Export limit exceeded: 350467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80550 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80550 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25904 | 1 Av-data Project | 1 Av-data | 2024-11-21 | 7.5 High |
| An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault. | ||||
| CVE-2021-25903 | 1 Cache Project | 1 Cache | 2024-11-21 | 7.5 High |
| An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced. | ||||
| CVE-2021-25902 | 1 Glsl-layout Project | 1 Glsl-layout | 2024-11-21 | 7.5 High |
| An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop. | ||||
| CVE-2021-25899 | 1 Void | 1 Aurall Rec Monitor | 2024-11-21 | 7.5 High |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1. | ||||
| CVE-2021-25898 | 1 Void | 1 Aural Rec Monitor | 2024-11-21 | 7.5 High |
| An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server. | ||||
| CVE-2021-25877 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.2 High |
| AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. | ||||
| CVE-2021-25874 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.5 High |
| AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | ||||
| CVE-2021-25864 | 1 Dgtl | 1 Huemagic | 2024-11-21 | 7.5 High |
| node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file. | ||||
| CVE-2021-25863 | 1 Open5gs | 1 Open5gs | 2024-11-21 | 8.8 High |
| Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. | ||||
| CVE-2021-25857 | 1 Supermicro-cms Project | 1 Supermicro-cms | 2024-11-21 | 7.2 High |
| An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php. | ||||
| CVE-2021-25849 | 1 Moxa | 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more | 2024-11-21 | 7.5 High |
| An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet. | ||||
| CVE-2021-25846 | 1 Moxa | 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more | 2024-11-21 | 7.5 High |
| Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. | ||||
| CVE-2021-25845 | 1 Moxa | 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more | 2024-11-21 | 7.5 High |
| Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet. | ||||
| CVE-2021-25837 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 7.5 High |
| Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token". | ||||
| CVE-2021-25836 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 7.5 High |
| Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memory(stateObject.code) and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contracts. | ||||
| CVE-2021-25835 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 7.5 High |
| Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack. | ||||
| CVE-2021-25834 | 1 Chainsafe | 1 Ethermint | 2024-11-21 | 7.5 High |
| Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application. | ||||
| CVE-2021-25829 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 High |
| An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server. | ||||
| CVE-2021-25811 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 7.5 High |
| MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed. | ||||
| CVE-2021-25808 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.8 High |
| A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | ||||