tokio Crate up to 1.8.3/1.13.0 on Rust memory corruption [CVE-2021-45710]
A vulnerability was found in tokio Crate up to 1.8.3/1.13.0 on Rust (Rust Package). It has been rated as critical. Affected by this issue is an unknown function. Upgrading to version 1.8.4 or 1.13.1 eliminates this vulnerability.
rusqlite Crate up to 0.25.3/0.26.1 on Rust commit_hook use after free
A vulnerability classified as critical has been found in rusqlite Crate up to 0.25.3/0.26.1 on Rust (Rust Package). This affects the function commit_hook. Upgrading to version 0.25.4 or 0.26.2 eliminates this vulnerability.
vec-const Crate up to 1.x on Rust memory corruption [CVE-2021-45680]
A vulnerability classified as critical was found in vec-const Crate up to 1.x on Rust (Rust Package). This vulnerability affects some unknown functionality. Upgrading to version 2.0.0 eliminates this vulnerability.
Simple JWT Login Plugin up to 3.2.x on WordPress Password Creation str_shuffle inadequate encryption
A vulnerability, which was classified as problematic, has been found in Simple JWT Login Plugin up to 3.2.x on WordPress (WordPress Plugin). This issue affects the function str_shuffle of the component Password Creation. Upgrading to version 3.3.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download […]
WP Guppy Plugin up to 1.2 on WordPress REST API Endpoint authorization
A vulnerability, which was classified as critical, was found in WP Guppy Plugin up to 1.2 on WordPress (WordPress Plugin). Affected is an unknown code of the component REST API Endpoint. Upgrading to version 1.3 eliminates this vulnerability.
Rich Reviews Plugin up to 1.9.5 on WordPress GET Parameter orderby sql injection
A vulnerability has been found in Rich Reviews Plugin up to 1.9.5 on WordPress (WordPress Plugin) and classified as critical. Affected by this vulnerability is an unknown code block of the component GET Parameter Handler. Upgrading to version 1.9.6 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready […]
Tickera Plugin prior 3.4.8.3 on WordPress Booked Event cross site scripting
A vulnerability was found in Tickera Plugin on WordPress (WordPress Plugin) and classified as problematic. Affected by this issue is some unknown processing of the component Booked Event Handler. Upgrading to version 3.4.8.3 eliminates this vulnerability.
Build Beautiful Conversational Forms Plugin up to 1.4.2 on WordPress Publish ID Setting cross site scripting
A vulnerability was found in Build Beautiful Conversational Forms Plugin up to 1.4.2 on WordPress (WordPress Plugin). It has been classified as problematic. This affects an unknown function of the component Publish ID Setting Handler. Upgrading to version 1.4.3 eliminates this vulnerability.
Contact Form & Lead Form Elementor Builder Plugin up to 1.6.3 on WordPress cross site scripting
A vulnerability was found in Contact Form & Lead Form Elementor Builder Plugin up to 1.6.3 on WordPress (WordPress Plugin). It has been declared as problematic. This vulnerability affects an unknown functionality. Upgrading to version 1.6.4 eliminates this vulnerability.
Paid Memberships Pro Plugin up to 2.6.5 on WordPress Admin Page cross site scripting
A vulnerability was found in Paid Memberships Pro Plugin up to 2.6.5 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects some unknown functionality of the component Admin Page. Upgrading to version 2.6.6 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download […]
Gwolle Guestbook Plugin up to 4.1.x on WordPress Admin Page gwolle_gb_user_email cross site scripting
A vulnerability classified as problematic has been found in Gwolle Guestbook Plugin up to 4.1.x on WordPress (WordPress Plugin). Affected is an unknown part of the component Admin Page. Upgrading to version 4.2.0 eliminates this vulnerability.
WPFront User Role Editor Plugin prior 3.2.1.11184 on WordPress Admin Dashboard changes-saved cross site scripting
A vulnerability classified as problematic was found in WPFront User Role Editor Plugin on WordPress (WordPress Plugin). Affected by this vulnerability is an unknown code of the component Admin Dashboard. Upgrading to version 3.2.1.11184 eliminates this vulnerability.
Smart Floating & Sticky Buttons Plugin up to 2.5.4 on WordPress Parameter cross site scripting
A vulnerability, which was classified as problematic, has been found in Smart Floating & Sticky Buttons Plugin up to 2.5.4 on WordPress (WordPress Plugin). Affected by this issue is an unknown code block of the component Parameter Handler. Upgrading to version 2.5.5 eliminates this vulnerability.
WordPress Download Manager Plugin prior 3.2.22 on WordPress Template Data wpdm_save_template cross site scripting
A vulnerability, which was classified as problematic, was found in WordPress Download Manager Plugin on WordPress (Content Management System). This affects the function wpdm_save_template of the component Template Data Handler. Upgrading to version 3.2.22 eliminates this vulnerability.
WP RSS Aggregator Plugin prior 4.19.3 on WordPress System Info Admin Dashboard wprss_dismiss_addon_notice cross site scripting
A vulnerability has been found in WP RSS Aggregator Plugin on WordPress (WordPress Plugin) and classified as problematic. This vulnerability affects the function wprss_dismiss_addon_notice of the component System Info Admin Dashboard. Upgrading to version 4.19.3 eliminates this vulnerability.
vim use after free [CVE-2021-4173]
A vulnerability was found in vim (Word Processing Software) (unknown version) and classified as critical. This issue affects an unknown functionality. Applying the patch 9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 is able to eliminate this problem. The bugfix is ready for download at github.com.
Avast Antivirus up to 20.3 Sandbox permission
A vulnerability was found in Avast Antivirus up to 20.3 (Anti-Malware Software). It has been classified as critical. Affected is some unknown functionality of the component Sandbox. Upgrading to version 20.4 eliminates this vulnerability.
Avast Antivirus up to 20.3 Sandbox access control
A vulnerability was found in Avast Antivirus up to 20.3 (Anti-Malware Software). It has been declared as critical. Affected by this vulnerability is an unknown part of the component Sandbox. Upgrading to version 20.4 eliminates this vulnerability.
Avast Antivirus up to 20.7 Self-Defense Driver wsc_proxy.exe access control
A vulnerability was found in Avast Antivirus up to 20.7 (Anti-Malware Software). It has been rated as critical. Affected by this issue is an unknown code of the file wsc_proxy.exe of the component Self-Defense Driver. Upgrading to version 20.8 eliminates this vulnerability.
Avast Antivirus up to 20.3 access control [CVE-2021-45338]
A vulnerability classified as critical has been found in Avast Antivirus up to 20.3 (Anti-Malware Software). This affects an unknown code block. Upgrading to version 20.4 eliminates this vulnerability.
Avast Antivirus up to 20.3 Trusted Process access control
A vulnerability classified as critical was found in Avast Antivirus up to 20.3 (Anti-Malware Software). This vulnerability affects some unknown processing of the component Trusted Process Handler. Upgrading to version 20.4 eliminates this vulnerability.
Apache APISIX Dashboard up to 2.10.0 Manager API missing authentication
A vulnerability, which was classified as critical, has been found in Apache APISIX Dashboard up to 2.10.0 (Forum Software). This issue affects an unknown function of the component Manager API. Upgrading to version 2.10.1 eliminates this vulnerability.
IBM OPENBMC OP910 Web UI cross site scripting [CVE-2021-38961]
A vulnerability, which was classified as problematic, was found in IBM OPENBMC OP910 (version unknown). Affected is an unknown functionality of the component Web UI. Upgrading eliminates this vulnerability.
Qibosoft 7 Article post.php cross-site request forgery
A vulnerability has been found in Qibosoft 7 and classified as problematic. Affected by this vulnerability is some unknown functionality of the file /member/post.php?job=postnew&step=post of the component Article Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.