Search Results (362527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27527 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.
CVE-2021-27526 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.
CVE-2021-27524 1 Margox 1 Braft-editor 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.
CVE-2021-27523 1 Open-falcon 1 Dashboard 2024-11-21 9.8 Critical
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.
CVE-2021-27522 1 Learnsite Project 1 Learnsite 2024-11-21 8.8 High
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.
CVE-2021-27520 1 Fudforum 1 Fudforum 2024-11-21 6.1 Medium
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
CVE-2021-27519 1 Fudforum 1 Fudforum 2024-11-21 6.1 Medium
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
CVE-2021-27517 1 Foxit 2 Phantompdf, Reader 2024-11-21 6.1 Medium
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
CVE-2021-27516 2 Redhat, Uri.js Project 2 Quay, Uri.js 2024-11-21 7.5 High
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-27515 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 5.3 Medium
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-27514 1 Eyesofnetwork 1 Eyesofnetwork 2024-11-21 9.8 Critical
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).
CVE-2021-27513 1 Eyesofnetwork 1 Eyesofnetwork 2024-11-21 8.8 High
The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
CVE-2021-27509 1 Visualware 1 Myconnection Server 2024-11-21 7.5 High
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.
CVE-2021-27506 3 Clamav, Netasq Project, Stormshield 3 Clamav, Netasq, Stormshield Network Security 2024-11-21 5.5 Medium
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
CVE-2021-27504 2 Amazon, Ti 6 Freertos, Simplelink Cc13xx Software Development Kit, Simplelink Cc26xx Software Development Kit and 3 more 2024-11-21 7.4 High
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.
CVE-2021-27503 1 Ypsomed 2 Mylife, Mylife Cloud 2024-11-21 4.8 Medium
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages.
CVE-2021-27502 1 Ti 14 Cc3200, Cc3220r, Cc3220s and 11 more 2024-11-21 7.4 High
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.
CVE-2021-27499 1 Ypsomed 2 Mylife, Mylife Cloud 2024-11-21 5.9 Medium
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages.
CVE-2021-27496 3 Datakit, Luxion, Siemens 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more 2024-11-21 7.8 High
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2021-27495 1 Ypsomed 2 Mylife, Mylife Cloud 2024-11-21 7.1 High
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.