Export limit exceeded: 81264 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81264 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43161 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. | ||||
| CVE-2021-43160 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. | ||||
| CVE-2021-43159 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. | ||||
| CVE-2021-43145 | 1 Zammad | 1 Zammad | 2024-11-21 | 8.1 High |
| With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | ||||
| CVE-2021-43138 | 3 Async Project, Fedoraproject, Redhat | 4 Async, Fedora, Rhmt and 1 more | 2024-11-21 | 7.8 High |
| In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | ||||
| CVE-2021-43137 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 8.8 High |
| Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | ||||
| CVE-2021-43116 | 1 Alibaba | 1 Nacos | 2024-11-21 | 8.8 High |
| An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login. | ||||
| CVE-2021-43114 | 2 Debian, Fort Validator Project | 2 Debian Linux, Fort Validator | 2024-11-21 | 7.5 High |
| FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation. | ||||
| CVE-2021-43109 | 1 Puneethreddyhc Online-shopping-system Project | 1 Puneethreddyhc Online-shopping-system | 2024-11-21 | 7.5 High |
| An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php. | ||||
| CVE-2021-43103 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | ||||
| CVE-2021-43102 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | ||||
| CVE-2021-43101 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | ||||
| CVE-2021-43100 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code. | ||||
| CVE-2021-43098 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function. | ||||
| CVE-2021-43097 | 1 Diyhi | 1 Bbs | 2024-11-21 | 7.2 High |
| A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. | ||||
| CVE-2021-43091 | 1 Yeswiki | 1 Yeswiki | 2024-11-21 | 7.5 High |
| An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. | ||||
| CVE-2021-43083 | 1 Apache | 1 Plc4x | 2024-11-21 | 8.8 High |
| Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together. | ||||
| CVE-2021-43077 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers. | ||||
| CVE-2021-43075 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. | ||||
| CVE-2021-43073 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||