Search

Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27568 3 Json-smart Project, Oracle, Redhat 11 Json-smart-v1, Json-smart-v2, Communications Cloud Native Core Policy and 8 more 2024-11-21 5.9 Medium
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
CVE-2021-27565 1 Hcc-embedded 1 Nichestack 2024-11-21 7.5 High
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook.
CVE-2021-27564 1 Appspace 1 Appspace 2024-11-21 5.4 Medium
A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes.
CVE-2021-27559 1 Monicahq 1 Monica 2024-11-21 5.4 Medium
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
CVE-2021-27558 1 Easycorp 1 Zentao 2024-11-21 6.1 Medium
A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.
CVE-2021-27557 1 Easycorp 1 Zentao 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.
CVE-2021-27556 1 Easycorp 1 Zentao 2024-11-21 7.2 High
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
CVE-2021-27550 1 Polarisoffice 1 Polaris Office 2024-11-21 5.5 Medium
Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.
CVE-2021-27549 1 Genymobile 1 Genymotion Desktop 2024-11-21 5.3 Medium
Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen
CVE-2021-27548 1 Xpdfreader 1 Xpdf 2024-11-21 5.5 Medium
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
CVE-2021-27545 1 Phpgurukul 1 Beauty Parlour Management System 2024-11-21 6.5 Medium
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
CVE-2021-27544 1 Phpgurukul 1 Beauty Parlour Management System 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.
CVE-2021-27531 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.
CVE-2021-27530 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.
CVE-2021-27529 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.
CVE-2021-27528 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.
CVE-2021-27527 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.
CVE-2021-27526 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.
CVE-2021-27524 1 Margox 1 Braft-editor 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.
CVE-2021-27523 1 Open-falcon 1 Dashboard 2024-11-21 9.8 Critical
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.