Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-37333 1 Bookingcore 1 Booking Core 2024-11-21 9.8 Critical
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.
CVE-2021-37331 1 Bookingcore 1 Booking Core 2024-11-21 5.3 Medium
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.
CVE-2021-37330 1 Bookingcore 1 Booking Core 2024-11-21 5.4 Medium
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger.
CVE-2021-37326 1 Netsarang 1 Xshell 2024-11-21 5.3 Medium
NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.
CVE-2021-37322 1 Gnu 2 Binutils, Gcc 2024-11-21 7.8 High
GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
CVE-2021-37293 1 Kevinlab 1 4st L-bems 2024-11-21 6.5 Medium
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.
CVE-2021-37292 1 Kevinlab 1 4st L-bems 2024-11-21 7.2 High
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.
CVE-2021-37291 1 Kevinlab 1 4st L-bems 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.
CVE-2021-37289 1 Planex 2 Mzk-dp150n, Mzk-dp150n Firmware 2024-11-21 7.2 High
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
CVE-2021-37274 1 Kingdee 1 Kis Cloud 2024-11-21 8.8 High
Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.
CVE-2021-37273 1 Chinatelecom 2 Epon Tianyi Gateway Zxhn F450, Epon Tianyi Gateway Zxhn F450 Firmware 2024-11-21 7.5 High
A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times.
CVE-2021-37271 1 Baidu 1 Ueditor 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-37270 1 S-cms 1 Cms Enterprise Website Construction System 2024-11-21 9.8 Critical
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
CVE-2021-37267 1 Kindsoft 1 Kindeditor 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-37262 1 Jflyfox 1 Jfinal Cms 2024-11-21 7.5 High
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
CVE-2021-37254 1 M-files 1 M-files Web 2024-11-21 7.5 High
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
CVE-2021-37253 1 M-files 1 M-files Web 2024-11-21 7.5 High
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application
CVE-2021-37232 1 Atomicparsley Project 1 Atomicparsley 2024-11-21 9.8 Critical
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.
CVE-2021-37231 1 Atomicparsley Project 1 Atomicparsley 2024-11-21 5.5 Medium
A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.
CVE-2021-37223 1 Nagios 1 Nagios Xi 2024-11-21 6.5 Medium
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.