Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27362 1 Irfanview 2 Irfanview, Wpg 2024-11-21 9.8 Critical
The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.
CVE-2021-27358 3 Grafana, Netapp, Redhat 4 Grafana, E-series Performance Analyzer, Acm and 1 more 2024-11-21 7.5 High
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
CVE-2021-27357 1 Riot-os 1 Riot 2024-11-21 9.8 Critical
RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.
CVE-2021-27352 1 Ilch 1 Ilch Cms 2024-11-21 5.4 Medium
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.
CVE-2021-27351 1 Telegram 1 Telegram 2024-11-21 5.3 Medium
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.
CVE-2021-27349 1 Algolplus 1 Advanced Order Export For Woocommerce 2024-11-21 6.1 Medium
Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.
CVE-2021-27347 2 Debian, Long Range Zip Project 2 Debian Linux, Long Range Zip 2024-11-21 5.5 Medium
Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.
CVE-2021-27345 2 Debian, Long Range Zip Project 2 Debian Linux, Long Range Zip 2024-11-21 5.5 Medium
A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.
CVE-2021-27343 1 Serenityos 1 Serenityos 2024-11-21 7.5 High
SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1.
CVE-2021-27342 1 Dlink 2 Dir-842e, Dir-842e Firmware 2024-11-21 5.9 Medium
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack
CVE-2021-27341 1 Os4ed 1 Opensis 2024-11-21 9.8 Critical
OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter.
CVE-2021-27340 1 Os4ed 1 Opensis 2024-11-21 6.1 Medium
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVE-2021-27338 1 Faraday 1 Edge 2024-11-21 5.4 Medium
Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter.
CVE-2021-27335 1 Kollectapp 1 Kollect 2024-11-21 9.8 Critical
KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter.
CVE-2021-27332 1 Casap Automated Enrollment System Project 1 Casap Automated Enrollment System 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php.
CVE-2021-27330 1 Triconsole 1 Datepicker Calendar 2024-11-21 6.1 Medium
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
CVE-2021-27329 1 Frendi 1 Frendica 2024-11-21 10.0 Critical
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.
CVE-2021-27328 1 Yeastar 2 Neogate Tg400, Neogate Tg400 Firmware 2024-11-21 6.5 Medium
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.
CVE-2021-27320 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
CVE-2021-27319 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.