Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45286 1 Zzcms 1 Zzcms 2024-11-21 5.3 Medium
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
CVE-2021-45281 1 Quickbox 1 Quickbox 2024-11-21 6.1 Medium
QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized.
CVE-2021-45268 1 Backdropcms 1 Backdrop 2024-11-21 8.8 High
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
CVE-2021-45267 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.
CVE-2021-45266 1 Gpac 1 Gpac 2024-11-21 7.5 High
A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.
CVE-2021-45263 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash.
CVE-2021-45262 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.
CVE-2021-45261 1 Gnu 1 Patch 2024-11-21 5.5 Medium
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
CVE-2021-45260 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.
CVE-2021-45259 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash.
CVE-2021-45258 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.
CVE-2021-45257 1 Nasm 1 Netwide Assembler 2024-11-21 5.5 Medium
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
CVE-2021-45256 1 Nasm 1 Netwide Assembler 2024-11-21 5.5 Medium
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
CVE-2021-45255 1 Video Sharing Website Project 1 Video Sharing Website 2024-11-21 9.8 Critical
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
CVE-2021-45253 1 Simple Cold Storage Management System Project 1 Simple Cold Storage Managment System 2024-11-21 9.8 Critical
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
CVE-2021-45252 1 Oretnom23 1 Simple Forum\/discussion System 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.
CVE-2021-45232 1 Apache 1 Apisix Dashboard 2024-11-21 9.8 Critical
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
CVE-2021-45231 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2024-11-21 7.8 High
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-45230 1 Apache 1 Airflow 2024-11-21 6.5 Medium
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
CVE-2021-45229 1 Apache 1 Airflow 2024-11-21 6.1 Medium
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.