Export limit exceeded: 80790 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80790 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29070 | 1 Netgear | 10 Rbk852, Rbk852 Firmware, Rbk853 and 7 more | 2024-11-21 | 8.4 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | ||||
| CVE-2021-29069 | 1 Netgear | 6 Wnr2000v5, Wnr2000v5 Firmware, Xr450 and 3 more | 2024-11-21 | 7.3 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76. | ||||
| CVE-2021-29063 | 2 Fedoraproject, Mpmath | 2 Fedora, Mpmath | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called. | ||||
| CVE-2021-29061 | 1 Vfsjfilechooser2 Project | 1 Vfsjfilechooser2 | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs. | ||||
| CVE-2021-29059 | 2 Is-svg Project, Redhat | 2 Is-svg, Openshift | 2024-11-21 | 7.5 High |
| A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. | ||||
| CVE-2021-29054 | 1 Papoo | 1 Papoo | 2024-11-21 | 8.8 High |
| Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges (remote). | ||||
| CVE-2021-29053 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C. | ||||
| CVE-2021-29047 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 7.5 High |
| The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer. | ||||
| CVE-2021-29024 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 7.5 High |
| In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication. | ||||
| CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | ||||
| CVE-2021-29004 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. | ||||
| CVE-2021-28994 | 2 Kopano, Zarafa | 2 Groupware Core, Zarafa | 2024-11-21 | 7.5 High |
| kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. | ||||
| CVE-2021-28993 | 1 Plixer | 1 Scrutinizer | 2024-11-21 | 7.5 High |
| Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). | ||||
| CVE-2021-28976 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 7.2 High |
| Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. | ||||
| CVE-2021-28966 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2024-11-21 | 7.5 High |
| In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | ||||
| CVE-2021-28965 | 3 Fedoraproject, Redhat, Ruby-lang | 7 Fedora, Enterprise Linux, Rhel E4s and 4 more | 2024-11-21 | 7.5 High |
| The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. | ||||
| CVE-2021-28962 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.2 High |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | ||||
| CVE-2021-28961 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 8.8 High |
| applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | ||||
| CVE-2021-28956 | 1 Sass Lint Project | 1 Sass Lint | 2024-11-21 | 8.8 High |
| The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-28954 | 2 Bit Project, Microsoft | 2 Bit, Windows | 2024-11-21 | 7.8 High |
| In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. | ||||