Total
29921 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23328 | 1 Iniparserjs Project | 1 Iniparserjs | 2026-06-17 | 6.8 MEDIUM | 5.6 MEDIUM |
| This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | |||||
| CVE-2021-23261 | 1 Craftercms | 1 Crafter Cms | 2026-06-17 | 4.0 MEDIUM | 4.5 MEDIUM |
| Authenticated administrators may override the system configuration file and cause a denial of service. | |||||
| CVE-2021-23253 | 1 Opera | 1 Opera Mini | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue. | |||||
| CVE-2021-23244 | 1 Oppo | 1 Coloros | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | |||||
| CVE-2021-23203 | 1 Odoo | 1 Odoo | 2026-06-17 | N/A | 7.5 HIGH |
| Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | |||||
| CVE-2021-23188 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2026-06-17 | N/A | 3.3 LOW |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-23173 | 1 Philips | 1 Engage | 2026-06-17 | 4.0 MEDIUM | 2.6 LOW |
| The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. | |||||
| CVE-2021-23152 | 1 Intel | 1 Advisor | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-23140 | 1 Gallagher | 1 Command Centre | 2026-06-17 | 6.5 MEDIUM | 9.9 CRITICAL |
| Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | |||||
| CVE-2021-23136 | 1 Gallagher | 1 Command Centre | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | |||||
| CVE-2021-23055 | 1 F5 | 1 Nginx Ingress Controller | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-22976 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22941 | 1 Citrix | 1 Sharefile Storagezones Controller | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. | |||||
| CVE-2021-22928 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. | |||||
| CVE-2021-22917 | 1 Brave | 1 Browser | 2026-06-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. | |||||
| CVE-2021-22916 | 1 Brave | 1 Brave | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure. | |||||
| CVE-2021-22911 | 1 Rocket.chat | 1 Rocket.chat | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. | |||||
| CVE-2021-22910 | 1 Rocket.chat | 1 Rocket.chat | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. | |||||
| CVE-2021-22907 | 1 Citrix | 1 Workspace | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4. | |||||
| CVE-2021-22904 | 1 Rubyonrails | 1 Rails | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. | |||||
