Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45793 1 Slims 1 Senayan Library Management System 2024-11-21 7.5 High
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
CVE-2021-45792 1 Slims 1 Senayan Library Management System 2024-11-21 4.8 Medium
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
CVE-2021-45791 1 Slims 1 Senayan Library Management System 2024-11-21 8.8 High
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
CVE-2021-45790 1 Metersphere 1 Metersphere 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.
CVE-2021-45789 1 Metersphere 1 Metersphere 2024-11-21 6.5 Medium
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.
CVE-2021-45788 1 Metersphere 1 Metersphere 2024-11-21 8.8 High
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.
CVE-2021-45787 1 Maccms 1 Maccms 2024-11-21 5.4 Medium
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
CVE-2021-45786 1 Maccms 1 Maccms 2024-11-21 9.8 Critical
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
CVE-2021-45785 1 Trudesk Project 1 Trudesk 2024-11-21 4.3 Medium
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.
CVE-2021-45783 1 Bookeen 2 Notea, Notea Firmware 2024-11-21 4.6 Medium
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.
CVE-2021-45773 1 Mz-automation 1 Lib60870 2024-11-21 7.5 High
A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.
CVE-2021-45769 1 Mz-automation 1 Libiec61850 2024-11-21 7.5 High
A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.
CVE-2021-45767 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-45764 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().
CVE-2021-45763 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed(). This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-45762 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2021-45761 1 Ropium Project 1 Ropium 2024-11-21 7.5 High
ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function.
CVE-2021-45760 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2021-45757 1 Asus 2 Rt-ac68u, Rt-ac68u Firmware 2024-11-21 7.5 High
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
CVE-2021-45756 1 Asus 4 Rt-ac5300, Rt-ac5300 Firmware, Rt-ac68u and 1 more 2024-11-21 9.8 Critical
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.