Search Results (120975 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36431 1 Jocms Project 1 Jocms 2025-03-26 9.1 Critical
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.
CVE-2021-36426 1 Phpwcms 1 Phpwcms 2025-03-26 8.8 High
File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.
CVE-2021-36425 1 Phpwcms 1 Phpwcms 2025-03-26 5.4 Medium
Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.
CVE-2021-36424 1 Phpwcms 1 Phpwcms 2025-03-26 9.8 Critical
An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.
CVE-2024-7776 1 Onnx 1 Onnx 2025-03-26 9.1 Critical
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
CVE-2021-37304 1 Jeecg 1 Jeecg 2025-03-26 7.5 High
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.
CVE-2021-37234 1 Modern Honey Network Project 1 Modern Honey Network 2025-03-26 6.5 Medium
Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API.
CVE-2021-36570 1 Thedaylightstudio 1 Fuel Cms 2025-03-26 8.8 High
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
CVE-2021-36569 1 Thedaylightstudio 1 Fuel Cms 2025-03-26 8.8 High
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
CVE-2021-36546 1 Kitesky 1 Kitecms 2025-03-26 7.5 High
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
CVE-2021-36545 1 Tpcms Project 1 Tpcms 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.
CVE-2021-36544 1 Tpcms Project 1 Tpcms 2025-03-26 7.5 High
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.
CVE-2021-36538 1 Gurock 1 Testrail 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.
CVE-2021-36535 1 Cesanta 1 Mjs 2025-03-26 5.5 Medium
Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.
CVE-2021-36444 1 Txjia 1 Imcat 2025-03-26 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
CVE-2021-36443 1 Txjia 1 Imcat 2025-03-26 8.8 High
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
CVE-2021-36434 1 Jocms Project 1 Jocms 2025-03-26 9.1 Critical
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.
CVE-2024-7806 1 Openwebui 1 Open Webui 2025-03-26 8.8 High
A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious HTML that, when accessed by a victim, can modify the Python code of an existing pipeline and execute arbitrary code with the victim's privileges.
CVE-2022-45588 1 Talend 1 Remote Engine Gen 2 2025-03-26 7.8 High
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.
CVE-2021-31575 1 Mediatek 4 En7528, En7528 Firmware, En7580 and 1 more 2025-03-26 9.8 Critical
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.