Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-33484 | Use of Hard-coded Credentials vulnerability in Onyaktech Comments PRO Project Onyaktech Comments PRO 3.8 An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. | 7.5 |
| 2021-09-06 | CVE-2021-24006 | Unspecified vulnerability in Fortinet Fortimanager An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. | 8.8 |
| 2021-09-06 | CVE-2021-32568 | Deserialization of Untrusted Data vulnerability in Mrdoc mrdoc is vulnerable to Deserialization of Untrusted Data | 7.8 |
| 2021-09-06 | CVE-2021-36744 | Link Following vulnerability in Trendmicro products Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. | 7.8 |
| 2021-09-06 | CVE-2021-3770 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
| 2021-09-06 | CVE-2021-24303 | SQL Injection vulnerability in Jiangqie Official Website Mini Program 1.0/1.0.5/1.1.0 The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues | 8.8 |
| 2021-09-06 | CVE-2021-24390 | Unspecified vulnerability in Alipay Project Alipay A proid GET parameter of the WordPress???Alipay|???Tenpay|??PayPal???? WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. | 7.2 |
| 2021-09-06 | CVE-2021-24391 | SQL Injection vulnerability in Cashtomer Project Cashtomer 1.0.0 An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 8.8 |
| 2021-09-06 | CVE-2021-24392 | SQL Injection vulnerability in Swiftcrm Club-Management-Software 1.0 An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 7.2 |
| 2021-09-06 | CVE-2021-24393 | SQL Injection vulnerability in Comment Highlighter Project Comment Highlighter 0.13 A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | 7.2 |