Export limit exceeded: 366574 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366574 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37443 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 8.1 High |
| NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | ||||
| CVE-2021-37442 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 6.5 Medium |
| NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | ||||
| CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 8.8 High |
| NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | ||||
| CVE-2021-37440 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 6.5 Medium |
| NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | ||||
| CVE-2021-37439 | 1 Nch | 1 Flexiserver | 2024-11-21 | 6.5 Medium |
| NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. | ||||
| CVE-2021-37436 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2024-11-21 | 4.2 Medium |
| Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | ||||
| CVE-2021-37425 | 1 Altova | 1 Mobiletogether Server | 2024-11-21 | 9.1 Critical |
| Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key. | ||||
| CVE-2021-37424 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. | ||||
| CVE-2021-37423 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | ||||
| CVE-2021-37422 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | ||||
| CVE-2021-37421 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | ||||
| CVE-2021-37420 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. | ||||
| CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | ||||
| CVE-2021-37417 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | ||||
| CVE-2021-37416 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. | ||||
| CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 High |
| Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | ||||
| CVE-2021-37413 | 1 Grandcom | 1 Dynweb | 2024-11-21 | 9.8 Critical |
| GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings. | ||||
| CVE-2021-37412 | 1 It-economics | 1 Techradar | 2024-11-21 | 6.1 Medium |
| The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar. | ||||
| CVE-2021-37404 | 1 Apache | 1 Hadoop | 2024-11-21 | 9.8 Critical |
| There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | ||||
| CVE-2021-37403 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. | ||||