Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2020-19155 | Exposure of Resource to Wrong Sphere vulnerability in Jflyfox Jfinal CMS Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | 8.8 |
| 2021-09-15 | CVE-2020-19159 | Cross-Site Request Forgery (CSRF) vulnerability in Laiketui 3.0 Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. | 8.8 |
| 2021-09-15 | CVE-2021-21798 | Unspecified vulnerability in Gonitro Nitro PRO 13.31.0.605/13.33.2.645 An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. | 7.8 |
| 2021-09-15 | CVE-2020-3960 | Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. | 8.4 |
| 2021-09-15 | CVE-2021-27662 | Authentication Bypass by Capture-replay vulnerability in Johnsoncontrols Kantech Kt-1 Door Controller Firmware The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. | 8.1 |
| 2021-09-15 | CVE-2021-30137 | XXE vulnerability in Axiossystems Assyst 10 Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. | 8.2 |
| 2021-09-15 | CVE-2021-3794 | Unspecified vulnerability in Vuelidate Project Vuelidate vuelidate is vulnerable to Inefficient Regular Expression Complexity | 7.5 |
| 2021-09-15 | CVE-2021-3796 | vim is vulnerable to Use After Free | 7.3 |
| 2021-09-15 | CVE-2021-40845 | Unrestricted Upload of File with Dangerous Type vulnerability in Zenitel Alphacom XE Audio Server The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. | 8.8 |
| 2021-09-15 | CVE-2020-35340 | Files or Directories Accessible to External Parties vulnerability in Expertpdf A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | 7.5 |