Export limit exceeded: 352825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81432 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46509 | 1 Cesanta | 1 Mjs | 2024-11-21 | 7.8 High |
| Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. | ||||
| CVE-2021-46483 | 1 Jsish | 1 Jsish | 2024-11-21 | 7.8 High |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c. | ||||
| CVE-2021-46482 | 1 Jsish | 1 Jsish | 2024-11-21 | 7.8 High |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c. | ||||
| CVE-2021-46462 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | ||||
| CVE-2021-46459 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 High |
| Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. | ||||
| CVE-2021-46458 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 7.5 High |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. | ||||
| CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 8.8 High |
| In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | ||||
| CVE-2021-46440 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.5 High |
| Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. | ||||
| CVE-2021-46436 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | ||||
| CVE-2021-46421 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 7.5 High |
| Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | ||||
| CVE-2021-46420 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 7.5 High |
| Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | ||||
| CVE-2021-46418 | 1 Telesquare | 2 Tlr-2855ks6, Tlr-2855ks6 Firmware | 2024-11-21 | 7.5 High |
| An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | ||||
| CVE-2021-46417 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | 7.5 High |
| Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | ||||
| CVE-2021-46416 | 1 Sma | 2 Sunny Tripower, Sunny Tripower Firmware | 2024-11-21 | 8.1 High |
| Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. | ||||
| CVE-2021-46408 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter. | ||||
| CVE-2021-46398 | 1 Filebrowser | 1 Filebrowser | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. | ||||
| CVE-2021-46389 | 1 High Resolution Streaming Image Server Project | 1 High Resolution Streaming Image Server | 2024-11-21 | 7.5 High |
| IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters. | ||||
| CVE-2021-46385 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 High |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | ||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 High |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | ||||
| CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-11-21 | 7.5 High |
| Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | ||||