Search Results (363016 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25922 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.
CVE-2021-25913 1 Set-or-get Project 1 Set-or-get 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2021-25912 1 Dotty Project 1 Dotty 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.
CVE-2021-25910 1 Zivautomation 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware 2024-11-21 8 High
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.
CVE-2021-25909 1 Zivautomation 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware 2024-11-21 8.6 High
ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.
CVE-2021-25908 1 Fil-ocl Project 1 Fil-ocl 2024-11-21 7.5 High
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.
CVE-2021-25907 1 Containers Project 1 Containers 2024-11-21 9.8 Critical
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.
CVE-2021-25906 1 Basic Dsp Matrix Project 1 Basic Dsp Matrix 2024-11-21 7.5 High
An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
CVE-2021-25905 1 Bra Project 1 Bra 2024-11-21 9.1 Critical
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
CVE-2021-25904 1 Av-data Project 1 Av-data 2024-11-21 7.5 High
An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.
CVE-2021-25903 1 Cache Project 1 Cache 2024-11-21 7.5 High
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.
CVE-2021-25902 1 Glsl-layout Project 1 Glsl-layout 2024-11-21 7.5 High
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.
CVE-2021-25901 1 Lazy-init Project 1 Lazy-init 2024-11-21 5.3 Medium
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
CVE-2021-25900 1 Servo 1 Smallvec 2024-11-21 9.8 Critical
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
CVE-2021-25899 1 Void 1 Aurall Rec Monitor 2024-11-21 7.5 High
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
CVE-2021-25898 1 Void 1 Aural Rec Monitor 2024-11-21 7.5 High
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
CVE-2021-25894 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 6.1 Medium
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
CVE-2021-25893 1 Magnolia-cms 1 Magnolia Cms 2024-11-21 5.4 Medium
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
CVE-2021-25878 1 Youphptube 1 Youphptube 2024-11-21 6.1 Medium
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
CVE-2021-25877 1 Youphptube 1 Youphptube 2024-11-21 7.2 High
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.