Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-13 CVE-2021-38833 SQL Injection vulnerability in Apartment Visitors Management System Project Apartment Visitors Management System 1.0
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v.
7.5
2021-09-13 CVE-2020-27969 Origin Validation Error vulnerability in Yandex Browser
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
network
low complexity
yandex CWE-346
7.5
2021-09-10 CVE-2021-37422 SQL Injection vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
network
low complexity
zohocorp CWE-89
7.5
2021-09-10 CVE-2021-37423 Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
network
low complexity
zohocorp
7.5
2021-09-10 CVE-2021-38360 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wp-Publications Project Wp-Publications
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.
network
low complexity
wp-publications-project CWE-829
7.5
2021-09-10 CVE-2021-40373 Code Injection vulnerability in Playsms
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
network
low complexity
playsms CWE-94
7.5
2021-09-09 CVE-2021-25449 Improper Input Validation vulnerability in Google Android
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
network
low complexity
google CWE-20
7.5
2021-09-09 CVE-2020-19267 Unrestricted Upload of File with Dangerous Type vulnerability in Dswjcms Project Dswjcms 1.6.4
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
dswjcms-project CWE-434
7.5
2021-09-09 CVE-2021-32484 Out-of-bounds Write vulnerability in Mediatek Modem Lr12A/Lr13
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow.
network
low complexity
mediatek CWE-787
7.8
2021-09-09 CVE-2021-32485 Out-of-bounds Write vulnerability in Mediatek Modem Lr12A/Lr13
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow.
network
low complexity
mediatek CWE-787
7.8