Search Results (364428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44664 1 Xerte 1 Xerte 2024-11-21 8.8 High
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.
CVE-2021-44663 1 Nottingham.ac 1 Xerte Online Toolkits 2024-11-21 9.8 Critical
A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.
CVE-2021-44662 1 Nottingham.ac 1 Xerte Online Toolkits 2024-11-21 6.1 Medium
A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.
CVE-2021-44659 1 Thoughtworks 1 Gocd 2024-11-21 9.8 Critical
Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). NOTE: the vendor's position is that the observed behavior is not a vulnerability, because the product's design allows an admin to configure outbound requests
CVE-2021-44657 1 Stackstorm 1 Stackstorm 2024-11-21 8.8 High
In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.
CVE-2021-44655 1 Online Pre-owned\/used Car Showroom Management System Project 1 Online Pre-owned\/used Car Showroom Management System 2024-11-21 9.8 Critical
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
CVE-2021-44653 1 Oretnom23 1 Online Magazine Management System 2024-11-21 9.8 Critical
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CVE-2021-44652 1 Zohocorp 1 Manageengine O365 Manager Plus 2024-11-21 7.8 High
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
CVE-2021-44651 1 Zohocorp 2 Log360, Manageengine Cloud Security Plus 2024-11-21 8.8 High
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.
CVE-2021-44650 1 Zohocorp 1 Manageengine M365 Manager Plus 2024-11-21 7.2 High
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
CVE-2021-44649 1 Django-cms 1 Django Cms 2024-11-21 5.4 Medium
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
CVE-2021-44648 4 Debian, Fedoraproject, Gnome and 1 more 4 Debian Linux, Fedora, Gdkpixbuf and 1 more 2024-11-21 8.8 High
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
CVE-2021-44647 2 Fedoraproject, Lua 2 Fedora, Lua 2024-11-21 5.5 Medium
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
CVE-2021-44632 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44631 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44630 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44629 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44628 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44627 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44626 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.