Search Results (364787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-46383 1 Mingsoft 1 Mcms 2024-11-21 7.5 High
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ΒΆΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
CVE-2021-46382 1 Netgear 2 Wac120 Ac, Wac120 Ac Firmware 2024-11-21 6.1 Medium
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.
CVE-2021-46381 1 Dlink 2 Dap-1620, Dap-1620 Firmware 2024-11-21 7.5 High
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
CVE-2021-46379 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 6.1 Medium
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
CVE-2021-46378 1 Dlink 2 Dir-850l, Dir-850l Firmware 2024-11-21 7.5 High
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.
CVE-2021-46377 1 Cskaza 1 Cszcms 2024-11-21 9.8 Critical
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser
CVE-2021-46372 1 Erudika 1 Scoold 2024-11-21 5.4 Medium
Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters.
CVE-2021-46371 1 Antd-admin Project 1 Antd-admin 2024-11-21 7.5 High
antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.
CVE-2021-46368 1 Trigonesoft 1 Remote System Monitor 2024-11-21 7.8 High
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
CVE-2021-46367 1 Ritecms 1 Ritecms 2024-11-21 7.2 High
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.
CVE-2021-46366 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 8.8 High
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
CVE-2021-46365 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 7.8 High
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.
CVE-2021-46364 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 7.8 High
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.
CVE-2021-46363 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 7.8 High
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.
CVE-2021-46362 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 9.8 Critical
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
CVE-2021-46361 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 9.8 Critical
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
CVE-2021-46360 1 Ocproducts 1 Composr 2024-11-21 8.8 High
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.
CVE-2021-46359 1 Fisco-bcos 1 Fisco-bcos 2024-11-21 7.5 High
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.
CVE-2021-46354 1 Cybelesoft 1 Thinfinity Virtualui 2024-11-21 7.5 High
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.
CVE-2021-46353 1 Dlink 2 Dir-x1860, Dir-x1860 Firmware 2024-11-21 5.3 Medium
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application.