CVE & Exploit Intelligence Database

CVE-2021-24868 4.3 MEDIUM EPSS 0.00

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.

CWE-668 Feb 01, 2022

CVE-2021-24775 5.3 MEDIUM EPSS 0.01

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.

CWE-668 Feb 01, 2022

CVE-2022-0334 4.3 MEDIUM EPSS 0.00

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.

CWE-668 Jan 25, 2022

CVE-2022-22154 6.8 MEDIUM EPSS 0.00

In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.

CWE-642 Jan 19, 2022

CVE-2021-44049 7.8 HIGH EPSS 0.00

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

CWE-668 Jan 15, 2022

CVE-2021-39628 3.3 LOW EPSS 0.00

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031

CWE-668 Jan 14, 2022

CVE-2022-23118 8.8 HIGH EPSS 0.01

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.

CWE-668 Jan 12, 2022

CVE-2022-21964 5.5 MEDIUM EPSS 0.02

Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability

CWE-668 Jan 11, 2022

CVE-2021-42749 5.3 MEDIUM EPSS 0.00

In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set.

CWE-668 Jan 10, 2022

CVE-2021-39971 7.5 HIGH EPSS 0.00

Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.

CWE-668 Jan 03, 2022

CVE-2021-37112 5.3 MEDIUM EPSS 0.00

Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak.

CWE-668 Jan 03, 2022

CVE-2021-1918 6.5 MEDIUM EPSS 0.00

Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE-668 Jan 03, 2022

CVE-2020-20948 7.5 HIGH EPSS 0.01

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.

CWE-668 Dec 27, 2021

CVE-2021-45708 7.5 HIGH EPSS 0.00

An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.

CWE-668 Dec 27, 2021

CVE-2019-8702 5.5 MEDIUM EPSS 0.00

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

CWE-668 Dec 23, 2021

CVE-2021-21878 4.9 MEDIUM EPSS 0.00

A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.

CWE-668 Dec 22, 2021

CVE-2020-35215 6.5 MEDIUM EPSS 0.00

An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.

CWE-668 Dec 16, 2021

CVE-2021-43893 7.5 HIGH EPSS 0.07

Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability

CWE-668 Dec 15, 2021

CVE-2021-43216 6.5 MEDIUM EPSS 0.18

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability

CWE-668 Dec 15, 2021

CVE-2021-41065 7.3 HIGH EPSS 0.00

An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).

CWE-668 Dec 14, 2021