Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-26030
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVSS Score
6.1
EPSS Score
0.461
Published
2021-04-14
CVE-2021-26031
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-04-14
CVE-2021-27710
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.
CVSS Score
9.8
EPSS Score
0.202
Published
2021-04-14
CVE-2021-28484
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-04-14
CVE-2021-29654
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.
CVSS Score
7.2
EPSS Score
0.019
Published
2021-04-14
CVE-2021-30459
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-04-14
CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
CVSS Score
7.5
EPSS Score
0.688
Published
2021-04-14
CVE-2020-28124
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-04-14
CVE-2020-35660
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-04-14
CVE-2020-35419
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved