Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2021
CVE-2020-21809
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-07-30
CVE-2020-21854
Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-30
CVE-2020-22761
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-07-30
CVE-2020-22765
Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-07-30
CVE-2020-10590
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-07-30
CVE-2020-11511
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.
CVSS Score
8.1
EPSS Score
0.028
Published
2021-07-30
CVE-2020-14999
A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-07-30
CVE-2021-29736
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.
CVSS Score
5.0
EPSS Score
0.007
Published
2021-07-30
CVE-2021-29781
IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091.
CVSS Score
9.8
EPSS Score
0.041
Published
2021-07-30
CVE-2021-25273
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-07-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved