Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2020-18476
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-08-26
CVE-2020-18477
SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-08-26
CVE-2021-30590
Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-26
CVE-2021-40147
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-08-26
CVE-2021-32076
Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation page, from a non-privileged IP address network range or loopback address by intercepting the HTTP request and changing the referrer from the public IP address to the loopback.
CVSS Score
5.3
EPSS Score
0.005
Published
2021-08-26
CVE-2021-36352
Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-26
CVE-2021-3734
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-26
CVE-2021-38559
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-26
CVE-2021-27944
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-08-26
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved