Search Results (363807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-41495 2 Numpy, Redhat 2 Numpy, Openstack 2024-11-21 5.3 Medium
Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place
CVE-2021-41492 1 Simple Cashiering System Project 1 Simple Cashiering System 2024-11-21 9.8 Critical
Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.
CVE-2021-41490 1 Rice 1 Open Motion Planning Library 2024-11-21 7.5 High
Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.
CVE-2021-41487 1 Nokia 1 Vitalsuite 2024-11-21 9.8 Critical
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
CVE-2021-41472 1 Simple Membership System Using Php And Ajax Project 1 Simple Membership System Using Php And Ajax 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.
CVE-2021-41471 1 South Gate Inn Online Reservation System Project 1 South Gate Inn Online Reservation System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.
CVE-2021-41467 1 Justwriting Project 1 Justwriting 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
CVE-2021-41465 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
CVE-2021-41464 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
CVE-2021-41463 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.
CVE-2021-41462 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter.
CVE-2021-41461 1 Concrete5-legacy Project 1 Concrete5-legacy 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
CVE-2021-41460 1 Shopex 1 Ecshop 2024-11-21 7.5 High
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
CVE-2021-41459 1 Gpac 1 Mp4box 2024-11-21 7.5 High
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.
CVE-2021-41458 1 Gpac 1 Mp4box 2024-11-21 5.5 Medium
In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.
CVE-2021-41457 1 Gpac 1 Mp4box 2024-11-21 7.5 High
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.
CVE-2021-41456 1 Gpac 1 Mp4box 2024-11-21 7.5 High
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
CVE-2021-41451 1 Tp-link 2 Archer Ax10, Archer Ax10 Firmware 2024-11-21 7.5 High
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.
CVE-2021-41450 1 Tp-link 2 Archer Ax10 V1, Archer Ax10 V1 Firmware 2024-11-21 7.5 High
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.
CVE-2021-41449 1 Netgear 6 Rax35, Rax35 Firmware, Rax38 and 3 more 2024-11-21 7.1 High
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.