CVE-2021-0057 - Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published: June 09, 2021; 4:15:08 PM -0400

V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM

CVE-2021-0058 - Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published: June 09, 2021; 4:15:08 PM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

CVE-2021-0056 - Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Published: June 09, 2021; 4:15:08 PM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

CVE-2021-33668 - Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.
Published: June 09, 2021; 9:15:07 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2021-24359 - The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user o... read CVE-2021-24359
Published: June 14, 2021; 10:15:08 AM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

CVE-2021-24358 - The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
Published: June 14, 2021; 10:15:08 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 5.8 MEDIUM

CVE-2021-24357 - In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leadi... read CVE-2021-24357
Published: June 14, 2021; 10:15:08 AM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2021-25948 - Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
Published: June 10, 2021; 8:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-25949 - Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
Published: June 10, 2021; 8:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2021-30548 - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published: June 15, 2021; 6:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-30549 - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Published: June 15, 2021; 6:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-24350 - The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.
Published: June 14, 2021; 10:15:08 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-30553 - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published: June 15, 2021; 6:15:09 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-30552 - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Published: June 15, 2021; 6:15:09 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-30551 - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published: June 15, 2021; 6:15:09 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2021-30547 - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Published: June 15, 2021; 6:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2020-22200 - Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
Published: June 16, 2021; 1:15:07 PM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

CVE-2020-35759 - bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
Published: June 16, 2021; 12:15:07 PM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2020-35762 - bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
Published: June 16, 2021; 12:15:08 PM -0400

V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM

CVE-2020-35760 - bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
Published: June 16, 2021; 12:15:07 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH