Export limit exceeded: 44699 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44699 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27531 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. | ||||
| CVE-2021-27530 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. | ||||
| CVE-2021-27529 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. | ||||
| CVE-2021-27528 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. | ||||
| CVE-2021-27527 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. | ||||
| CVE-2021-27526 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. | ||||
| CVE-2021-27524 | 1 Margox | 1 Braft-editor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | ||||
| CVE-2021-27520 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. | ||||
| CVE-2021-27519 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. | ||||
| CVE-2021-27517 | 1 Foxit | 2 Phantompdf, Reader | 2024-11-21 | 6.1 Medium |
| Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). | ||||
| CVE-2021-27503 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-11-21 | 4.8 Medium |
| Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages. | ||||
| CVE-2021-27481 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.5 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. | ||||
| CVE-2021-27479 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.4 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. | ||||
| CVE-2021-27465 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 6.1 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. | ||||
| CVE-2021-27452 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 7.8 High |
| The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | ||||
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 9.8 Critical |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | ||||
| CVE-2021-27438 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 8.8 High |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | ||||
| CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 9.1 Critical |
| The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | ||||
| CVE-2021-27436 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
| WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | ||||
| CVE-2021-27403 | 1 Asus | 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware | 2024-11-21 | 6.1 Medium |
| Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. | ||||