Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-34087 1 Ultimaker 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more 2024-11-21 7.1 High
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page.
CVE-2021-34086 1 Ultimaker 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more 2024-11-21 8.8 High
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF. They do not verify incoming requests.
CVE-2021-34085 1 Glensawyer 1 Mp3gain 2024-11-21 9.8 Critical
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and CVE-2018-10778.
CVE-2021-34084 1 S3-uploader Project 1 S3-uploader 2024-11-21 9.8 Critical
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.
CVE-2021-34083 1 Google-it Project 1 Google-it 2024-11-21 8.1 High
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE.
CVE-2021-34082 1 Proctree Project 1 Proctree 2024-11-21 9.8 Critical
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.
CVE-2021-34081 1 Gitsome Project 1 Gitsome 2024-11-21 8.8 High
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.
CVE-2021-34080 1 Ssl-utils Project 1 Ssl-utils 2024-11-21 9.8 Critical
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
CVE-2021-34079 1 Docker-tester Project 1 Docker-tester 2024-11-21 9.8 Critical
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.
CVE-2021-34078 1 Adp 1 Lifion-verifiy-dependencies 2024-11-21 8.8 High
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.
CVE-2021-34075 1 Artica 1 Pandora Fms 2024-11-21 5.9 Medium
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
CVE-2021-34074 1 Pandorafms 1 Pandora Fms 2024-11-21 9.8 Critical
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
CVE-2021-34073 1 Gadget Works Online Ordering System Project 1 Gadget Works Online Ordering System 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.
CVE-2021-34071 1 Tsmuxer Project 1 Tsmuxer 2024-11-21 5.5 Medium
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34070 1 Tsmuxer Project 1 Tsmuxer 2024-11-21 5.5 Medium
Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34069 1 Tsmuxer Project 1 Tsmuxer 2024-11-21 5.5 Medium
Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34068 1 Tsmuxer Project 1 Tsmuxer 2024-11-21 5.5 Medium
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34067 1 Tsmuxer Project 1 Tsmuxer 2024-11-21 5.5 Medium
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34066 1 Edgegallery 1 Developer-be 2024-11-21 9.8 Critical
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file.
CVE-2021-33988 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.