Search Results (366284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43678 1 Wechat-php-sdk Project 1 Wechat-php-sdk 2024-11-21 6.1 Medium
Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php.
CVE-2021-43677 1 Fluxbb 1 Fluxbb 2024-11-21 6.1 Medium
Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.
CVE-2021-43676 1 Swoole 1 Swoole Php Framework 2024-11-21 9.8 Critical
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.
CVE-2021-43675 1 Lycheeorg 1 Lychee 2024-11-21 6.1 Medium
Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.
CVE-2021-43674 1 Thinkupapp 1 Thinkup 2024-11-21 9.8 Critical
ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-43673 1 Dzzoffice 1 Dzzoffice 2024-11-21 6.1 Medium
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
CVE-2021-43669 1 Linuxfoundation 1 Fabric 2024-11-21 7.5 High
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric.
CVE-2021-43668 1 Ethereum 1 Go Ethereum 2024-11-21 5.5 Medium
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
CVE-2021-43667 1 Linuxfoundation 1 Fabric 2024-11-21 7.5 High
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
CVE-2021-43664 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2024-11-21 8.1 High
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
CVE-2021-43663 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2024-11-21 7.5 High
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
CVE-2021-43662 1 Totolink 4 A720r, A720r Firmware, Ex300 V2 and 1 more 2024-11-21 6.5 Medium
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
CVE-2021-43661 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2024-11-21 6.1 Medium
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
CVE-2021-43659 1 Halo 1 Halo 2024-11-21 5.4 Medium
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
CVE-2021-43650 1 Softwell 1 Webrun 2024-11-21 9.8 Critical
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.
CVE-2021-43638 1 Amazon 1 Workspaces 2024-11-21 8.8 High
Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
CVE-2021-43637 1 Amazon 1 Workspaces 2024-11-21 8.8 High
Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
CVE-2021-43636 1 Totolink 2 T10 V2, T10 V2 Firmware 2024-11-21 9.8 Critical
Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.
CVE-2021-43633 1 Messaging Web Application Project 1 Messaging Web Application 2024-11-21 5.4 Medium
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat.
CVE-2021-43631 1 Projectworlds 1 Hospital Management System In Php 2024-11-21 9.8 Critical
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.