Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36548 1 Monstra 1 Monstra 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.
CVE-2021-36547 1 Mara Cms Project 1 Mara Cms 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.
CVE-2021-36543 1 Seeddms 1 Seeddms 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
CVE-2021-36542 1 Seeddms 1 Seeddms 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
CVE-2021-36539 1 Instructure 1 Canvas Learning Management Service 2024-11-21 6.5 Medium
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
CVE-2021-36531 1 Miniupnp Project 1 Ngiflib 2024-11-21 8.8 High
ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary.
CVE-2021-36530 1 Miniupnp Project 1 Ngiflib 2024-11-21 8.8 High
ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary.
CVE-2021-36513 1 Signalwire 1 Freeswitch 2024-11-21 7.5 High
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.
CVE-2021-36512 1 Synchro 1 Bulletin Board System 2024-11-21 7.5 High
An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.
CVE-2021-36483 1 Devexpress 1 Devexpress 2024-11-21 8.8 High
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.
CVE-2021-36461 1 Microweber 1 Microweber 2024-11-21 8.8 High
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
CVE-2021-36460 1 Veryfitpro Project 1 Veryfitpro 2024-11-21 7.8 High
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.
CVE-2021-36455 1 Naviwebs 1 Navigate Cms 2024-11-21 8.8 High
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
CVE-2021-36454 1 Naviwebs 1 Navigate Cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files.
CVE-2021-36440 1 Showdoc 1 Showdoc 2024-11-21 9.8 Critical
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
CVE-2021-36417 1 Gpac 1 Gpac 2024-11-21 7.8 High
A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.
CVE-2021-36414 1 Gpac 1 Gpac 2024-11-21 7.8 High
A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-36412 1 Gpac 1 Gpac 2024-11-21 7.8 High
A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,
CVE-2021-36411 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 5.5 Medium
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
CVE-2021-36410 2 Debian, Struktur 2 Debian Linux, Libde265 2024-11-21 5.5 Medium
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.