| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-26023 | The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.... | | |
| CVE-2021-26024 | The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Ref... | | |
| CVE-2021-26025 | PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation ... | | |
| CVE-2021-26026 | PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation ... | | |
| CVE-2021-26027 | [20210307] - Core - ACL violation within com_content frontend editing | | |
| CVE-2021-26028 | [20210308] - Core - Path Traversal within joomla/archive zip class | | |
| CVE-2021-26029 | [20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field | | |
| CVE-2021-26030 | [20210401] - Core - Escape xss in logo parameter error pages | | |
| CVE-2021-26031 | [20210402] - Core - Inadequate filters on module layout settings | | |
| CVE-2021-26032 | [20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload | | |
| CVE-2021-26033 | [20210502] - Core - CSRF in AJAX reordering endpoint | | |
| CVE-2021-26034 | [20210503] - Core - CSRF in data download endpoints | | |
| CVE-2021-26035 | [20210701] - Core - XSS in JForm Rules field | | |
| CVE-2021-26036 | [20210702] - Core - DoS through usergroup table manipulation | | |
| CVE-2021-26037 | [20210703] - Core - Lack of enforced session termination | | |
| CVE-2021-26038 | [20210704] - Core - Privilege escalation through com_installer | | |
| CVE-2021-26039 | [20210705] - Core - XSS in com_media imagelist | | |
| CVE-2021-26040 | [20210801] - Core - Insufficient access control for com_media deletion endpoint | | |
| CVE-2021-26041 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26042 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26043 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26044 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26045 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26046 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26047 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26048 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26049 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26050 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26051 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26052 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26053 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26054 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26055 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26056 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26057 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26058 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26059 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26061 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26062 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26063 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26064 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26065 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26066 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-26067 | Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace... | | |
| CVE-2021-26068 | An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allow... | S | |
| CVE-2021-26069 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to... | S | |
| CVE-2021-26070 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-th... | | |
| CVE-2021-26071 | The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from versi... | S | |
| CVE-2021-26072 | The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allo... | S | |
| CVE-2021-26073 | Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: At... | | |
| CVE-2021-26074 | Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.... | | |
| CVE-2021-26075 | The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before ve... | S | |
| CVE-2021-26076 | The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before... | S | |
| CVE-2021-26077 | Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from... | E | |
| CVE-2021-26078 | The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from ... | E S | |
| CVE-2021-26079 | The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and f... | S | |
| CVE-2021-26080 | EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version ... | S | |
| CVE-2021-26081 | REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 bef... | S | |
| CVE-2021-26082 | The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6... | S | |
| CVE-2021-26083 | Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version... | S | |
| CVE-2021-26084 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th... | KEV E S | |
| CVE-2021-26085 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources... | KEV E | |
| CVE-2021-26086 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular... | KEV E | |
| CVE-2021-26087 | An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.... | S | |
| CVE-2021-26088 | An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an un... | | |
| CVE-2021-26089 | An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged use... | | |
| CVE-2021-26090 | A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6... | | |
| CVE-2021-26091 | A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator ... | S | |
| CVE-2021-26092 | Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through ... | | |
| CVE-2021-26093 | An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and ear... | S | |
| CVE-2021-26095 | The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through... | | |
| CVE-2021-26096 | Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 m... | | |
| CVE-2021-26097 | An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3... | | |
| CVE-2021-26098 | An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an... | | |
| CVE-2021-26099 | Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may a... | | |
| CVE-2021-26100 | A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may ... | | |
| CVE-2021-26102 | A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versio... | S | |
| CVE-2021-26103 | An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of F... | S | |
| CVE-2021-26104 | Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager... | E | |
| CVE-2021-26105 | A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version ... | S | |
| CVE-2021-26106 | An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's cons... | | |
| CVE-2021-26107 | An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allo... | | |
| CVE-2021-26108 | A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow ... | S | |
| CVE-2021-26109 | An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before ... | S | |
| CVE-2021-26110 | An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6... | | |
| CVE-2021-26111 | A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.... | | |
| CVE-2021-26112 | Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the co... | S | |
| CVE-2021-26113 | A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may... | | |
| CVE-2021-26114 | Multiple improper neutralization of special elements used in an SQL command vulnerabilities in Forti... | S | |
| CVE-2021-26115 | An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Inte... | S | |
| CVE-2021-26116 | An improper neutralization of special elements used in an OS command vulnerability in the command li... | | |
| CVE-2021-26117 | ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind | S | |
| CVE-2021-26118 | Flaw in ActiveMQ Artemis OpenWire support | M | |
| CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sand... | S | |
| CVE-2021-26120 | Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= s... | S | |
| CVE-2021-26122 | LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.... | E | |
| CVE-2021-26123 | LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm.... | E | |
| CVE-2021-26194 | An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_envi... | E S | |
| CVE-2021-26195 | An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number ... | E S | |
| CVE-2021-26197 | An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in m... | E S | |
| CVE-2021-26198 | An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c... | E S | |
| CVE-2021-26199 | An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in... | E S | |
| CVE-2021-26200 | The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the auth... | E | |
| CVE-2021-26201 | The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authenticati... | E | |
| CVE-2021-26215 | SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.... | E | |
| CVE-2021-26216 | SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.... | E | |
| CVE-2021-26220 | The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file... | E | |
| CVE-2021-26221 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file a... | E | |
| CVE-2021-26222 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file a... | E | |
| CVE-2021-26223 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote ... | E | |
| CVE-2021-26224 | Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote at... | E | |
| CVE-2021-26226 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote ... | E | |
| CVE-2021-26227 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 a... | E | |
| CVE-2021-26228 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote ... | E | |
| CVE-2021-26229 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote ... | E | |
| CVE-2021-26230 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 a... | E | |
| CVE-2021-26231 | SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to ex... | E | |
| CVE-2021-26232 | SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers t... | E | |
| CVE-2021-26233 | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bd... | | |
| CVE-2021-26234 | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d8a, trigg... | | |
| CVE-2021-26235 | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation near NULL at 0x005bd... | | |
| CVE-2021-26236 | FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affectin... | E | |
| CVE-2021-26237 | FastStone Image Viewer <= 7.5 is affected by a user mode write access violation at 0x00402d7d, trigg... | | |
| CVE-2021-26246 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-26247 | As an unauthenticated remote user, visit "http:// |