Search Results (364170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43506 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.
CVE-2021-43505 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 5.4 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.
CVE-2021-43498 1 Atutor 1 Atutor 2024-11-21 7.5 High
An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.
CVE-2021-43496 1 Clustering Project 1 Clustering 2024-11-21 7.5 High
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
CVE-2021-43495 1 Alquistai 1 Alquist 2024-11-21 7.5 High
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
CVE-2021-43494 1 Codingforentrepreneurs 1 Opencv Rest Api 2024-11-21 7.5 High
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.
CVE-2021-43493 1 Servermanagement Project 1 Servermanagement 2024-11-21 7.5 High
ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code.
CVE-2021-43492 1 Alquistai 1 Alquist 2024-11-21 7.5 High
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access.
CVE-2021-43484 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
CVE-2021-43483 1 Claro 2 Kaon Cg3000, Kaon Cg3000 Firmware 2024-11-21 8.0 High
An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.
CVE-2021-43481 1 Webtareas Project 1 Webtareas 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
CVE-2021-43479 1 Secretarycms 1 The Secretary 2024-11-21 9.8 Critical
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.
CVE-2021-43478 1 Hoosk 1 Hoosk 2024-11-21 5.4 Medium
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
CVE-2021-43474 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-11-21 9.8 Critical
An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function
CVE-2021-43471 1 Canon 2 Lbp223dw, Lbp223dw Firmware 2024-11-21 7.5 High
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.
CVE-2021-43469 1 Vinga 2 Wr-n300u, Wr-n300u Firmware 2024-11-21 8.8 High
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.
CVE-2021-43466 1 Thymeleaf 1 Thymeleaf 2024-11-21 9.8 Critical
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
CVE-2021-43464 1 Intelliants 1 Subrion Cms 2024-11-21 8.8 High
A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().
CVE-2021-43463 1 Ext2 File System Driver Project 1 Ext2 File System Driver 2024-11-21 7.8 High
An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.
CVE-2021-43462 1 Rumble Mail Server Project 1 Rumble Mail Server 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.