Search Results (363500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40324 1 Cobbler Project 1 Cobbler 2024-11-21 7.5 High
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
CVE-2021-40323 1 Cobbler Project 1 Cobbler 2024-11-21 9.8 Critical
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
CVE-2021-40317 1 Piwigo 1 Piwigo 2024-11-21 8.8 High
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.
CVE-2021-40313 1 Piwigo 1 Piwigo 2024-11-21 8.8 High
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.
CVE-2021-40310 1 Os4ed 1 Opensis 2024-11-21 5.4 Medium
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
CVE-2021-40309 1 Os4ed 1 Opensis 2024-11-21 8.8 High
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.
CVE-2021-40292 1 Dzzoffice 1 Dzzoffice 2024-11-21 5.4 Medium
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
CVE-2021-40288 1 Tp-link 2 Archer Ax10, Archer Ax10 Firmware 2024-11-21 7.5 High
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames
CVE-2021-40285 1 Htmly 1 Htmly 2024-11-21 8.1 High
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
CVE-2021-40284 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2024-11-21 6.5 Medium
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.
CVE-2021-40282 1 Zzcms 1 Zzcms 2024-11-21 8.8 High
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.
CVE-2021-40281 1 Zzcms 1 Zzcms 2024-11-21 8.8 High
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
CVE-2021-40280 1 Zzcms 1 Zzcms 2024-11-21 7.2 High
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.
CVE-2021-40279 1 Zzcms 1 Zzcms 2024-11-21 7.2 High
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
CVE-2021-40266 1 Freeimage Project 1 Freeimage 2024-11-21 6.5 Medium
FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.
CVE-2021-40265 1 Freeimage Project 1 Freeimage 2024-11-21 8.8 High
A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40264 1 Freeimage Project 1 Freeimage 2024-11-21 6.5 Medium
NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40263 1 Freeimage Project 1 Freeimage 2024-11-21 8.8 High
A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40262 1 Freeimage Project 1 Freeimage 2024-11-21 6.5 Medium
A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40261 1 Casap Automated Enrollment System Project 1 Casap Automated Enrollment System 2024-11-21 6.1 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name.