Latest CVE Feed
-
6.1
MEDIUMCVE-2021-41445
A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.... Read more
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-41442
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.4
HIGHCVE-2021-41441
A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, f... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-41436
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gamin... Read more
Affected Products : rt-ax82u_firmware rt-ax55_firmware rt-ax56u_v2_firmware rt-ax88u_firmware zenwifi_ax_\(xt8\)_firmware rt-ax3000_firmware rt-ax56u_firmware rt-ax58u_firmware rt-ax68u_firmware rt-ax86u_firmware +26 more products- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-41435
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, ... Read more
Affected Products : rt-ax82u_firmware rt-ax55_firmware rt-ax56u_v2_firmware rt-ax88u_firmware zenwifi_ax_\(xt8\)_firmware rt-ax3000_firmware rt-ax56u_firmware rt-ax58u_firmware rt-ax68u_firmware rt-ax86u_firmware +26 more products- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-41432
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.... Read more
Affected Products : flatpress- Published: Jun. 23, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-41427
Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.... Read more
- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-41426
Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.... Read more
- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-41421
A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel.... Read more
Affected Products : maianaffiliate- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-41420
A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.... Read more
Affected Products : maianaffiliate- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41419
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.... Read more
- Published: Jul. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41418
AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulnerability through not authenticating visitors' access rights.... Read more
Affected Products : ariang- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-41415
Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter.... Read more
Affected Products : subscription-manager- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-41413
ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB.... Read more
Affected Products : ok-file-formats- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41411
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.... Read more
Affected Products : drools- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.... Read more
Affected Products : voipmonitor- Published: Jun. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41403
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.... Read more
Affected Products : flatcore-cms- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-41402
flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.... Read more
Affected Products : flatcore-cms- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-41396
Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS ... Read more
Affected Products : live555- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-41395
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.... Read more
Affected Products : teleport- Published: Sep. 18, 2021
- Modified: Nov. 21, 2024