Export limit exceeded: 81229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40698 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.4 High |
| ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. | ||||
| CVE-2021-40690 | 4 Apache, Debian, Oracle and 1 more | 27 Cxf, Santuario Xml Security For Java, Tomee and 24 more | 2024-11-21 | 7.5 High |
| All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. | ||||
| CVE-2021-40683 | 2 Akamai, Microsoft | 2 Enterprise Application Access, Windows | 2024-11-21 | 7.8 High |
| In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. | ||||
| CVE-2021-40680 | 1 Articatech | 1 Web Proxy | 2024-11-21 | 8.1 High |
| There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | ||||
| CVE-2021-40668 | 1 Http File Server Project | 1 Http File Server | 2024-11-21 | 8.1 High |
| The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. | ||||
| CVE-2021-40662 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. | ||||
| CVE-2021-40660 | 1 Javadelight | 1 Nashorn Sandbox | 2024-11-21 | 7.5 High |
| An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | ||||
| CVE-2021-40639 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 7.5 High |
| Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js. | ||||
| CVE-2021-40636 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | ||||
| CVE-2021-40635 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. | ||||
| CVE-2021-40633 | 1 Giflib Project | 1 Giflib | 2024-11-21 | 8.8 High |
| A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | ||||
| CVE-2021-40578 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 7.2 High |
| Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. | ||||
| CVE-2021-40571 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40570 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40568 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40556 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 8.8 High |
| A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. | ||||
| CVE-2021-40553 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | ||||
| CVE-2021-40527 | 1 Onepeloton | 1 Peloton | 2024-11-21 | 8.6 High |
| Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application. | ||||
| CVE-2021-40523 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted. | ||||
| CVE-2021-40516 | 2 Debian, Weechat | 2 Debian Linux, Weechat | 2024-11-21 | 7.5 High |
| WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. | ||||