Export limit exceeded: 366588 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366588 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37504 | 1 Hayageek | 1 Jquery Upload File | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | ||||
| CVE-2021-37478 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37477 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37476 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37475 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37473 | 1 Naviwebs | 1 Navigatecms | 2024-11-21 | 9.8 Critical |
| In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. | ||||
| CVE-2021-37471 | 1 Cradlepoint | 6 Ibr600, Ibr600 Firmware, Ibr600c and 3 more | 2024-11-21 | 7.5 High |
| Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line. | ||||
| CVE-2021-37470 | 1 Nchsoftware | 1 Webdictate | 2024-11-21 | 5.4 Medium |
| In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. | ||||
| CVE-2021-37469 | 1 Nch | 1 Webdictate | 2024-11-21 | 6.5 Medium |
| In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. | ||||
| CVE-2021-37468 | 1 Nch | 1 Reflect Customer Relationship Management | 2024-11-21 | 3.3 Low |
| NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | ||||
| CVE-2021-37467 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | ||||
| CVE-2021-37466 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | ||||
| CVE-2021-37465 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | ||||
| CVE-2021-37464 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | ||||
| CVE-2021-37463 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | ||||
| CVE-2021-37462 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | ||||
| CVE-2021-37461 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | ||||
| CVE-2021-37460 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | ||||
| CVE-2021-37459 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | ||||
| CVE-2021-37458 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | ||||