Export limit exceeded: 347821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45687 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27481 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.5 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. | ||||
| CVE-2021-27479 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.4 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. | ||||
| CVE-2021-27465 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 6.1 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. | ||||
| CVE-2021-27452 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 7.8 High |
| The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | ||||
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 9.8 Critical |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | ||||
| CVE-2021-27438 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 8.8 High |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | ||||
| CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 9.1 Critical |
| The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | ||||
| CVE-2021-27436 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
| WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | ||||
| CVE-2021-27403 | 1 Asus | 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware | 2024-11-21 | 6.1 Medium |
| Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. | ||||
| CVE-2021-27401 | 1 Mitel | 1 Micollab | 2024-11-21 | 6.1 Medium |
| The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS). | ||||
| CVE-2021-27392 | 1 Siemens | 1 Siveillance Video Open Network Bridge | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server. | ||||
| CVE-2021-27371 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Description field. | ||||
| CVE-2021-27370 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. | ||||
| CVE-2021-27369 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. | ||||
| CVE-2021-27368 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. | ||||
| CVE-2021-27349 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | 6.1 Medium |
| Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. | ||||
| CVE-2021-27340 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter. | ||||
| CVE-2021-27338 | 1 Faraday | 1 Edge | 2024-11-21 | 5.4 Medium |
| Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. | ||||
| CVE-2021-27332 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php. | ||||
| CVE-2021-27330 | 1 Triconsole | 1 Datepicker Calendar | 2024-11-21 | 6.1 Medium |
| Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. | ||||