Export limit exceeded: 84932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37550 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. | ||||
| CVE-2021-37548 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | ||||
| CVE-2021-37545 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | ||||
| CVE-2021-37543 | 1 Jetbrains | 1 Rubymine | 2024-11-21 | 8.8 High |
| In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for untrusted projects. | ||||
| CVE-2021-37531 | 1 Sap | 1 Netweaver Knowledge Management Xml Forms | 2024-11-21 | 8.8 High |
| SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system. | ||||
| CVE-2021-37517 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 High |
| An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | ||||
| CVE-2021-37471 | 1 Cradlepoint | 6 Ibr600, Ibr600 Firmware, Ibr600c and 3 more | 2024-11-21 | 7.5 High |
| Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line. | ||||
| CVE-2021-37447 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 8.1 High |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | ||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 8.8 High |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | ||||
| CVE-2021-37443 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 8.1 High |
| NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | ||||
| CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 8.8 High |
| NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | ||||
| CVE-2021-37419 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. | ||||
| CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 High |
| Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | ||||
| CVE-2021-37394 | 1 Rpcms | 1 Rpcms | 2024-11-21 | 8.8 High |
| In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. | ||||
| CVE-2021-37386 | 1 Furukawa | 8 423-41w\/ac, 423-41w\/ac Firmware, Ld420-10r and 5 more | 2024-11-21 | 7.5 High |
| Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. | ||||
| CVE-2021-37381 | 1 Southsoft | 1 Graduate Management Information System | 2024-11-21 | 8.8 High |
| Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1]. | ||||
| CVE-2021-37372 | 1 Online Student Admission System Project | 1 Online Student Admission System | 2024-11-21 | 8.8 High |
| Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution. | ||||
| CVE-2021-37367 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 7.8 High |
| CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands. | ||||
| CVE-2021-37366 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 8.8 High |
| CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users. | ||||
| CVE-2021-37364 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.8 High |
| OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | ||||