Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3262 1 Trispark 2 Novusedu, Veo Transportation 2024-11-21 9.8 Critical
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.
CVE-2021-3258 1 Qa-themes 1 Q2a Ultimate Seo 2024-11-21 5.4 Medium
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.
CVE-2021-3256 1 Kuaifan 1 Kuaifancms 2024-11-21 6.5 Medium
KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.
CVE-2021-3254 1 Asus 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware 2024-11-21 7.5 High
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
CVE-2021-3252 1 Kaco-newenergy 2 Xp100u, Xp100u Firmware 2024-11-21 7.5 High
KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.
CVE-2021-3246 4 Debian, Fedoraproject, Libsndfile Project and 1 more 5 Debian Linux, Fedora, Libsndfile and 2 more 2024-11-21 8.8 High
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
CVE-2021-3243 1 Wfiltericf 1 Wfilter Internet Content Filter 2024-11-21 6.1 Medium
Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.
CVE-2021-3242 1 Duxcms Project 1 Duxcms 2024-11-21 9.8 Critical
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
CVE-2021-3239 1 E-learning System Project 1 E-learning System 2024-11-21 9.8 Critical
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
CVE-2021-3236 1 Vim 1 Vim 2024-11-21 5.5 Medium
vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.
CVE-2021-3229 1 Asus 2 Rt-ax3000, Rt-ax3000 Firmware 2024-11-21 7.5 High
Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.
CVE-2021-3224 1 Cszcms 1 Csz Cms 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
CVE-2021-3223 1 Nodered 1 Node-red-dashboard 2024-11-21 7.5 High
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
CVE-2021-3210 1 Bloodhound Project 1 Bloodhound 2024-11-21 9.6 Critical
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.
CVE-2021-3204 1 Webware 1 Webdesktop 2024-11-21 6.5 Medium
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.
CVE-2021-3200 3 Opensuse, Oracle, Redhat 5 Libsolv, Communications Cloud Native Core Policy, Enterprise Linux and 2 more 2024-11-21 3.3 Low
Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service
CVE-2021-3199 1 Onlyoffice 1 Document Server 2024-11-21 9.8 Critical
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.
CVE-2021-3198 1 Ivanti 1 Mobileiron 2024-11-21 6.5 Medium
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVE-2021-3197 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-11-21 9.8 Critical
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.
CVE-2021-3196 1 Hitachi 1 Id Bravura Security Fabric 2024-11-21 8.8 High
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.