Search Results (366631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40956 1 Laiketui 1 Laiketui 2024-11-21 7.5 High
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
CVE-2021-40955 1 Laiketui 1 Laiketui 2024-11-21 7.2 High
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
CVE-2021-40954 1 Laiketui 1 Laiketui 2024-11-21 9.8 Critical
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
CVE-2021-40944 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40943 1 Axiosys 1 Bento4 2024-11-21 5.5 Medium
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40942 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40941 1 Axiosys 1 Bento4 2024-11-21 7.5 High
In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS).
CVE-2021-40940 1 Monstra 1 Monstra 2024-11-21 9.8 Critical
Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.
CVE-2021-40928 1 Glimmrtv 1 Flextv 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter.
CVE-2021-40927 1 Alfred-spotify-mini-player 1 Alfred Spotify Mini Player 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2021-40926 1 Getid3 1 Getid3 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.
CVE-2021-40925 1 Faveohelpdesk 1 Faveo 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter.
CVE-2021-40924 1 Pixeline 1 Bugs 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.
CVE-2021-40923 1 Pixeline 1 Bugs 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2021-40922 1 Pixeline 1 Bugs 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter.
CVE-2021-40921 1 Detector Project 1 Detector 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter.
CVE-2021-40910 1 Phpcms 1 Phpcms 2024-11-21 6.1 Medium
There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.
CVE-2021-40909 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial Project 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial 2024-11-21 9.6 Critical
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.
CVE-2021-40908 1 Purchase Order Management System Project 1 Purchase Order Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
CVE-2021-40907 1 Storage Unit Rental Management System Project 1 Storage Unit Rental Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.