Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38753 1 Simple Image Gallery Web App Project 1 Simple Image Gallery Web App 2024-11-21 9.8 Critical
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.
CVE-2021-38752 1 Online Catering Reservation System Project 1 Online Catering Reservation System 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.
CVE-2021-38751 1 Exponentcms 1 Exponentcms 2024-11-21 4.3 Medium
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.
CVE-2021-38745 1 Chamilo 1 Chamilo 2024-11-21 6.8 Medium
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page.
CVE-2021-38727 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 9.8 Critical
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
CVE-2021-38725 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 5.3 Medium
Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php
CVE-2021-38723 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 8.8 High
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items
CVE-2021-38721 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 6.5 Medium
FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability
CVE-2021-38714 3 Debian, Fedoraproject, Plib Project 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more 2024-11-21 8.8 High
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.
CVE-2021-38713 1 Imgurl Project 1 Imgurl 2024-11-21 5.4 Medium
imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.
CVE-2021-38712 1 Onenav 1 Onenav 2024-11-21 7.5 High
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.
CVE-2021-38711 1 Gitit Project 1 Gitit 2024-11-21 7.5 High
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.
CVE-2021-38710 1 Yclas 1 Yclas 2024-11-21 6.1 Medium
Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter.
CVE-2021-38709 1 Compo 1 Composr Cms 2024-11-21 6.1 Medium
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS.
CVE-2021-38708 1 Compo 1 Composr Cms 2024-11-21 5.4 Medium
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS.
CVE-2021-38707 1 Cliniccases 1 Cliniccases 2024-11-21 5.4 Medium
Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.
CVE-2021-38706 1 Cliniccases 1 Cliniccases 2024-11-21 8.8 High
messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.
CVE-2021-38705 1 Cliniccases 1 Cliniccases 2024-11-21 8.8 High
ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker.
CVE-2021-38704 1 Cliniccases 1 Cliniccases 2024-11-21 6.1 Medium
Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.
CVE-2021-38703 1 Kpn 2 Experia Wifi, Experia Wifi Firmware 2024-11-21 8.8 High
Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090.