Search Results (362450 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-31718 1 Npupnp Project 1 Npupnp 2024-11-21 8.8 High
The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.
CVE-2021-31712 1 React Draft Wysiwyg Project 1 React Draft Wysiwyg 2024-11-21 5.4 Medium
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.
CVE-2021-31703 1 Frontiersoftware 1 Ichris 2024-11-21 9.8 Critical
Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.
CVE-2021-31702 1 Frontiersoftware 1 Ichris 2024-11-21 7.5 High
Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.
CVE-2021-31701 1 Mintty Project 1 Mintty 2024-11-21 7.5 High
Mintty before 3.4.7 mishandles Bracketed Paste Mode.
CVE-2021-31698 1 Quectel 2 Eg25-g, Eg25-g Firmware 2024-11-21 9.8 Critical
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.
CVE-2021-31684 3 Json-smart Project, Oracle, Redhat 4 Json-smart-v1, Json-smart-v2, Utilities Framework and 1 more 2024-11-21 7.5 High
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
CVE-2021-31682 1 Automatedlogic 1 Webctrl 2024-11-21 6.1 Medium
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.
CVE-2021-31681 1 Ultralytics 1 Yolov3 2024-11-21 7.8 High
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.
CVE-2021-31680 1 Ultralytics 1 Yolov5 2024-11-21 7.8 High
Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.
CVE-2021-31679 1 Pescms 1 Pescms Team 2024-11-21 6.5 Medium
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.
CVE-2021-31678 1 Pescms 1 Pescms Team 2024-11-21 6.5 Medium
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.
CVE-2021-31677 1 Pescms 1 Pescms Team 2024-11-21 6.5 Medium
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.
CVE-2021-31676 1 Pescms 1 Pescms Team 2024-11-21 6.1 Medium
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.
CVE-2021-31674 1 Cyclos 1 Cyclos 2024-11-21 6.1 Medium
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
CVE-2021-31673 1 Cyclos 1 Cyclos 2024-11-21 6.1 Medium
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.
CVE-2021-31671 1 Pgsync Project 1 Pgsync 2024-11-21 7.5 High
pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.
CVE-2021-31664 1 Riot-os 1 Riot 2024-11-21 7.5 High
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31663 1 Riot-os 1 Riot 2024-11-21 7.5 High
RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31662 1 Riot-os 1 Riot 2024-11-21 7.5 High
RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information.