Export limit exceeded: 367106 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367106 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25948 | 1 Expand-hash Project | 1 Expand-hash | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25947 | 1 Nestie Project | 1 Nestie | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25946 | 1 Nconf-toml Project | 1 Nconf-toml | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25945 | 1 Js-extend Project | 1 Js-extend | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25944 | 1 Deep-defaults Project | 1 Deep-defaults | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25939 | 1 Arangodb | 1 Arangodb | 2024-11-21 | 2.7 Low |
| In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost. | ||||
| CVE-2021-25938 | 1 Arangodb | 1 Arangodb | 2024-11-21 | 6.1 Medium |
| In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for leveraging self XSS by attackers. | ||||
| CVE-2021-25935 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.4 Medium |
| In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `add()` performs improper validation checks on the input sent to the `foreign-source` parameter. Due to this flaw an attacker could bypass the existing regex validation and inject an arbitrary script which will be stored in the database. | ||||
| CVE-2021-25934 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.4 Medium |
| In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any validation checks on the input sent to the `node-label` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database. | ||||
| CVE-2021-25932 | 1 Opennms | 2 Meridian, Opennms | 2024-11-21 | 5.4 Medium |
| In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database. | ||||
| CVE-2021-25924 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 8.8 High |
| In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field. | ||||
| CVE-2021-25923 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.1 High |
| In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover. | ||||
| CVE-2021-25922 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code. | ||||
| CVE-2021-25913 | 1 Set-or-get Project | 1 Set-or-get | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25912 | 1 Dotty Project | 1 Dotty | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25910 | 1 Zivautomation | 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware | 2024-11-21 | 8 High |
| Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user. | ||||
| CVE-2021-25909 | 1 Zivautomation | 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware | 2024-11-21 | 8.6 High |
| ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919. | ||||
| CVE-2021-25908 | 1 Fil-ocl Project | 1 Fil-ocl | 2024-11-21 | 7.5 High |
| An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free. | ||||
| CVE-2021-25907 | 1 Containers Project | 1 Containers | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed. | ||||
| CVE-2021-25906 | 1 Basic Dsp Matrix Project | 1 Basic Dsp Matrix | 2024-11-21 | 7.5 High |
| An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed. | ||||