Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-47860 2 Get-simple, Getsimple-ce 2 Getsimplecms, Getsimple Cms 2026-04-07 5.3 Medium
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
CVE-2021-47830 2 Get-simple, Getsimple-ce 2 Getsimplecms, Getsimple Cms 2026-04-07 6.5 Medium
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
CVE-2021-47812 1 Getgrav 2 Grav, Grav Cms 2026-04-07 9.8 Critical
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.
CVE-2021-47808 1 Cotonti 1 Cotonti Siena 2026-04-07 5.4 Medium
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
CVE-2026-5663 1 Offis 1 Dcmtk 2026-04-07 7.3 High
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
CVE-2021-47789 1 Yenkee 3 Hornet Gaming Mouse, Yms 3029, Yms 3029 Firmware 2026-04-07 7.5 High
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
CVE-2021-47787 1 Totalav 1 Totalav 2026-04-07 7.8 High
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
CVE-2021-47786 1 Redragon 29 Bm-4091, Bm-4091 Firmware, Gaming Mouse and 26 more 2026-04-07 7.5 High
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.
CVE-2021-47783 1 Phpwcms 1 Phpwcms 2026-04-07 5.4 Medium
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
CVE-2021-47779 1 Dolibarr 3 Dolibarr, Dolibarr Erp/crm, Dolibarr Erp\/crm 2026-04-07 5.4 Medium
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
CVE-2021-47778 1 Get-simple 1 Getsimplecms 2026-04-07 7.2 High
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.
CVE-2021-47776 1 Umbraco 3 Umbraco, Umbraco Cms, Umbraco Forms 2026-04-07 5.3 Medium
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
CVE-2021-47755 1 Softlinkint 2 Oliver Library Server, Oliver V5 Library 2026-04-07 7.5 High
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem.
CVE-2021-47754 1 Arunna 1 Arunna 2026-04-07 6.5 Medium
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
CVE-2021-47753 1 Phpkf 2 Cms, Phpkf 2026-04-07 9.8 Critical
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.
CVE-2021-47752 1 Sylkat-tools 2 Awebserver, Awebserver Ghostbuilding 2026-04-07 7.5 High
AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladmin to potentially crash or render the service unresponsive.
CVE-2021-47751 1 Phphtmledit 2 Cuteeditor, Rich Text Editor 2026-04-07 7.5 High
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using directory traversal sequences to write files outside the intended template directory.
CVE-2021-47738 1 Cszcms 1 Csz Cms 2026-04-07 5.4 Medium
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.
CVE-2021-47737 1 Cszcms 1 Csz Cms 2026-04-07 5.4 Medium
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.
CVE-2021-47733 1 Cmsimple 1 Cmsimple 2026-04-07 6.1 Medium
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons.