Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-25874 | SQL Injection vulnerability in Youphptube AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | 7.5 |
| 2021-11-01 | CVE-2021-25877 | Code Injection vulnerability in Youphptube AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. | 7.2 |
| 2021-11-01 | CVE-2021-42557 | Unspecified vulnerability in Jeedom 4.0.38 In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials. | 7.5 |
| 2021-11-01 | CVE-2021-27644 | SQL Injection vulnerability in Apache Dolphinscheduler In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. | 8.8 |
| 2021-11-01 | CVE-2015-20067 | Unspecified vulnerability in WP Attachment Export Project WP Attachment Export The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress | 7.5 |
| 2021-11-01 | CVE-2018-25019 | Missing Authorization vulnerability in Learndash The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | 7.5 |
| 2021-11-01 | CVE-2020-36503 | Unspecified vulnerability in Connections-Pro Connections Business Directory The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue | 8.0 |
| 2021-11-01 | CVE-2021-24717 | Incorrect Authorization vulnerability in Automatorwp The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions. | 8.8 |
| 2021-11-01 | CVE-2021-24809 | Cross-Site Request Forgery (CSRF) vulnerability in Wordplus Better Messages The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. | 8.8 |
| 2021-11-01 | CVE-2021-40348 | Code Injection vulnerability in multiple products Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. | 8.8 |