Export limit exceeded: 81042 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81042 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36722 | 1 Emuse - Eservices \/ Envoice Project | 1 Emuse - Eservices \/ Envoice | 2024-11-21 | 7.1 High |
| Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. | ||||
| CVE-2021-36719 | 1 Cybonet | 1 Mail Secure | 2024-11-21 | 8.8 High |
| PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code. | ||||
| CVE-2021-36716 | 1 Segment | 1 Is-email | 2024-11-21 | 7.5 High |
| A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU. | ||||
| CVE-2021-36710 | 1 Toaruos | 1 Toaruos | 2024-11-21 | 8.8 High |
| ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0. | ||||
| CVE-2021-36708 | 1 Prolink | 2 Prc2402m, Prc2402m Firmware | 2024-11-21 | 7.5 High |
| In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. | ||||
| CVE-2021-36691 | 1 Libjxl Project | 1 Libjxl | 2024-11-21 | 7.5 High |
| libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service. | ||||
| CVE-2021-36668 | 1 Druva | 1 Insync Client | 2024-11-21 | 7.8 High |
| URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. | ||||
| CVE-2021-36667 | 1 Druva | 1 Insync Client | 2024-11-21 | 7.8 High |
| Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library. | ||||
| CVE-2021-36666 | 1 Druva | 1 Insync Client | 2024-11-21 | 7.8 High |
| An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission. | ||||
| CVE-2021-36665 | 1 Druva | 1 Insync Client | 2024-11-21 | 7.8 High |
| An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon. | ||||
| CVE-2021-36625 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | ||||
| CVE-2021-36621 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 8.1 High |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator. | ||||
| CVE-2021-36531 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | ||||
| CVE-2021-36530 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. | ||||
| CVE-2021-36513 | 1 Signalwire | 1 Freeswitch | 2024-11-21 | 7.5 High |
| An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. | ||||
| CVE-2021-36512 | 1 Synchro | 1 Bulletin Board System | 2024-11-21 | 7.5 High |
| An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value. | ||||
| CVE-2021-36483 | 1 Devexpress | 1 Devexpress | 2024-11-21 | 8.8 High |
| DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. | ||||
| CVE-2021-36461 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.8 High |
| An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. | ||||
| CVE-2021-36460 | 1 Veryfitpro Project | 1 Veryfitpro | 2024-11-21 | 7.8 High |
| VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless. | ||||
| CVE-2021-36455 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php. | ||||