Search Results (364428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-44625 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
CVE-2021-44623 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
CVE-2021-44622 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-11-21 9.8 Critical
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
CVE-2021-44620 1 Totolink 2 A3100r, A3100r Firmware 2024-11-21 9.8 Critical
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
CVE-2021-44618 1 Nystudio107 1 Seomatic 2024-11-21 9.8 Critical
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.
CVE-2021-44617 1 Glpi-project 1 Glpi 2024-11-21 9.8 Critical
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
CVE-2021-44610 1 Bloofox 1 Bloofoxcms 2024-11-21 9.8 Critical
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.
CVE-2021-44608 1 Bloofox 1 Bloofoxcms 2024-11-21 5.4 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.
CVE-2021-44607 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
CVE-2021-44599 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 7.5 High
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.
CVE-2021-44598 1 Attendance Management System Project 1 Attendance Management System 2024-11-21 6.1 Medium
Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflected method, and then can store information by injecting the admin account on this system.
CVE-2021-44593 1 Simple College Website Project 1 Simple College Website 2024-11-21 8.1 High
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.
CVE-2021-44591 1 Libming 1 Libming 2024-11-21 6.5 Medium
In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.
CVE-2021-44590 1 Libming 1 Libming 2024-11-21 6.5 Medium
In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.
CVE-2021-44586 1 Dst-admin Project 1 Dst-admin 2024-11-21 7.5 High
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.
CVE-2021-44585 1 Jeecg 1 Jeecg Boot 2024-11-21 6.1 Medium
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
CVE-2021-44584 1 Emlog 1 Emlog 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2021-44582 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 8.8 High
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.
CVE-2021-44581 1 Kreado 1 Kreasfero 2024-11-21 7.5 High
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.
CVE-2021-44568 2 Opensuse, Redhat 3 Libsolv, Satellite, Satellite Capsule 2024-11-21 6.5 Medium
Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.