Export limit exceeded: 348169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45836 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 8.8 High |
| An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. | ||||
| CVE-2021-45821 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 8.8 High |
| A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | ||||
| CVE-2021-45810 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2024-11-21 | 7.5 High |
| GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server. | ||||
| CVE-2021-45808 | 1 Jpress | 1 Jpress | 2024-11-21 | 8.8 High |
| jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server. | ||||
| CVE-2021-45806 | 1 Jpress | 1 Jpress | 2024-11-21 | 8.8 High |
| jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. | ||||
| CVE-2021-45803 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 8.8 High |
| MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation. | ||||
| CVE-2021-45794 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 7.5 High |
| Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | ||||
| CVE-2021-45793 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 7.5 High |
| Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | ||||
| CVE-2021-45791 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 8.8 High |
| Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | ||||
| CVE-2021-45788 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 8.8 High |
| Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter. | ||||
| CVE-2021-45773 | 1 Mz-automation | 1 Lib60870 | 2024-11-21 | 7.5 High |
| A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash. | ||||
| CVE-2021-45769 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 7.5 High |
| A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash. | ||||
| CVE-2021-45761 | 1 Ropium Project | 1 Ropium | 2024-11-21 | 7.5 High |
| ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function. | ||||
| CVE-2021-45757 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2024-11-21 | 7.5 High |
| ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). | ||||
| CVE-2021-45746 | 1 Webank | 1 Wecube | 2024-11-21 | 7.5 High |
| A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | ||||
| CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. | ||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | ||||
| CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | ||||
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | ||||
| CVE-2021-45735 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. | ||||