Export limit exceeded: 364170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29387 | 1 Equipment Inventory System Project | 1 Equipment Inventory System | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters. | ||||
| CVE-2021-29379 | 1 Dlink | 2 Dir-802, Dir-802 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-29378 | 1 Pearadmin | 1 Pear Admin Think | 2024-11-21 | 8.8 High |
| SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. | ||||
| CVE-2021-29377 | 1 Pearadmin | 1 Pearadmin Think | 2024-11-21 | 9.8 Critical |
| Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt. | ||||
| CVE-2021-29376 | 2 Debian, Eterna | 2 Debian Linux, Ircii | 2024-11-21 | 7.5 High |
| ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. | ||||
| CVE-2021-29370 | 1 Cheetah Browser Project | 1 Cheetah Browser | 2024-11-21 | 6.1 Medium |
| A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website. | ||||
| CVE-2021-29369 | 1 Gnuplot Project | 1 Gnuplot | 2024-11-21 | 9.8 Critical |
| The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands. | ||||
| CVE-2021-29367 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted WPG file. | ||||
| CVE-2021-29366 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29365 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!AutoCrop_W component. This can cause a denial of service (DOS). | ||||
| CVE-2021-29364 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29363 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74 | ||||
| CVE-2021-29362 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29361 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29360 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file. | ||||
| CVE-2021-29358 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to cause a denial of service (DOS) via a crafted PVR file. | ||||
| CVE-2021-29357 | 1 Outsystems | 3 Lifetime Management Console, Outsystems, Platform Server | 2024-11-21 | 8.6 High |
| The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. | ||||
| CVE-2021-29350 | 1 Shipment 100-design Material Download System Project | 1 Shipment 100-design Material Download System | 2024-11-21 | 7.2 High |
| SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php. | ||||
| CVE-2021-29349 | 1 Mahara | 1 Mahara | 2024-11-21 | 6.5 Medium |
| Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. | ||||
| CVE-2021-29343 | 1 Ovidentia | 1 Ovidentia | 2024-11-21 | 5.4 Medium |
| Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code. | ||||