Export limit exceeded: 14352 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10065 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43736 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
| CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | ||||
| CVE-2021-43721 | 1 Leanote | 1 Leanote | 2024-11-21 | 6.1 Medium |
| Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> | ||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 8.8 High |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. | ||||
| CVE-2021-43609 | 1 Spiceworks | 1 Help Desk Server | 2024-11-21 | 9.9 Critical |
| An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. | ||||
| CVE-2021-43579 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | ||||
| CVE-2021-43562 | 1 Pixxio | 1 Pixx.io | 2024-11-21 | 8.8 High |
| An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this. | ||||
| CVE-2021-43555 | 1 Myscada | 1 Mydesigner | 2024-11-21 | 7.3 High |
| mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. | ||||
| CVE-2021-43484 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | ||||
| CVE-2021-43479 | 1 Secretarycms | 1 The Secretary | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. | ||||
| CVE-2021-43466 | 1 Thymeleaf | 1 Thymeleaf | 2024-11-21 | 9.8 Critical |
| In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. | ||||
| CVE-2021-43256 | 1 Microsoft | 8 365 Apps, Excel, Excel Rt and 5 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-43234 | 1 Microsoft | 24 Windows 10, Windows 10 1507, Windows 10 1607 and 21 more | 2024-11-21 | 7.8 High |
| Windows Fax Service Remote Code Execution Vulnerability | ||||
| CVE-2021-43233 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2024-11-21 | 7.5 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2021-43232 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Remote Code Execution Vulnerability | ||||
| CVE-2021-43225 | 1 Microsoft | 1 Bot Framework Software Development Kit | 2024-11-21 | 7.5 High |
| Bot Framework SDK Remote Code Execution Vulnerability | ||||
| CVE-2021-43221 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | 4.2 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2021-43217 | 1 Microsoft | 24 Windows 10, Windows 10 1507, Windows 10 1607 and 21 more | 2024-11-21 | 8.1 High |
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | ||||
| CVE-2021-43215 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 9.8 Critical |
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | ||||
| CVE-2021-43214 | 1 Microsoft | 1 Raw Image Extension | 2024-11-21 | 7.8 High |
| Web Media Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-43209 | 1 Microsoft | 1 3d Viewer | 2024-11-21 | 7.8 High |
| 3D Viewer Remote Code Execution Vulnerability | ||||