Search

Search Results (363576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-26622 2 Genians, Microsoft 2 Genian Nac, Windows 2024-11-21 9.6 Critical
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
CVE-2021-26621 1 Netu 2 Mex01, Mex01 Firmware 2024-11-21 8.1 High
An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.
CVE-2021-26620 1 Iptime 18 Nas-i, Nas-i Firmware, Nas-ii and 15 more 2024-11-21 7.5 High
An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s passwords.
CVE-2021-26619 2 Bigfile, Microsoft 2 Bigfileagent, Windows 2024-11-21 7.1 High
An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users.
CVE-2021-26618 2 Microsoft, Tmax 2 Windows, Tooffice 2024-11-21 7.1 High
An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code.
CVE-2021-26617 2 Firstmall, Microsoft 2 Firstmall, Windows 2024-11-21 8.1 High
This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function.
CVE-2021-26616 1 Secuwiz 1 Secuwayssl U 2024-11-21 7.8 High
An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments.
CVE-2021-26615 2 Bandisoft, Linux 2 Ark Library, Linux Kernel 2024-11-21 7.8 High
ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.
CVE-2021-26614 1 Iptime 2 C200, C200 Firmware 2024-11-21 7.5 High
ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
CVE-2021-26613 2 Microsoft, Tobesoft 2 Windows, Nexacro 2024-11-21 8.1 High
improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method.
CVE-2021-26612 2 Microsoft, Tobesoft 2 Windows, Nexacro 2024-11-21 8.1 High
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
CVE-2021-26611 1 Hej 2 Hejhome Gkw-ic052, Hejhome Gkw-ic052 Firmware 2024-11-21 8.1 High
HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..)
CVE-2021-26610 2 Microsoft, Nhn-commerce 2 Windows, Godomall5 2024-11-21 7.2 High
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.
CVE-2021-26609 1 Mangboard 1 Mang Board 2024-11-21 7.5 High
A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.
CVE-2021-26608 2 Handysoft, Microsoft 2 Hshell, Windows 2024-11-21 8.8 High
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
CVE-2021-26607 2 Microsoft, Tobesoft 2 Windows, Nexacro 2024-11-21 8.1 High
An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.
CVE-2021-26606 2 Dreamsecurity, Microsoft 2 Magicline4nx.exe, Windows 2024-11-21 9.8 Critical
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.
CVE-2021-26605 2 Microsoft, Unidocs 2 Windows, Ezpdfreader 2024-11-21 7.5 High
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.
CVE-2021-26603 2 Bandisoft, Microsoft 2 Ark Library, Windows 2024-11-21 8.6 High
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
CVE-2021-26601 1 Impresscms 1 Impresscms 2024-11-21 8.1 High
ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.