Export limit exceeded: 363165 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363165 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363165 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27570 | 1 Remotemouse | 1 Emote Remote Mouse | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process by sending the process name in a specially crafted packet. This information is sent in cleartext and is not protected by any authentication logic. | ||||
| CVE-2021-27569 | 1 Remotemouse | 1 Emote Remote Mouse | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic. | ||||
| CVE-2021-27568 | 3 Json-smart Project, Oracle, Redhat | 11 Json-smart-v1, Json-smart-v2, Communications Cloud Native Core Policy and 8 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. | ||||
| CVE-2021-27565 | 1 Hcc-embedded | 1 Nichestack | 2024-11-21 | 7.5 High |
| The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger hook. | ||||
| CVE-2021-27564 | 1 Appspace | 1 Appspace | 2024-11-21 | 5.4 Medium |
| A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes. | ||||
| CVE-2021-27559 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. | ||||
| CVE-2021-27558 | 1 Easycorp | 1 Zentao | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. | ||||
| CVE-2021-27557 | 1 Easycorp | 1 Zentao | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job. | ||||
| CVE-2021-27556 | 1 Easycorp | 1 Zentao | 2024-11-21 | 7.2 High |
| The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. | ||||
| CVE-2021-27550 | 1 Polarisoffice | 1 Polaris Office | 2024-11-21 | 5.5 Medium |
| Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file. | ||||
| CVE-2021-27549 | 1 Genymobile | 1 Genymotion Desktop | 2024-11-21 | 5.3 Medium |
| Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen | ||||
| CVE-2021-27548 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 5.5 Medium |
| There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. | ||||
| CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 6.5 Medium |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | ||||
| CVE-2021-27544 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | ||||
| CVE-2021-27531 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. | ||||
| CVE-2021-27530 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. | ||||
| CVE-2021-27529 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. | ||||
| CVE-2021-27528 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. | ||||
| CVE-2021-27527 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. | ||||
| CVE-2021-27526 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. | ||||