CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-31497 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ... | 7.8 | HIGH | — | 0 |
| CVE-2021-31498 This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability ... | 3.3 | LOW | — | 0 |
| CVE-2021-31499 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ... | 7.8 | HIGH | — | 0 |
| CVE-2021-31500 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that ... | 7.8 | HIGH | — | 0 |
| CVE-2021-31501 This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability ... | 3.3 | LOW | — | 0 |
| CVE-2021-31502 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in... | 7.8 | HIGH | — | 0 |
| CVE-2020-21316 A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname ... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-29214 SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-29215 A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-5000 IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-7864 Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. | 7.8 | HIGH | — | 0 |
| CVE-2021-23395 This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. | 7.3 | HIGH | — | 0 |
| CVE-2021-27388 SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condi... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-32683 wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open a... | 8.8 | HIGH | — | 0 |
| CVE-2021-33622 Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-33887 Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootload... | 6.8 | MEDIUM | — | 0 |
| CVE-2021-34128 LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../... | 8.8 | HIGH | — | 0 |
| CVE-2021-34129 LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion i... | 8.1 | HIGH | — | 0 |
| CVE-2021-34170 Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27481 ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-3592 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is sm... | 3.8 | LOW | — | 0 |
| CVE-2021-3593 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is sma... | 3.8 | LOW | — | 0 |
| CVE-2021-3594 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smal... | 3.8 | LOW | — | 0 |
| CVE-2021-3595 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is sma... | 3.8 | LOW | — | 0 |
| CVE-2021-24037 A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScrip... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-28857 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | 7.5 | HIGH | — | 0 |
| CVE-2021-28858 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-30544 Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30545 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30546 Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30547 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30548 Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30549 Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTM... | 8.8 | HIGH | — | 0 |
| CVE-2021-30550 Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted H... | 8.8 | HIGH | — | 0 |
| CVE-2021-30552 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML... | 8.8 | HIGH | — | 0 |
| CVE-2021-30553 Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-32623 Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to eas... | 8.1 | HIGH | — | 0 |
| CVE-2021-32676 Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie aft... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-32685 tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWi... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-3535 Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-28815 Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by acces... | 6.0 | MEDIUM | — | 0 |
| CVE-2020-9493 A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-21441 There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially... | 7.5 | HIGH | — | 0 |
| CVE-2021-20093 A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Ru... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-20094 A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server. | 7.5 | HIGH | — | 0 |
| CVE-2021-27487 ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-27489 ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands. | 8.8 | HIGH | — | 0 |
| CVE-2021-28979 SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to retu... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-30468 A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CP... | 7.5 | HIGH | — | 0 |
| CVE-2021-32033 Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from ... | 4.6 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.