CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-26228 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26229 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26230 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-26698 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-26699 OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-29657 arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756... | 7.4 | HIGH | β | 0 |
| CVE-2021-33478 The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execut... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-37402 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-37403 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-34262 A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | 6.8 | MEDIUM | β | 0 |
| CVE-2015-2098 Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in ... | 8.8 | HIGH | β | 0 |
| CVE-2015-2099 Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1... | 8.8 | HIGH | β | 0 |
| CVE-2015-2100 Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 fun... | 8.8 | HIGH | β | 0 |
| CVE-2020-36033 SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25197 Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-25202 SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26226 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33032 A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows re... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-35063 Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." | 7.5 | HIGH | β | 0 |
| CVE-2021-36222 ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference a... | 7.5 | HIGH | β | 0 |
| CVE-2020-7387 Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnera... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-27332 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-7388 Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploi... | 10.0 | CRITICAL | β | 0 |
| CVE-2020-7389 Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configurat... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-7390 Sage X3 Stored XSS Vulnerability on βEditβ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component.... | 4.6 | MEDIUM | β | 0 |
| CVE-2021-25210 Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25212 SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31579 Akkadian Provisioning Manager Engine (PME) ships with a hard-coded credential, akkadianuser:haakkadianpassword. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Prov... | 8.2 | HIGH | β | 0 |
| CVE-2021-31580 The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution para... | 8.7 | HIGH | β | 0 |
| CVE-2021-31581 The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which... | 7.9 | HIGH | β | 0 |
| CVE-2021-3619 Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executab... | 3.5 | LOW | β | 0 |
| CVE-2021-3198 By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-3540 By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-22283 A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a craf... | 7.5 | HIGH | β | 0 |
| CVE-2020-22284 A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6L... | 7.5 | HIGH | β | 0 |
| CVE-2021-25205 SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php . | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25209 SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php . | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25211 Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25213 SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34259 A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | 6.8 | MEDIUM | β | 0 |
| CVE-2021-34267 An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoin... | 4.6 | MEDIUM | β | 0 |
| CVE-2021-34268 An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. | 4.6 | MEDIUM | β | 0 |
| CVE-2021-32785 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Wh... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32786 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-24036 Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14032 ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26799 Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20333 Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25207 Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25201 SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.