Search Results (362653 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28028 1 Toodee Project 1 Toodee 2024-11-21 9.8 Critical
An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.
CVE-2021-28027 1 Bam Project 1 Bam 2024-11-21 9.8 Critical
An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.
CVE-2021-28026 1 Jpeg 1 Jpeg-xl 2024-11-21 7.8 High
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.
CVE-2021-28025 1 Qt 1 Qt 2024-11-21 5.5 Medium
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
CVE-2021-28024 1 Servicetonic 1 Servicetonic 2024-11-21 9.8 Critical
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.
CVE-2021-28023 1 Servicetonic 1 Servicetonic 2024-11-21 9.8 Critical
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.
CVE-2021-28022 1 Servicetonic 1 Servicetonic 2024-11-21 7.5 High
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.
CVE-2021-28021 3 Debian, Fedoraproject, Stb Project 3 Debian Linux, Fedora, Stb 2024-11-21 7.8 High
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
CVE-2021-28007 1 Web Based Quiz System Project 1 Web Based Quiz System 2024-11-21 6.1 Medium
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.
CVE-2021-28006 1 Web Based Quiz System Project 1 Web Based Quiz System 2024-11-21 6.1 Medium
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.
CVE-2021-28002 1 Textpattern 1 Textpattern 2024-11-21 5.4 Medium
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
CVE-2021-28001 1 Textpattern 1 Textpattern 2024-11-21 5.4 Medium
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.
CVE-2021-28000 1 Local Services Search Engine Management System Project 1 Local Services Search Engine Management System 2024-11-21 4.8 Medium
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields.
CVE-2021-27999 1 Local Services Search Engine Management System Project 1 Local Services Search Engine Management System 2024-11-21 4.9 Medium
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.
CVE-2021-27990 1 Appspace 1 Appspace 2024-11-21 7.5 High
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
CVE-2021-27989 1 Appspace 1 Appspace 2024-11-21 5.4 Medium
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
CVE-2021-27984 1 Pluck-cms 1 Pluck 2024-11-21 8.1 High
In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading files.
CVE-2021-27983 1 Max-3000 1 Maxsite Cms 2024-11-21 9.8 Critical
Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.
CVE-2021-27973 1 Piwigo 1 Piwigo 2024-11-21 7.2 High
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
CVE-2021-27971 1 Alpsalpine 1 Touchpad Driver 2024-11-21 7.8 High
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.