Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-26558
Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.
CVSS Score
7.5
EPSS Score
0.028
Published
2021-11-11
CVE-2021-25980
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
CVSS Score
8.8
EPSS Score
0.022
Published
2021-11-11
CVE-2021-41080
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.
CVSS Score
9.8
EPSS Score
0.228
Published
2021-11-11
CVE-2021-41081
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-11-11
CVE-2021-41833
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
CVSS Score
9.8
EPSS Score
0.273
Published
2021-11-11
CVE-2021-42002
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
CVSS Score
9.8
EPSS Score
0.121
Published
2021-11-11
CVE-2021-42847
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
CVSS Score
9.8
EPSS Score
0.871
Published
2021-11-11
CVE-2021-43397
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.
CVSS Score
8.8
EPSS Score
0.183
Published
2021-11-11
CVE-2021-43573
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-11-11
CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
CVSS Score
9.8
EPSS Score
0.026
Published
2021-11-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved