Search Results (362495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27332 1 Casap Automated Enrollment System Project 1 Casap Automated Enrollment System 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php.
CVE-2021-27330 1 Triconsole 1 Datepicker Calendar 2024-11-21 6.1 Medium
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
CVE-2021-27329 1 Frendi 1 Frendica 2024-11-21 10.0 Critical
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.
CVE-2021-27328 1 Yeastar 2 Neogate Tg400, Neogate Tg400 Firmware 2024-11-21 6.5 Medium
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key.
CVE-2021-27320 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.
CVE-2021-27319 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.
CVE-2021-27318 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.
CVE-2021-27317 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
CVE-2021-27316 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.
CVE-2021-27315 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 7.5 High
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.
CVE-2021-27314 1 Doctor Appointment System Project 1 Doctor Appointment System 2024-11-21 9.8 Critical
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
CVE-2021-27310 1 Csphere 1 Clansphere 2024-11-21 6.1 Medium
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
CVE-2021-27309 1 Csphere 1 Clansphere 2024-11-21 6.1 Medium
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
CVE-2021-27308 1 4homepages 1 4images 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.
CVE-2021-27306 1 Konghq 1 Kong Gateway 2024-11-21 7.5 High
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.
CVE-2021-27293 1 Restsharp 1 Restsharp 2024-11-21 7.5 High
RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service (ReDoS) when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus the remote server can trigger Denial of Service.
CVE-2021-27292 2 Redhat, Ua-parser-js Project 5 Acm, Jaeger, Logging and 2 more 2024-11-21 7.5 High
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
CVE-2021-27291 4 Debian, Fedoraproject, Pygments and 1 more 6 Debian Linux, Fedora, Pygments and 3 more 2024-11-21 7.5 High
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
CVE-2021-27290 4 Oracle, Redhat, Siemens and 1 more 6 Graalvm, Enterprise Linux, Rhel Eus and 3 more 2024-11-21 7.5 High
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
CVE-2021-27288 1 X2engine 1 X2crm 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.