Search Results (366256 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43474 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-11-21 9.8 Critical
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function
CVE-2021-43471 1 Canon 2 Lbp223dw, Lbp223dw Firmware 2024-11-21 7.5 High
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.
CVE-2021-43469 1 Vinga 2 Wr-n300u, Wr-n300u Firmware 2024-11-21 8.8 High
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.
CVE-2021-43466 1 Thymeleaf 1 Thymeleaf 2024-11-21 9.8 Critical
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
CVE-2021-43464 1 Intelliants 1 Subrion Cms 2024-11-21 8.8 High
A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().
CVE-2021-43463 1 Ext2 File System Driver Project 1 Ext2 File System Driver 2024-11-21 7.8 High
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.
CVE-2021-43462 1 Rumble Mail Server Project 1 Rumble Mail Server 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
CVE-2021-43461 1 Rumble Mail Server Project 1 Rumble Mail Server 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.
CVE-2021-43460 1 Systemexplorer 1 System Explorer 2024-11-21 7.8 High
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
CVE-2021-43459 1 Rumble Mail Server Project 1 Rumble Mail Server 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.
CVE-2021-43458 1 Vembu 1 Bdr Suite 2024-11-21 7.8 High
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
CVE-2021-43457 1 Bvpn 1 Bvpn 2024-11-21 7.8 High
An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.
CVE-2021-43456 1 Rumble Mail Server Project 1 Rumble Mail Server 2024-11-21 7.8 High
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
CVE-2021-43455 1 Freelan 1 Freelan 2024-11-21 7.8 High
An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.
CVE-2021-43454 1 Anytxt 1 Anytxt Searcher 2024-11-21 7.8 High
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .
CVE-2021-43453 1 Jerryscript 1 Jerryscript 2024-11-21 9.8 Critical
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.
CVE-2021-43451 1 Phpgurukul 1 Employee Record Management System 2024-11-21 9.8 Critical
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
CVE-2021-43442 1 I3international 6 Ax46, Ax46 Firmware, Ax68 and 3 more 2024-11-21 8.1 High
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.
CVE-2021-43441 1 Iorder Project 1 Iorder 2024-11-21 5.3 Medium
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form
CVE-2021-43440 1 Iorder Project 1 Iorder 2024-11-21 6.1 Medium
Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.