Search Results (364021 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-37345 1 Nagios 1 Nagios Xi 2024-11-21 7.8 High
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
CVE-2021-37344 1 Nagios 1 Nagios Xi Switch Wizard 2024-11-21 9.8 Critical
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
CVE-2021-37343 1 Nagios 1 Nagios Xi 2024-11-21 8.8 High
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
CVE-2021-37334 1 Umbraco 1 Forms 2024-11-21 9.8 Critical
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server.
CVE-2021-37333 1 Bookingcore 1 Booking Core 2024-11-21 9.8 Critical
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.
CVE-2021-37331 1 Bookingcore 1 Booking Core 2024-11-21 5.3 Medium
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.
CVE-2021-37330 1 Bookingcore 1 Booking Core 2024-11-21 5.4 Medium
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger.
CVE-2021-37326 1 Netsarang 1 Xshell 2024-11-21 5.3 Medium
NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.
CVE-2021-37322 1 Gnu 2 Binutils, Gcc 2024-11-21 7.8 High
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
CVE-2021-37293 1 Kevinlab 1 4st L-bems 2024-11-21 6.5 Medium
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.
CVE-2021-37292 1 Kevinlab 1 4st L-bems 2024-11-21 7.2 High
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.
CVE-2021-37291 1 Kevinlab 1 4st L-bems 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.
CVE-2021-37289 1 Planex 2 Mzk-dp150n, Mzk-dp150n Firmware 2024-11-21 7.2 High
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
CVE-2021-37274 1 Kingdee 1 Kis Cloud 2024-11-21 8.8 High
Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.
CVE-2021-37273 1 Chinatelecom 2 Epon Tianyi Gateway Zxhn F450, Epon Tianyi Gateway Zxhn F450 Firmware 2024-11-21 7.5 High
A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times.
CVE-2021-37271 1 Baidu 1 Ueditor 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-37270 1 S-cms 1 Cms Enterprise Website Construction System 2024-11-21 9.8 Critical
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
CVE-2021-37267 1 Kindsoft 1 Kindeditor 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-37262 1 Jflyfox 1 Jfinal Cms 2024-11-21 7.5 High
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
CVE-2021-37254 1 M-files 1 M-files Web 2024-11-21 7.5 High
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.