Search Results (365444 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41490 1 Rice 1 Open Motion Planning Library 2024-11-21 7.5 High
Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.
CVE-2021-41487 1 Nokia 1 Vitalsuite 2024-11-21 9.8 Critical
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
CVE-2021-41472 1 Simple Membership System Using Php And Ajax Project 1 Simple Membership System Using Php And Ajax 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.
CVE-2021-41471 1 South Gate Inn Online Reservation System Project 1 South Gate Inn Online Reservation System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.
CVE-2021-41467 1 Justwriting Project 1 Justwriting 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
CVE-2021-41465 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
CVE-2021-41464 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
CVE-2021-41463 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.
CVE-2021-41462 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter.
CVE-2021-41461 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2021-41460 1 Shopex 1 Ecshop 2024-11-21 7.5 High
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
CVE-2021-41459 1 Gpac 1 Mp4box 2024-11-21 7.5 High
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.
CVE-2021-41458 1 Gpac 1 Mp4box 2024-11-21 5.5 Medium
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
CVE-2021-41457 1 Gpac 1 Mp4box 2024-11-21 7.5 High
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.
CVE-2021-41456 1 Gpac 1 Mp4box 2024-11-21 7.5 High
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
CVE-2021-41451 1 Tp-link 2 Archer Ax10, Archer Ax10 Firmware 2024-11-21 7.5 High
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.
CVE-2021-41450 1 Tp-link 2 Archer Ax10 V1, Archer Ax10 V1 Firmware 2024-11-21 7.5 High
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.
CVE-2021-41449 1 Netgear 6 Rax35, Rax35 Firmware, Rax38 and 3 more 2024-11-21 7.1 High
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
CVE-2021-41445 1 Dlink 2 Dir-x1860, Dir-x1860 Firmware 2024-11-21 6.1 Medium
A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.
CVE-2021-41442 1 Dlink 2 Dir-x1860, Dir-x1860 Firmware 2024-11-21 7.5 High
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.