Export limit exceeded: 363715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363715 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26788 | 1 Oryx-embedded | 1 Cyclonetcp | 2024-11-21 | 7.5 High |
| Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected by incorrect input validation, which may cause a denial of service (DoS). To exploit the vulnerability, an attacker needs to have TCP connectivity to the target system. Receiving a maliciously crafted TCP packet from an unauthenticated endpoint is sufficient to trigger the bug. | ||||
| CVE-2021-26786 | 1 Playtuber Project | 1 Playtuber | 2024-11-21 | 8.8 High |
| An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php. | ||||
| CVE-2021-26777 | 1 Circutor | 2 Compact Dc-s Basic, Compact Dc-s Basic Firmware | 2024-11-21 | 9.8 Critical |
| Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code. | ||||
| CVE-2021-26776 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | ||||
| CVE-2021-26765 | 1 Phpgurukul | 1 Student Record System | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | ||||
| CVE-2021-26764 | 1 Phpgurukul | 1 Student Record System | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | ||||
| CVE-2021-26762 | 1 Phpgurukul | 1 Student Record System | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | ||||
| CVE-2021-26758 | 1 Litespeedtech | 1 Openlitespeed | 2024-11-21 | 8.8 High |
| Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. | ||||
| CVE-2021-26754 | 1 Wpdatatables | 1 Wpdatatables | 2024-11-21 | 9.8 Critical |
| wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. | ||||
| CVE-2021-26753 | 1 Nedi | 1 Nedi | 2024-11-21 | 9.9 Critical |
| NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data. | ||||
| CVE-2021-26752 | 1 Nedi | 1 Nedi | 2024-11-21 | 8.8 High |
| NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data. | ||||
| CVE-2021-26751 | 1 Nedi | 1 Nedi | 2024-11-21 | 8.8 High |
| NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application. | ||||
| CVE-2021-26750 | 1 Pandasecurity | 2 Panda Adaptive Defense 360, Panda Devices Agent | 2024-11-21 | 7.8 High |
| DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. | ||||
| CVE-2021-26747 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2780 and 1 more | 2024-11-21 | 9.8 Critical |
| Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | ||||
| CVE-2021-26746 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | ||||
| CVE-2021-26740 | 1 Doyocms Project | 1 Doyocms | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. | ||||
| CVE-2021-26739 | 1 Doyocms Project | 1 Doyocms | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter. | ||||
| CVE-2021-26737 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 5.5 Medium |
| The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. | ||||
| CVE-2021-26734 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 4.4 Medium |
| Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. | ||||
| CVE-2021-26728 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | 10 Critical |
| Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||