Export limit exceeded: 364170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29387 1 Equipment Inventory System Project 1 Equipment Inventory System 2024-11-21 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
CVE-2021-29379 1 Dlink 2 Dir-802, Dir-802 Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-29378 1 Pearadmin 1 Pear Admin Think 2024-11-21 8.8 High
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.
CVE-2021-29377 1 Pearadmin 1 Pearadmin Think 2024-11-21 9.8 Critical
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
CVE-2021-29376 2 Debian, Eterna 2 Debian Linux, Ircii 2024-11-21 7.5 High
ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.
CVE-2021-29370 1 Cheetah Browser Project 1 Cheetah Browser 2024-11-21 6.1 Medium
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-29369 1 Gnuplot Project 1 Gnuplot 2024-11-21 9.8 Critical
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
CVE-2021-29367 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file.
CVE-2021-29366 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29365 1 Irfanview 1 Irfanview 2024-11-21 5.5 Medium
Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS).
CVE-2021-29364 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29363 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74
CVE-2021-29362 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29361 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29360 1 Irfanview 1 Irfanview 2024-11-21 7.8 High
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVE-2021-29358 1 Irfanview 1 Irfanview 2024-11-21 5.5 Medium
A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file.
CVE-2021-29357 1 Outsystems 3 Lifetime Management Console, Outsystems, Platform Server 2024-11-21 8.6 High
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVE-2021-29350 1 Shipment 100-design Material Download System Project 1 Shipment 100-design Material Download System 2024-11-21 7.2 High
SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.
CVE-2021-29349 1 Mahara 1 Mahara 2024-11-21 6.5 Medium
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.
CVE-2021-29343 1 Ovidentia 1 Ovidentia 2024-11-21 5.4 Medium
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.