Export limit exceeded: 342973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47756 | 1 Laravel | 1 Valet | 2026-04-07 | 8.4 High |
| Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication. | ||||
| CVE-2021-47755 | 1 Softlinkint | 2 Oliver Library Server, Oliver V5 Library | 2026-04-07 | 7.5 High |
| Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem. | ||||
| CVE-2021-47754 | 1 Arunna | 1 Arunna | 2026-04-07 | 6.5 Medium |
| Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form. | ||||
| CVE-2021-47753 | 1 Phpkf | 2 Cms, Phpkf | 2026-04-07 | 9.8 Critical |
| phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter. | ||||
| CVE-2021-47752 | 1 Sylkat-tools | 2 Awebserver, Awebserver Ghostbuilding | 2026-04-07 | 7.5 High |
| AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the service unresponsive. | ||||
| CVE-2021-47751 | 1 Phphtmledit | 2 Cuteeditor, Rich Text Editor | 2026-04-07 | 7.5 High |
| CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using directory traversal sequences to write files outside the intended template directory. | ||||
| CVE-2021-47747 | 2026-04-07 | 8.8 High | ||
| meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges. | ||||
| CVE-2021-47738 | 1 Cszcms | 1 Csz Cms | 2026-04-07 | 5.4 Medium |
| CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard. | ||||
| CVE-2021-47737 | 1 Cszcms | 1 Csz Cms | 2026-04-07 | 5.4 Medium |
| CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks. | ||||
| CVE-2021-47733 | 1 Cmsimple | 1 Cmsimple | 2026-04-07 | 6.1 Medium |
| CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons. | ||||
| CVE-2021-47732 | 1 Cmsimple | 1 Cmsimple | 2026-04-07 | 6.1 Medium |
| CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection. | ||||
| CVE-2026-35177 | 1 Vim | 1 Vim | 2026-04-07 | 4.1 Medium |
| Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280. | ||||
| CVE-2021-47731 | 1 Selea | 24 Carplateserver, Izero Box Full, Izero Box Full Firmware and 21 more | 2026-04-07 | 9.8 Critical |
| Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings. | ||||
| CVE-2021-47730 | 1 Selea | 24 Carplateserver, Izero Box Full, Izero Box Full Firmware and 21 more | 2026-04-07 | 8.8 High |
| Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page. | ||||
| CVE-2021-47729 | 1 Selea | 24 Carplateserver, Izero Box Full, Izero Box Full Firmware and 21 more | 2026-04-07 | 5.4 Medium |
| Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session. | ||||
| CVE-2021-47728 | 1 Selea | 24 Carplateserver, Izero Box Full, Izero Box Full Firmware and 21 more | 2026-04-07 | 9.8 Critical |
| Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques. | ||||
| CVE-2021-47727 | 1 Selea | 24 Carplateserver, Izero Box Full, Izero Box Full Firmware and 21 more | 2026-04-07 | 5.3 Medium |
| Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage. | ||||
| CVE-2021-47724 | 1 Stvs | 1 Provision | 2026-04-07 | 6.5 Medium |
| STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd. | ||||
| CVE-2021-47723 | 1 Stvs | 1 Provision | 2026-04-07 | 8.8 High |
| STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users. | ||||
| CVE-2021-47722 | 1 Zucchetti | 1 Axess Cloki Access Control | 2026-04-07 | 3.5 Low |
| Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page. | ||||