Export limit exceeded: 365502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86482 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25994 1 Userfrosting 1 Userfrosting 2024-11-21 8.8 High
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.
CVE-2021-25962 1 Shuup 1 Shuup 2024-11-21 8 High
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.
CVE-2021-25961 1 Salesagility 1 Suitecrm 2024-11-21 8 High
In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
CVE-2021-25960 1 Salesagility 1 Suitecrm 2024-11-21 8 High
In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.
CVE-2021-25957 1 Dolibarr 1 Dolibarr 2024-11-21 8.8 High
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.
CVE-2021-25951 1 Xml2dict Project 1 Xml2dict 2024-11-21 7.5 High
XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service.
CVE-2021-25924 1 Thoughtworks 1 Gocd 2024-11-21 8.8 High
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field.
CVE-2021-25923 1 Open-emr 1 Openemr 2024-11-21 8.1 High
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
CVE-2021-25910 1 Zivautomation 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware 2024-11-21 8 High
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.
CVE-2021-25909 1 Zivautomation 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware 2024-11-21 8.6 High
ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.
CVE-2021-25908 1 Fil-ocl Project 1 Fil-ocl 2024-11-21 7.5 High
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.
CVE-2021-25906 1 Basic Dsp Matrix Project 1 Basic Dsp Matrix 2024-11-21 7.5 High
An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
CVE-2021-25904 1 Av-data Project 1 Av-data 2024-11-21 7.5 High
An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.
CVE-2021-25903 1 Cache Project 1 Cache 2024-11-21 7.5 High
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.
CVE-2021-25902 1 Glsl-layout Project 1 Glsl-layout 2024-11-21 7.5 High
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.
CVE-2021-25899 1 Void 1 Aurall Rec Monitor 2024-11-21 7.5 High
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
CVE-2021-25898 1 Void 1 Aural Rec Monitor 2024-11-21 7.5 High
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
CVE-2021-25877 1 Youphptube 1 Youphptube 2024-11-21 7.2 High
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
CVE-2021-25874 1 Youphptube 1 Youphptube 2024-11-21 7.5 High
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
CVE-2021-25864 1 Dgtl 1 Huemagic 2024-11-21 7.5 High
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.