Export limit exceeded: 347153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37560 | 1 Mediatek | 20 Mt7603e, Mt7603e Firmware, Mt7610 and 17 more | 2024-11-21 | 8.2 High |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). | ||||
| CVE-2021-37557 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. | ||||
| CVE-2021-37556 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters. | ||||
| CVE-2021-37553 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. | ||||
| CVE-2021-37550 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. | ||||
| CVE-2021-37548 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | ||||
| CVE-2021-37545 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | ||||
| CVE-2021-37543 | 1 Jetbrains | 1 Rubymine | 2024-11-21 | 8.8 High |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | ||||
| CVE-2021-37531 | 1 Sap | 1 Netweaver Knowledge Management Xml Forms | 2024-11-21 | 8.8 High |
| SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system. | ||||
| CVE-2021-37517 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 High |
| An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | ||||
| CVE-2021-37471 | 1 Cradlepoint | 6 Ibr600, Ibr600 Firmware, Ibr600c and 3 more | 2024-11-21 | 7.5 High |
| Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line. | ||||
| CVE-2021-37447 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 8.1 High |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | ||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 8.8 High |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | ||||
| CVE-2021-37443 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 8.1 High |
| NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | ||||
| CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 8.8 High |
| NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | ||||
| CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | ||||
| CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 High |
| Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | ||||
| CVE-2021-37394 | 1 Rpcms | 1 Rpcms | 2024-11-21 | 8.8 High |
| In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. | ||||
| CVE-2021-37386 | 1 Furukawa | 8 423-41w\/ac, 423-41w\/ac Firmware, Ld420-10r and 5 more | 2024-11-21 | 7.5 High |
| Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. | ||||
| CVE-2021-37381 | 1 Southsoft | 1 Graduate Management Information System | 2024-11-21 | 8.8 High |
| Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1]. | ||||