Export limit exceeded: 10067 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10067 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45341 | 3 Debian, Fedoraproject, Librecad | 3 Debian Linux, Fedora, Librecad | 2024-11-21 | 8.8 High |
| A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | ||||
| CVE-2021-45268 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons | ||||
| CVE-2021-45090 | 1 Stormshield | 1 Endpoint Security | 2024-11-21 | 9.8 Critical |
| Stormshield Endpoint Security before 2.1.2 allows remote code execution. | ||||
| CVE-2021-45029 | 1 Apache | 1 Shenyu | 2024-11-21 | 9.8 Critical |
| Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||||
| CVE-2021-44981 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 8.8 High |
| In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(''); function, which allows for privilege escalation by means of RCE. | ||||
| CVE-2021-44978 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 9.8 Critical |
| iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | ||||
| CVE-2021-44892 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | ||||
| CVE-2021-44832 | 6 Apache, Cisco, Debian and 3 more | 31 Log4j, Cloudcenter, Debian Linux and 28 more | 2024-11-21 | 6.6 Medium |
| Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. | ||||
| CVE-2021-44734 | 1 Lexmark | 467 6500e, 6500e Firmware, B2236 and 464 more | 2024-11-21 | 9.8 Critical |
| Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | ||||
| CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | ||||
| CVE-2021-44673 | 1 Croogo | 1 Croogo | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. | ||||
| CVE-2021-44663 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | ||||
| CVE-2021-44652 | 1 Zohocorp | 1 Manageengine O365 Manager Plus | 2024-11-21 | 7.8 High |
| Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component. | ||||
| CVE-2021-44651 | 1 Zohocorp | 2 Log360, Manageengine Cloud Security Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175. | ||||
| CVE-2021-44596 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 9.8 Critical |
| Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges | ||||
| CVE-2021-44593 | 1 Simple College Website Project | 1 Simple College Website | 2024-11-21 | 8.1 High |
| Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | ||||
| CVE-2021-44548 | 2 Apache, Microsoft | 2 Solr, Windows | 2024-11-21 | 9.8 Critical |
| An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. | ||||
| CVE-2021-44537 | 2 Fedoraproject, Owncloud | 2 Fedora, Owncloud Desktop Client | 2024-11-21 | 7.8 High |
| ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | ||||
| CVE-2021-44520 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 8.8 High |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | ||||
| CVE-2021-44519 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 8.8 High |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. | ||||