Export limit exceeded: 363341 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363341 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27132 | 1 Sercomm | 2 Agcombo Vd625, Agcombo Vd625 Firmware | 2024-11-21 | 9.8 Critical |
| SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. | ||||
| CVE-2021-27131 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.4 Medium |
| Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript). | ||||
| CVE-2021-27124 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 6.5 Medium |
| SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. | ||||
| CVE-2021-27117 | 1 Beego | 1 Beego | 2024-11-21 | 7.8 High |
| An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. | ||||
| CVE-2021-27116 | 1 Beego | 1 Beego | 2024-11-21 | 7.8 High |
| An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. | ||||
| CVE-2021-27114 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. | ||||
| CVE-2021-27113 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | ||||
| CVE-2021-27112 | 1 Lightcms Project | 1 Lightcms | 2024-11-21 | 9.8 Critical |
| LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. | ||||
| CVE-2021-27099 | 1 Cncf | 1 Spire | 2024-11-21 | 6.8 Medium |
| In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1 | ||||
| CVE-2021-27098 | 1 Cncf | 1 Spire | 2024-11-21 | 8.1 High |
| In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1. | ||||
| CVE-2021-27096 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2021-27095 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Media Video Decoder Remote Code Execution Vulnerability | ||||
| CVE-2021-27094 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 4.4 Medium |
| Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | ||||
| CVE-2021-27093 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2021-27092 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 6.8 Medium |
| Azure AD Web Sign-in Security Feature Bypass Vulnerability | ||||
| CVE-2021-27091 | 1 Microsoft | 4 Windows 7, Windows Server 2008, Windows Server 2008 R2 and 1 more | 2024-11-21 | 7.8 High |
| RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-27090 | 1 Microsoft | 6 Windows 10, Windows 10 1809, Windows 10 20h2 and 3 more | 2024-11-21 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2021-27089 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Microsoft Internet Messaging API Remote Code Execution Vulnerability | ||||
| CVE-2021-27088 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2021-27086 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 7.8 High |
| Windows Services and Controller App Elevation of Privilege Vulnerability | ||||