CVE-2021-41921
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.
Source: CVE-2021-41921
[월:] 2022년 04월
CVE-2022-24935
CVE-2022-24935
Lexmark products through 2022-02-10 have Incorrect Access Control.
Source: CVE-2022-24935
CVE-2022-29152
CVE-2022-29152
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.
Source: CVE-2022-29152
CVE-2021-33436
CVE-2021-33436
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITYSYSTEM.
Source: CVE-2021-33436
CVE-2022-29814
CVE-2022-29814
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
Source: CVE-2022-29814
CVE-2022-29818
CVE-2022-29818
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
Source: CVE-2022-29818
CVE-2022-29821
CVE-2022-29821
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
Source: CVE-2022-29821
CVE-2022-29820
CVE-2022-29820
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
Source: CVE-2022-29820
CVE-2022-29819
CVE-2022-29819
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
Source: CVE-2022-29819
CVE-2022-29817
CVE-2022-29817
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
Source: CVE-2022-29817