Search Results (363434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-29067 1 Netgear 26 Rbk752, Rbk752 Firmware, Rbk753 and 23 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.
CVE-2021-29066 1 Netgear 10 Rbk852, Rbk852 Firmware, Rbk853 and 7 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
CVE-2021-29065 1 Netgear 2 Rbr850, Rbr850 Firmware 2024-11-21 9.6 Critical
NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass.
CVE-2021-29063 2 Fedoraproject, Mpmath 2 Fedora, Mpmath 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.
CVE-2021-29061 1 Vfsjfilechooser2 Project 1 Vfsjfilechooser2 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 version 0.2.9 and below which occurs when the application attempts to validate crafted URIs.
CVE-2021-29060 1 Color-string Project 1 Color-string 2024-11-21 5.3 Medium
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.
CVE-2021-29059 2 Is-svg Project, Redhat 2 Is-svg, Openshift 2024-11-21 7.5 High
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.
CVE-2021-29057 1 Thoughtworks 1 Node-worker-threads-pool 2024-11-21 6.5 Medium
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.
CVE-2021-29056 1 Pixelimity 1 Pixelimity 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.
CVE-2021-29055 1 School File Management System Project 1 School File Management System 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.
CVE-2021-29054 1 Papoo 1 Papoo 2024-11-21 8.8 High
Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges (remote).
CVE-2021-29053 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 8.8 High
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.
CVE-2021-29052 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 4.3 Medium
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
CVE-2021-29047 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 7.5 High
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
CVE-2021-29046 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortlet_title parameter.
CVE-2021-29045 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL parameter.
CVE-2021-29041 1 Liferay 1 Dxp 2024-11-21 6.5 Medium
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
CVE-2021-29039 1 Liferay 1 Liferay Portal 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.
CVE-2021-29033 1 Bitweaver 1 Bitweaver 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.
CVE-2021-29032 1 Bitweaver 1 Bitweaver 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI.