Export limit exceeded: 20540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10973 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26753 | 1 Nedi | 1 Nedi | 2024-11-21 | 9.9 Critical |
| NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data. | ||||
| CVE-2021-26718 | 1 Kaspersky | 1 Internet Security | 2024-11-21 | 5.5 Medium |
| KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. | ||||
| CVE-2021-26637 | 1 Shinasys | 6 Sihas Acm-300, Sihas Acm-300 Firmware, Sihas Gcm-300 and 3 more | 2024-11-21 | 8.8 High |
| There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device. | ||||
| CVE-2021-26273 | 1 Ninjarmm | 1 Ninjarmm | 2024-11-21 | 7.8 High |
| The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. | ||||
| CVE-2021-26026 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. | ||||
| CVE-2021-26025 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. | ||||
| CVE-2021-25954 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.3 Medium |
| In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint. | ||||
| CVE-2021-25777 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | ||||
| CVE-2021-25774 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 Medium |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | ||||
| CVE-2021-25740 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 3.1 Low |
| A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||||
| CVE-2021-25519 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | ||||
| CVE-2021-25506 | 1 Samsung | 1 Health | 2024-11-21 | 4 Medium |
| Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | ||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2024-11-21 | 7.8 High |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | ||||
| CVE-2021-25410 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | ||||
| CVE-2021-25409 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. | ||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2024-11-21 | 6.5 Medium |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | ||||
| CVE-2021-25356 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | ||||
| CVE-2021-25344 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | ||||
| CVE-2021-25116 | 1 Enqueue Anything Project | 1 Enqueue Anything | 2024-11-21 | 6.5 Medium |
| The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. | ||||
| CVE-2021-25097 | 1 Creativityjuice | 1 Labtools | 2024-11-21 | 6.5 Medium |
| The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication | ||||