Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38753 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2024-11-21 | 9.8 Critical |
| An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. | ||||
| CVE-2021-38752 | 1 Online Catering Reservation System Project | 1 Online Catering Reservation System | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. | ||||
| CVE-2021-38751 | 1 Exponentcms | 1 Exponentcms | 2024-11-21 | 4.3 Medium |
| A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM. | ||||
| CVE-2021-38745 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.8 Medium |
| Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page. | ||||
| CVE-2021-38727 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 9.8 Critical |
| FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | ||||
| CVE-2021-38725 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 5.3 Medium |
| Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php | ||||
| CVE-2021-38723 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 8.8 High |
| FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items | ||||
| CVE-2021-38721 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 6.5 Medium |
| FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability | ||||
| CVE-2021-38714 | 3 Debian, Fedoraproject, Plib Project | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-11-21 | 8.8 High |
| In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. | ||||
| CVE-2021-38713 | 1 Imgurl Project | 1 Imgurl | 2024-11-21 | 5.4 Medium |
| imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. | ||||
| CVE-2021-38712 | 1 Onenav | 1 Onenav | 2024-11-21 | 7.5 High |
| OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file. | ||||
| CVE-2021-38711 | 1 Gitit Project | 1 Gitit | 2024-11-21 | 7.5 High |
| In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. | ||||
| CVE-2021-38710 | 1 Yclas | 1 Yclas | 2024-11-21 | 6.1 Medium |
| Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter. | ||||
| CVE-2021-38709 | 1 Compo | 1 Composr Cms | 2024-11-21 | 6.1 Medium |
| In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | ||||
| CVE-2021-38708 | 1 Compo | 1 Composr Cms | 2024-11-21 | 5.4 Medium |
| In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. | ||||
| CVE-2021-38707 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 5.4 Medium |
| Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft. | ||||
| CVE-2021-38706 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 8.8 High |
| messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. | ||||
| CVE-2021-38705 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 8.8 High |
| ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. | ||||
| CVE-2021-38704 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 6.1 Medium |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. | ||||
| CVE-2021-38703 | 1 Kpn | 2 Experia Wifi, Experia Wifi Firmware | 2024-11-21 | 8.8 High |
| Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090. | ||||