Export limit exceeded: 349439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10275 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39503 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 7.2 High |
| PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. | ||||
| CVE-2021-39459 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 7.2 High |
| Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | ||||
| CVE-2021-39271 | 1 Bscw | 1 Bscw Classic | 2024-11-21 | 8.8 High |
| OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. | ||||
| CVE-2021-39159 | 1 Jupyter | 1 Binderhub | 2024-11-21 | 9.6 Critical |
| BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround. | ||||
| CVE-2021-38841 | 1 Simple Water Refilling Station Management System Project | 1 Simple Water Refilling Station Management System | 2024-11-21 | 8.8 High |
| Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action. | ||||
| CVE-2021-38703 | 1 Kpn | 2 Experia Wifi, Experia Wifi Firmware | 2024-11-21 | 8.8 High |
| Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090. | ||||
| CVE-2021-38672 | 1 Microsoft | 3 Windows 11, Windows 11 21h2, Windows Server 2022 | 2024-11-21 | 8 High |
| Windows Hyper-V Remote Code Execution Vulnerability | ||||
| CVE-2021-38666 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2021-38661 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-38660 | 1 Microsoft | 1 Excel | 2024-11-21 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2021-38659 | 1 Microsoft | 1 365 Apps | 2024-11-21 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2021-38658 | 1 Microsoft | 1 Office | 2024-11-21 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2021-38656 | 1 Microsoft | 1 365 Apps | 2024-11-21 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2021-38655 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-38654 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2021-38653 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2021-38644 | 1 Microsoft | 1 Mpeg-2 Video Extension | 2024-11-21 | 7.8 High |
| Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | ||||
| CVE-2021-38613 | 1 Nascent | 1 Remkon Device Manager | 2024-11-21 | 9.8 Critical |
| The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. | ||||
| CVE-2021-38540 | 1 Apache | 1 Airflow | 2024-11-21 | 9.8 Critical |
| The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3. | ||||
| CVE-2021-38484 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 9.1 Critical |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution. | ||||