Export limit exceeded: 364437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26308 | 1 Marc Project | 1 Marc | 2024-11-21 | 7.5 High |
| An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness. | ||||
| CVE-2021-26307 | 1 Raw-cpuid Project | 1 Raw-cpuid | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash. | ||||
| CVE-2021-26306 | 1 Raw-cpuid Project | 1 Raw-cpuid | 2024-11-21 | 7.5 High |
| An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods. | ||||
| CVE-2021-26305 | 1 Cdr Project | 1 Cdr | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. | ||||
| CVE-2021-26304 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 5.4 Medium |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | ||||
| CVE-2021-26303 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 6.1 Medium |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. | ||||
| CVE-2021-26294 | 1 Afterlogic | 2 Aurora, Webmail Pro | 2024-11-21 | 7.5 High |
| An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password). | ||||
| CVE-2021-26293 | 1 Afterlogic | 2 Aurora, Webmail Pro | 2024-11-21 | 9.8 Critical |
| An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x. | ||||
| CVE-2021-26291 | 4 Apache, Oracle, Quarkus and 1 more | 9 Maven, Financial Services Analytical Applications Infrastructure, Goldengate Big Data And Application Adapters and 6 more | 2024-11-21 | 9.1 Critical |
| Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html | ||||
| CVE-2021-26276 | 1 Godaddy | 1 Node-config-shield | 2024-11-21 | 5.3 Medium |
| scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data | ||||
| CVE-2021-26275 | 1 Eslint-fixer Project | 1 Eslint-fixer | 2024-11-21 | 9.8 Critical |
| The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted | ||||
| CVE-2021-26274 | 1 Ninjarmm | 1 Ninjarmm | 2024-11-21 | 7.1 High |
| The Agent in NinjaRMM 5.0.909 has Insecure Permissions. | ||||
| CVE-2021-26273 | 1 Ninjarmm | 1 Ninjarmm | 2024-11-21 | 7.8 High |
| The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. | ||||
| CVE-2021-26272 | 2 Ckeditor, Oracle | 10 Ckeditor, Agile Plm, Application Express and 7 more | 2024-11-21 | 6.5 Medium |
| It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | ||||
| CVE-2021-26271 | 2 Ckeditor, Oracle | 7 Ckeditor, Agile Plm, Application Express and 4 more | 2024-11-21 | 6.5 Medium |
| It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | ||||
| CVE-2021-26267 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579). | ||||
| CVE-2021-26266 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578). | ||||
| CVE-2021-26263 | 1 Odoo | 3 Odoo, Odoo Community, Odoo Enterprise | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | ||||
| CVE-2021-26260 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 5.5 Medium |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | ||||
| CVE-2021-26259 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.8 High |
| A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. | ||||