Export limit exceeded: 343250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343250 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343250 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47728 | 1 Selea | 24 Carplateserver, Izero Box Full, Izero Box Full Firmware and 21 more | 2026-04-07 | 9.8 Critical |
| Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques. | ||||
| CVE-2021-47727 | 1 Selea | 24 Carplateserver, Izero Box Full, Izero Box Full Firmware and 21 more | 2026-04-07 | 5.3 Medium |
| Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage. | ||||
| CVE-2021-47724 | 1 Stvs | 1 Provision | 2026-04-07 | 6.5 Medium |
| STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd. | ||||
| CVE-2021-47723 | 1 Stvs | 1 Provision | 2026-04-07 | 8.8 High |
| STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users. | ||||
| CVE-2021-47722 | 1 Zucchetti | 1 Axess Cloki Access Control | 2026-04-07 | 3.5 Low |
| Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page. | ||||
| CVE-2021-47720 | 1 Orangescrum | 1 Orangescrum | 2026-04-07 | 7.1 High |
| Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information. | ||||
| CVE-2021-47719 | 1 Commax | 1 Webviewer Activex Control | 2026-04-07 | N/A |
| COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer overflow conditions and potentially gain code execution. | ||||
| CVE-2021-47718 | 1 Openbmcs | 1 Openbmcs | 2026-04-07 | 7.5 High |
| OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information. | ||||
| CVE-2021-47717 | 2026-04-07 | N/A | ||
| IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information. | ||||
| CVE-2021-47716 | 1 Orangescrum | 1 Orangescrum | 2026-04-07 | 5.4 Medium |
| Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints. | ||||
| CVE-2021-47714 | 1 Hasura | 1 Graphql Engine | 2026-04-07 | 5.5 Medium |
| Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server. | ||||
| CVE-2021-47710 | 1 Commax | 1 Smart Home System | 2026-04-07 | N/A |
| COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint. | ||||
| CVE-2021-47709 | 1 Commax | 1 Smart Home System | 2026-04-07 | N/A |
| COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint. | ||||
| CVE-2021-47708 | 1 Commax | 1 Smart Home System | 2026-04-07 | N/A |
| COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access. | ||||
| CVE-2021-47707 | 1 Commax | 1 Cvd-axx Dvr | 2026-04-07 | N/A |
| COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel. | ||||
| CVE-2021-47706 | 1 Commax | 1 Biometric Access Control System | 2026-04-07 | N/A |
| COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information. | ||||
| CVE-2021-47705 | 1 Commax | 1 Ums Client Activex Control | 2026-04-07 | N/A |
| COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access. | ||||
| CVE-2021-47704 | 1 Openbmcs | 1 Openbmcs | 2026-04-07 | 6.5 Medium |
| OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information. | ||||
| CVE-2021-47703 | 1 Openbmcs | 1 Openbmcs | 2026-04-07 | 7.2 High |
| OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host. | ||||
| CVE-2021-47702 | 1 Openbmcs | 1 Openbmcs | 2026-04-07 | 4.3 Medium |
| OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings. | ||||