Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-21420
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-04-01
CVE-2021-21421
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-04-01
CVE-2021-28047
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-04-01
CVE-2021-28969
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-04-01
CVE-2021-28970
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-04-01
CVE-2021-29421
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-04-01
CVE-2020-19618
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-01
CVE-2020-19619
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-01
CVE-2021-27653
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
CVSS Score
6.6
EPSS Score
0.003
Published
2021-04-01
CVE-2020-19613
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved