Export limit exceeded: 348220 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46398 | 1 Filebrowser | 1 Filebrowser | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. | ||||
| CVE-2021-46389 | 1 High Resolution Streaming Image Server Project | 1 High Resolution Streaming Image Server | 2024-11-21 | 7.5 High |
| IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters. | ||||
| CVE-2021-46385 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 High |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | ||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 7.5 High |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | ||||
| CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-11-21 | 7.5 High |
| Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | ||||
| CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 7.5 High |
| DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | ||||
| CVE-2021-46371 | 1 Antd-admin Project | 1 Antd-admin | 2024-11-21 | 7.5 High |
| antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information. | ||||
| CVE-2021-46368 | 1 Trigonesoft | 1 Remote System Monitor | 2024-11-21 | 7.8 High |
| TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges. | ||||
| CVE-2021-46367 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 7.2 High |
| RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | ||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 8.8 High |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | ||||
| CVE-2021-46365 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 7.8 High |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | ||||
| CVE-2021-46364 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 7.8 High |
| A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | ||||
| CVE-2021-46363 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 7.8 High |
| An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | ||||
| CVE-2021-46360 | 1 Ocproducts | 1 Composr | 2024-11-21 | 8.8 High |
| Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | ||||
| CVE-2021-46359 | 1 Fisco-bcos | 1 Fisco-bcos | 2024-11-21 | 7.5 High |
| FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. | ||||
| CVE-2021-46354 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-11-21 | 7.5 High |
| Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. | ||||
| CVE-2021-46334 | 1 Moddable | 1 Moddable Sdk | 2024-11-21 | 7.8 High |
| Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component __interceptor_strcat. | ||||
| CVE-2021-46332 | 1 Moddable | 1 Moddable Sdk | 2024-11-21 | 7.8 High |
| Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in fxUint8Getter. | ||||
| CVE-2021-46328 | 1 Moddable | 1 Moddable Sdk | 2024-11-21 | 7.8 High |
| Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __libc_start_main. | ||||
| CVE-2021-46326 | 1 Moddable | 1 Moddable Sdk | 2024-11-21 | 7.8 High |
| Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __asan_memcpy. | ||||