CVE-2020-13460 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.
Published: February 09, 2021; 12:15:13 AM -0500

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2020-21995 - Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
Published: April 29, 2021; 11:15:10 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-29240 - The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.
Published: May 04, 2021; 8:15:16 AM -0400

V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-31800 - Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused... read CVE-2021-31800
Published: May 05, 2021; 7:15:07 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-29100 - A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution un... read CVE-2021-29100
Published: May 05, 2021; 12:15:07 PM -0400

V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-28899 - Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
Published: April 29, 2021; 11:15:10 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-32098 - Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
Published: May 07, 2021; 12:15:07 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-32099 - A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
Published: May 07, 2021; 12:15:07 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-25319 - A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versi... read CVE-2021-25319
Published: May 05, 2021; 5:15:07 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2021-23343 - All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Published: May 04, 2021; 5:15:07 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-31443 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31443
Published: May 07, 2021; 5:15:07 PM -0400

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM

CVE-2020-23128 - Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
Published: May 06, 2021; 9:15:09 AM -0400

V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM

CVE-2021-31442 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... read CVE-2021-31442
Published: May 07, 2021; 5:15:07 PM -0400

V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-31441 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... read CVE-2021-31441
Published: May 07, 2021; 5:15:07 PM -0400

V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-31446 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31446
Published: May 07, 2021; 5:15:07 PM -0400

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM

CVE-2021-31445 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31445
Published: May 07, 2021; 5:15:07 PM -0400

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM

CVE-2021-32091 - A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.
Published: May 07, 2021; 1:15:08 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-31444 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... read CVE-2021-31444
Published: May 07, 2021; 5:15:07 PM -0400

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM

CVE-2021-26122 - LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.
Published: May 07, 2021; 8:15:07 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-26123 - LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm.
Published: May 07, 2021; 8:15:07 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM