Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40985 2 Debian, Htmldoc Project 2 Debian Linux, Htmldoc 2024-11-21 5.5 Medium
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
CVE-2021-40981 1 Asus 1 Armoury Crate Lite Service 2024-11-21 7.3 High
ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.
CVE-2021-40978 1 Mkdocs 1 Mkdocs 2024-11-21 7.5 High
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1
CVE-2021-40975 1 Ecommerce-codeigniter-bootstrap Project 1 Ecommerce-codeigniter-bootstrap 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter.
CVE-2021-40973 1 Spotweb Project 1 Spotweb 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
CVE-2021-40972 1 Spotweb Project 1 Spotweb 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
CVE-2021-40971 1 Spotweb Project 1 Spotweb 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
CVE-2021-40970 1 Spotweb Project 1 Spotweb 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2021-40969 1 Spotweb Project 1 Spotweb 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
CVE-2021-40968 1 Spotweb Project 1 Spotweb 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
CVE-2021-40961 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 8.8 High
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.
CVE-2021-40960 1 Galera 1 Galera Webtemplate 2024-11-21 9.8 Critical
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
CVE-2021-40956 1 Laiketui 1 Laiketui 2024-11-21 7.5 High
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
CVE-2021-40955 1 Laiketui 1 Laiketui 2024-11-21 7.2 High
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
CVE-2021-40954 1 Laiketui 1 Laiketui 2024-11-21 9.8 Critical
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
CVE-2021-40944 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40943 1 Axiosys 1 Bento4 2024-11-21 5.5 Medium
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40942 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40941 1 Axiosys 1 Bento4 2024-11-21 7.5 High
In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40940 1 Monstra 1 Monstra 2024-11-21 9.8 Critical
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.