2021; 10:15:11 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-32531 - OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions.
Published: July 07, 2021; 10:15:11 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-32532 - Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions.
Published: July 07, 2021; 10:15:11 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-32533 - The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions.
Published: July 07, 2021; 10:15:11 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-32534 - QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions.
Published: July 07, 2021; 10:15:12 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-32535 - The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions.
Published: July 07, 2021; 10:15:12 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-34621 - A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3... read CVE-2021-34621
Published: July 07, 2021; 9:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-34622 - A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their p... read CVE-2021-34622
Published: July 07, 2021; 9:15:08 AM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

CVE-2021-34623 - A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This is... read CVE-2021-34623
Published: July 07, 2021; 9:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-34624 - A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issu... read CVE-2021-34624
Published: July 07, 2021; 9:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-31771 - Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated ... read CVE-2021-31771
Published: July 06, 2021; 10:15:21 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2021-34625 - A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and prior.
Published: July 07, 2021; 9:15:08 AM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-22228 - An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.
Published: July 06, 2021; 6:15:08 PM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM

CVE-2021-22232 - HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE
Published: July 06, 2021; 5:15:08 PM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-34626 - A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior.
Published: July 07, 2021; 9:15:08 AM -0400

V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM

CVE-2021-22229 - An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member.
Published: July 06, 2021; 5:15:08 PM -0400

V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM