Search Results (363527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40635 1 Os4ed 1 Opensis 2024-11-21 7.5 High
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.
CVE-2021-40633 1 Giflib Project 1 Giflib 2024-11-21 8.8 High
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.
CVE-2021-40618 1 Os4ed 1 Opensis 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
CVE-2021-40616 1 Thinkcmf 1 Thinkcmf 2024-11-21 6.5 Medium
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required.
CVE-2021-40612 1 Opmantek 1 Open-audit 2024-11-21 9.8 Critical
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.
CVE-2021-40610 1 Emlog Pro Project 1 Emlog Pro 2024-11-21 5.4 Medium
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.
CVE-2021-40609 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40608 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40607 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40606 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVE-2021-40604 1 Invisioncommunity 1 Ips Community Suite 2024-11-21 9.1 Critical
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.
CVE-2021-40597 1 Edimax 2 Ic-3140w, Ic-3140w Firmware 2024-11-21 9.8 Critical
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
CVE-2021-40595 1 Online Leave Management System Project 1 Online Leave Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.
CVE-2021-40592 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file.
CVE-2021-40589 1 Zangband-data Project 1 Zangband-data 2024-11-21 9.8 Critical
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.
CVE-2021-40579 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 6.5 Medium
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).
CVE-2021-40578 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 7.2 High
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.
CVE-2021-40577 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-11-21 5.4 Medium
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.
CVE-2021-40576 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.
CVE-2021-40575 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerability is possibly due to an incomplete fix for CVE-2021-40566.