Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-28791 | Unspecified vulnerability in Swiftformat Project Swiftformat The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace. network swiftformat-project | 6.8 |
| 2021-03-18 | CVE-2021-28790 | Unspecified vulnerability in Swiftlint Project Swiftlint The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace. network swiftlint-project | 6.8 |
| 2021-03-18 | CVE-2021-28789 | Unspecified vulnerability in Apple-Swift-Format Project Apple-Swift-Format The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. network apple-swift-format-project | 6.8 |
| 2021-03-18 | CVE-2021-28145 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. | 3.5 |
| 2021-03-18 | CVE-2021-26216 | Cross-Site Request Forgery (CSRF) vulnerability in Seeddms SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. | 4.3 |
| 2021-03-18 | CVE-2021-26215 | Cross-Site Request Forgery (CSRF) vulnerability in Seeddms SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. | 4.3 |
| 2021-03-18 | CVE-2021-27306 | Use of Incorrectly-Resolved Name or Reference vulnerability in Konghq Kong Gateway An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT. | 7.5 |
| 2021-03-18 | CVE-2021-26935 | SQL Injection vulnerability in Wowonder In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter. | 5.0 |
| 2021-03-18 | CVE-2021-24149 | SQL Injection vulnerability in Webnus Modern Events Calendar Lite Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. | 6.5 |
| 2021-03-18 | CVE-2021-24148 | Improper Authentication vulnerability in Inspireui Mstore API A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. | 10.0 |