Export limit exceeded: 347453 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27288 | 1 X2engine | 1 X2crm | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page. | ||||
| CVE-2021-27279 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). | ||||
| CVE-2021-27254 | 1 Netgear | 86 Br200, Br200 Firmware, Br500 and 83 more | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. | ||||
| CVE-2021-27237 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 4.8 Medium |
| The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | ||||
| CVE-2021-27228 | 1 Shinobi | 1 Shinobi Pro | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI. | ||||
| CVE-2021-27222 | 1 Obss | 1 Time In Status | 2024-11-21 | 5.4 Medium |
| In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. | ||||
| CVE-2021-27214 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | ||||
| CVE-2021-27190 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 5.4 Medium |
| A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. | ||||
| CVE-2021-27180 | 1 Altn | 1 Mdaemon | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user. | ||||
| CVE-2021-27172 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. | ||||
| CVE-2021-27169 | 1 Fiberhome | 2 An5506-04-fa, An5506-04-fa Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account. | ||||
| CVE-2021-27168 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account. | ||||
| CVE-2021-27167 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so. | ||||
| CVE-2021-27166 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon. | ||||
| CVE-2021-27165 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials. | ||||
| CVE-2021-27164 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP. | ||||
| CVE-2021-27163 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP. | ||||
| CVE-2021-27162 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP. | ||||
| CVE-2021-27161 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP. | ||||
| CVE-2021-27160 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP. | ||||