Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25209 1 Theme Park Ticketing System Project 1 Theme Park Ticketing System 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .
CVE-2021-25208 1 Travel Management System Project 1 Travel Management System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
CVE-2021-25207 1 E-commerce Website Project 1 E-commerce Website 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
CVE-2021-25206 1 Responsive Ordering System Project 1 Responsive Ordering System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
CVE-2021-25205 1 E-commerce Website Project 1 E-commerce Website 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
CVE-2021-25204 1 E-commerce Website Project 1 E-commerce Website 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
CVE-2021-25203 1 Victor Cms Project 1 Victor Cms 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
CVE-2021-25202 1 Sales And Inventory System Project 1 Sales And Inventory System 2024-11-21 9.8 Critical
SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php.
CVE-2021-25201 1 Learning Management System Project 1 Learning Management System 2024-11-21 7.5 High
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
CVE-2021-25200 1 Learning Management System Project 1 Learning Management System 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
CVE-2021-25197 1 Content Management System Project 1 Content Management System 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php
CVE-2021-25195 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.8 High
Windows PKU2U Elevation of Privilege Vulnerability
CVE-2021-25179 1 Solarwinds 1 Serv-u File Server 2024-11-21 6.1 Medium
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.
CVE-2021-25178 2 Opendesign, Siemens 4 Drawings Software Development Kit, Comos, Jt2go and 1 more 2024-11-21 7.8 High
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.
CVE-2021-25177 2 Opendesign, Siemens 4 Drawings Software Development Kit, Comos, Jt2go and 1 more 2024-11-21 7.8 High
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).
CVE-2021-25176 2 Opendesign, Siemens 4 Drawings Software Development Kit, Comos, Jt2go and 1 more 2024-11-21 7.8 High
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).
CVE-2021-25175 2 Opendesign, Siemens 4 Drawings Software Development Kit, Comos, Jt2go and 1 more 2024-11-21 7.8 High
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).
CVE-2021-25174 2 Opendesign, Siemens 4 Drawings Software Development Kit, Comos, Jt2go and 1 more 2024-11-21 7.8 High
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).
CVE-2021-25173 2 Opendesign, Siemens 4 Drawings Software Development Kit, Comos, Jt2go and 1 more 2024-11-21 7.8 High
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25172 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2024-11-21 7.8 High
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.