Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-27005 | Unspecified vulnerability in Netapp Ontap System Manager 9.7/9.8/9.9.12 Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | 7.5 |
| 2021-11-01 | CVE-2021-3440 | Unspecified vulnerability in HP Smart HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. | 7.8 |
| 2021-11-01 | CVE-2021-3704 | Unspecified vulnerability in HP products Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device. | 7.5 |
| 2021-11-01 | CVE-2021-25874 | SQL Injection vulnerability in Youphptube AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | 7.5 |
| 2021-11-01 | CVE-2021-25877 | Code Injection vulnerability in Youphptube AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. | 7.2 |
| 2021-11-01 | CVE-2021-42557 | Unspecified vulnerability in Jeedom 4.0.38 In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials. | 7.5 |
| 2021-11-01 | CVE-2021-27644 | SQL Injection vulnerability in Apache Dolphinscheduler In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. | 8.8 |
| 2021-11-01 | CVE-2015-20067 | Unspecified vulnerability in WP Attachment Export Project WP Attachment Export The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress | 7.5 |
| 2021-11-01 | CVE-2018-25019 | Missing Authorization vulnerability in Learndash The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | 7.5 |
| 2021-11-01 | CVE-2020-36503 | Unspecified vulnerability in Connections-Pro Connections Business Directory The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue | 8.0 |