Search Results (362972 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25811 1 Mercusys 2 Mercury X18g, Mercury X18g Firmware 2024-11-21 7.5 High
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
CVE-2021-25810 1 Mercusys 2 Mercury X18g, Mercury X18g Firmware 2024-11-21 6.1 Medium
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
CVE-2021-25809 1 Ucms Project 1 Ucms 2024-11-21 5.3 Medium
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
CVE-2021-25808 1 Bludit 1 Bludit 2024-11-21 7.8 High
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2021-25804 1 Videolan 1 Vlc Media Player 2024-11-21 7.5 High
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
CVE-2021-25803 1 Videolan 1 Vlc Media Player 2024-11-21 7.1 High
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25802 1 Videolan 1 Vlc Media Player 2024-11-21 7.1 High
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25801 1 Videolan 1 Vlc Media Player 2024-11-21 7.1 High
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25791 1 Online Doctor Appointment System Php Full Source Code Project 1 Online Doctor Appointment System Php Full Source Code 2024-11-21 5.4 Medium
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
CVE-2021-25790 1 House Rental And Property Listing Php Project 1 House Rental And Property Listing Php 2024-11-21 5.4 Medium
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.
CVE-2021-25786 1 Qpdf Project 1 Qpdf 2024-11-21 5.3 Medium
An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
CVE-2021-25785 1 Taogogo 1 Taocms 2024-11-21 4.8 Medium
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
CVE-2021-25784 1 Taogogo 1 Taocms 2024-11-21 7.2 High
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
CVE-2021-25783 1 Taogogo 1 Taocms 2024-11-21 7.2 High
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
CVE-2021-25778 1 Jetbrains 1 Teamcity 2024-11-21 5.3 Medium
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
CVE-2021-25777 1 Jetbrains 1 Teamcity 2024-11-21 5.3 Medium
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
CVE-2021-25776 1 Jetbrains 1 Teamcity 2024-11-21 7.5 High
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-25775 1 Jetbrains 1 Teamcity 2024-11-21 3.8 Low
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
CVE-2021-25774 1 Jetbrains 1 Teamcity 2024-11-21 4.3 Medium
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
CVE-2021-25773 1 Jetbrains 1 Teamcity 2024-11-21 6.1 Medium
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.