List of latest published vulnerabilities.

Exploit-DB

• [webapps] i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS) October 15, 2021
  i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
• [local] SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path October 14, 2021
  SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path
• [webapps] TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated) October 14, 2021
  TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)
• [webapps] Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated) October 13, 2021
  Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)
• [webapps] Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) October 13, 2021
  Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
• [remote] Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH) October 13, 2021
  Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH)
• [remote] Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection October 13, 2021
  Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection
• [webapps] Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF) October 13, 2021
  Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
• [webapps] Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass October 13, 2021
  Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass
• [webapps] Simple Issue Tracker System 1.0 - SQLi Authentication Bypass October 13, 2021
  Simple Issue Tracker System 1.0 - SQLi Authentication Bypass

National Vulnerability Database

• CVE-2018-16061 October 15, 2021
  Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
• CVE-2018-16060 October 15, 2021
  Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
• CVE-2021-27561 October 15, 2021
  Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
• CVE-2021-29745 October 15, 2021
  IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
• CVE-2020-4951 October 15, 2021
  IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
• CVE-2021-41320 October 15, 2021
  A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user.
• CVE-2021-29679 October 15, 2021
  IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
• CVE-2021-28021 October 15, 2021
  Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
• CVE-2021-40997 October 15, 2021
  A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
• CVE-2021-40998 October 15, 2021
  A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.