Export limit exceeded: 363308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363308 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28436 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2024-11-21 | 7.8 High |
| Windows Speech Runtime Elevation of Privilege Vulnerability | ||||
| CVE-2021-28435 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 5.5 Medium |
| Windows Event Tracing Information Disclosure Vulnerability | ||||
| CVE-2021-28434 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 8.8 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2021-28429 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 5.5 Medium |
| Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file. | ||||
| CVE-2021-28428 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 9.8 Critical |
| File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE. | ||||
| CVE-2021-28427 | 1 Xnview | 1 Xnview | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. | ||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | ||||
| CVE-2021-28420 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | ||||
| CVE-2021-28419 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 7.2 High |
| The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | ||||
| CVE-2021-28418 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | ||||
| CVE-2021-28417 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | ||||
| CVE-2021-28411 | 1 Ruoyi | 1 Ruoyi | 2024-11-21 | 9.8 Critical |
| An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. | ||||
| CVE-2021-28399 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 5.3 Medium |
| OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function. | ||||
| CVE-2021-28398 | 1 Osgeo | 1 Geonetwork | 2024-11-21 | 7.2 High |
| A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0. | ||||
| CVE-2021-28382 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2024-11-21 | 5.4 Medium |
| Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. | ||||
| CVE-2021-28381 | 1 Vhs Project | 1 Vhs | 2024-11-21 | 9.8 Critical |
| The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper. | ||||
| CVE-2021-28380 | 1 Aimeos Project | 1 Aimeos | 2024-11-21 | 5.4 Medium |
| The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account. | ||||
| CVE-2021-28379 | 2 Myvestacp, Vestacp | 2 Myvesta, Vesta Control Panel | 2024-11-21 | 8.8 High |
| web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. | ||||
| CVE-2021-28378 | 1 Gitea | 1 Gitea | 2024-11-21 | 3.7 Low |
| Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. | ||||
| CVE-2021-28377 | 1 Chronoengine | 1 Chronoforums | 2024-11-21 | 5.3 Medium |
| ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. | ||||