Search Results (363337 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27550 1 Polarisoffice 1 Polaris Office 2024-11-21 5.5 Medium
Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.
CVE-2021-27549 1 Genymobile 1 Genymotion Desktop 2024-11-21 5.3 Medium
Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen
CVE-2021-27548 1 Xpdfreader 1 Xpdf 2024-11-21 5.5 Medium
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
CVE-2021-27545 1 Phpgurukul 1 Beauty Parlour Management System 2024-11-21 6.5 Medium
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
CVE-2021-27544 1 Phpgurukul 1 Beauty Parlour Management System 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.
CVE-2021-27531 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.
CVE-2021-27530 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.
CVE-2021-27529 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.
CVE-2021-27528 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.
CVE-2021-27527 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.
CVE-2021-27526 1 Dynpg 1 Dynpg 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.
CVE-2021-27524 1 Margox 1 Braft-editor 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.
CVE-2021-27523 1 Open-falcon 1 Dashboard 2024-11-21 9.8 Critical
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.
CVE-2021-27522 1 Learnsite Project 1 Learnsite 2024-11-21 8.8 High
Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained.
CVE-2021-27520 1 Fudforum 1 Fudforum 2024-11-21 6.1 Medium
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
CVE-2021-27519 1 Fudforum 1 Fudforum 2024-11-21 6.1 Medium
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
CVE-2021-27517 1 Foxit 2 Phantompdf, Reader 2024-11-21 6.1 Medium
Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API).
CVE-2021-27516 2 Redhat, Uri.js Project 2 Quay, Uri.js 2024-11-21 7.5 High
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-27515 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 5.3 Medium
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-27514 1 Eyesofnetwork 1 Eyesofnetwork 2024-11-21 9.8 Critical
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).