Export limit exceeded: 81229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40901 | 1 Scniro-validator Project | 1 Scniro-validator | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | ||||
| CVE-2021-40900 | 1 Regexfn Project | 1 Regexfn | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | ||||
| CVE-2021-40899 | 1 Repo-git-downloader Project | 1 Repo-git-downloader | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | ||||
| CVE-2021-40898 | 1 Scaffold-helper Project | 1 Scaffold-helper | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | ||||
| CVE-2021-40897 | 1 Split-html-to-chars Project | 1 Split-html-to-chars | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | ||||
| CVE-2021-40896 | 1 That-value Project | 1 That-value | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | ||||
| CVE-2021-40895 | 1 Todo-regex Project | 1 Todo-regex | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | ||||
| CVE-2021-40894 | 1 Underscore-99xp Project | 1 Underscore-99xp | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | ||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | ||||
| CVE-2021-40892 | 1 Validate Color Project | 1 Validate Color | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | ||||
| CVE-2021-40884 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 8.1 High |
| Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application. | ||||
| CVE-2021-40875 | 1 Gurock | 1 Testrail | 2024-11-21 | 7.5 High |
| Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data. | ||||
| CVE-2021-40873 | 1 Softing | 7 Datafeed Opc Suite, Edgeconnector, Opc and 4 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | ||||
| CVE-2021-40872 | 1 Softing | 2 Smartlink Hw-dp, Uatoolkit Embedded | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted. | ||||
| CVE-2021-40871 | 1 Softing | 4 Datafeed Opc Suite, Opc, Secure Integration Server and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted. | ||||
| CVE-2021-40867 | 1 Netgear | 40 Gc108p, Gc108p Firmware, Gc108pp and 37 more | 2024-11-21 | 7.8 High |
| Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. | ||||
| CVE-2021-40862 | 1 Hashicorp | 1 Terraform Enterprise | 2024-11-21 | 8.8 High |
| HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1. | ||||
| CVE-2021-40861 | 1 Genesys | 1 Intelligent Workload Distribution Manager | 2024-11-21 | 7.2 High |
| A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | ||||
| CVE-2021-40860 | 1 Genesys | 1 Intelligent Workload Distribution Manager | 2024-11-21 | 7.2 High |
| A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. | ||||
| CVE-2021-40857 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2024-11-21 | 8.8 High |
| Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | ||||