| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-41000 | Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command l... | | |
| CVE-2021-41001 | An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics ... | | |
| CVE-2021-41002 | Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command l... | | |
| CVE-2021-41003 | Multiple unauthenticated command injection vulnerabilities were discovered in the AOS-CX API interfa... | | |
| CVE-2021-41004 | A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware be... | M | |
| CVE-2021-41005 | A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware be... | M | |
| CVE-2021-41006 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2021-41007 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2021-41008 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2021-41009 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2021-41010 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2021-41011 | LINE client for iOS before 11.15.0 might expose authentication information for a certain service to ... | | |
| CVE-2021-41013 | An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 a... | S | |
| CVE-2021-41014 | A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below a... | S | |
| CVE-2021-41015 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2021-41016 | A improper neutralization of special elements used in a command ('command injection') in Fortinet Fo... | | |
| CVE-2021-41017 | Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6... | S | |
| CVE-2021-41018 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | | |
| CVE-2021-41019 | An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions... | | |
| CVE-2021-41020 | An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may all... | | |
| CVE-2021-41021 | A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may al... | S | |
| CVE-2021-41022 | A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows a... | | |
| CVE-2021-41023 | A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below all... | | |
| CVE-2021-41024 | A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy ... | S | |
| CVE-2021-41025 | Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0,... | S | |
| CVE-2021-41026 | A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an a... | | |
| CVE-2021-41027 | A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated ... | S | |
| CVE-2021-41028 | A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0... | | |
| CVE-2021-41029 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2021-41030 | An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1... | S | |
| CVE-2021-41031 | A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior... | S | |
| CVE-2021-41032 | An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and... | | |
| CVE-2021-41033 | In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installat... | | |
| CVE-2021-41034 | The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an un... | | |
| CVE-2021-41035 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles... | S | |
| CVE-2021-41036 | In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size i... | S | |
| CVE-2021-41037 | In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local m... | S | |
| CVE-2021-41038 | In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents ca... | E S | |
| CVE-2021-41039 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of ... | E S | |
| CVE-2021-41040 | In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not proper... | E S | |
| CVE-2021-41041 | In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during byt... | S | |
| CVE-2021-41042 | In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that d... | E | |
| CVE-2021-41043 | Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.... | E | |
| CVE-2021-41054 | tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not prop... | E S | |
| CVE-2021-41055 | Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via ... | E | |
| CVE-2021-41057 | In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite th... | M | |
| CVE-2021-41061 | In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows a... | E | |
| CVE-2021-41063 | SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 tha... | | |
| CVE-2021-41064 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41065 | An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryServi... | | |
| CVE-2021-41066 | An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ... | | |
| CVE-2021-41067 | An issue was discovered in Listary through 6. Improper implementation of the update process leads to... | | |
| CVE-2021-41070 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41071 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41072 | squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulne... | E S | |
| CVE-2021-41073 | loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain pri... | S | |
| CVE-2021-41075 | The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in t... | | |
| CVE-2021-41076 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41077 | The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret... | | |
| CVE-2021-41078 | Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the... | E | |
| CVE-2021-41079 | Apache Tomcat DoS with unexpected TLS packet | | |
| CVE-2021-41080 | Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a ... | | |
| CVE-2021-41081 | Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a ... | | |
| CVE-2021-41082 | Private message title and participating users leaked in discourse | S | |
| CVE-2021-41083 | CSRF Vulnerability in dada-mail 11.15.1 and below | S | |
| CVE-2021-41084 | Response Splitting from unsanitized headers in http4s | E S | |
| CVE-2021-41086 | Clipboard-based XSS in jsuites | S | |
| CVE-2021-41087 | Improperly Implemented path matching for in-toto-golang | S | |
| CVE-2021-41088 | Remote code execution via the web UI backend of Elvish | S | |
| CVE-2021-41089 | `docker cp` allows unexpected chmod of host files | S | |
| CVE-2021-41090 | Instance config inline secret exposure | S | |
| CVE-2021-41091 | Insufficiently restricted permissions on data directory in Docker Engine | S | |
| CVE-2021-41092 | Docker CLI leaks private registry credentials to registry-1.docker.io | S | |
| CVE-2021-41093 | Account takeover when having only access to a user's short lived token | S | |
| CVE-2021-41094 | Mandatory encryption at rest can be bypassed (UI) in Wire app | S | |
| CVE-2021-41095 | XSS via blocked watched word in error message | S | |
| CVE-2021-41096 | Use of a Broken or Risky Cryptographic Algorithm in com.mayank.rucky | S | |
| CVE-2021-41097 | Prototype pollution in aurelia-path | E S | |
| CVE-2021-41098 | Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby | S | |
| CVE-2021-41099 | Integer overflow issue with strings in Redis | S | |
| CVE-2021-41100 | Account takeover when having only access to a user's short lived token in wire-server | M | |
| CVE-2021-41101 | CORS `Access-Control-Allow-Origin` settings are too lenient | | |
| CVE-2021-41103 | Insufficiently restricted permissions on plugin directories | S | |
| CVE-2021-41104 | web_server allows OTA update without checking user defined basic auth username & password | S | |
| CVE-2021-41105 | FreeSWITCH susceptible to Denial of Service via invalid SRTP packets | E | |
| CVE-2021-41106 | File reference keys leads to incorrect hashes on HMAC algorithms | S | |
| CVE-2021-41109 | LiveQuery publishes user session tokens | S | |
| CVE-2021-41110 | CWL Viewer: deserialization of untrusted data can lead to complete takeover by an attacker | E S | |
| CVE-2021-41111 | Authorization Bypass Through User-Controlled Key in Rundeck | S | |
| CVE-2021-41112 | Missing Authorization in Rundeck | | |
| CVE-2021-41113 | Cross-Site-Request-Forgery in Backend URI Handling in Typo3 | S | |
| CVE-2021-41114 | HTTP Host Header Injection in Request Handling in Typo3 | S | |
| CVE-2021-41115 | Regular expression denial-of-service in Zulip | E S | |
| CVE-2021-41116 | Command injection in composer on Windows | S | |
| CVE-2021-41117 | Insecure random number generation | E S | |
| CVE-2021-41118 | ReDoS in DynamicPageList3 | S | |
| CVE-2021-41119 | DoS vulnerabiliity in wire-server json parser | E | |
| CVE-2021-41120 | Unauthorized access to Credit card form in sylius/paypal-plugin | S | |
| CVE-2021-41121 | Memory corruption in Vyper | S | |
| CVE-2021-41122 | Bounds check missing for decimal args in Vyper | E | |
| CVE-2021-41123 | Exposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dll | S | |
| CVE-2021-41124 | Splash authentication credentials potentially leaked to target websites in scrapy-splash | S | |
| CVE-2021-41125 | HTTP authentication credential leak to target websites in scrapy | S | |
| CVE-2021-41126 | Deleted Admin Can Sign In to Admin Interface | | |
| CVE-2021-41127 | Maliciously Crafted Model Archive Can Lead To Arbitrary File Write in rasa | S | |
| CVE-2021-41128 | CSV Injection Vulnerability in Hygeia | S | |
| CVE-2021-41129 | Authentication bypass in Pterodactyl | S | |
| CVE-2021-41130 | X-Endpoint-API-UserInfo can be spoofed in cloudendpoints Extensible Service Proxy | S | |
| CVE-2021-41131 | Client metadata path-traversal in python-tuf | S | |
| CVE-2021-41132 | Inconsistent input sanitisation leads to XSS vectors | S | |
| CVE-2021-41133 | Sandbox bypass via recent VFS-manipulating syscalls | S | |
| CVE-2021-41134 | Stored XSS in Jupyter nbdime | S | |
| CVE-2021-41135 | Authz Module Non-Determinism | E S | |
| CVE-2021-41136 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma | S | |
| CVE-2021-41137 | Bypassing policy restrictions on regular users | S | |
| CVE-2021-41138 | Validity check for signed Frontier-specific extrinsic not called in block execution | S | |
| CVE-2021-41139 | Reflected XSS vulnerability in time.php | S | |
| CVE-2021-41140 | Reactions leak for secure category topics and private messages | S | |
| CVE-2021-41141 | Missing release of locks in PJSIP | S | |
| CVE-2021-41142 | XSS via the name of a deleted attachment | S | |
| CVE-2021-41143 | OpenMage LTS arbitrary file deletion in customer media allows for remote code execution | S | |
| CVE-2021-41144 | OpenMage LTS authenticated remote code execution through layout update | S | |
| CVE-2021-41145 | FreeSWITCH susceptible to Denial of Service via SIP flooding | E | |
| CVE-2021-41146 | Arbitrary command execution on Windows in qutebrowser | S | |
| CVE-2021-41147 | SQL injection in the planning edition panel | E S | |
| CVE-2021-41148 | The update of the CI job targeted by a widget is vulnerable to blind SQL injections | S | |
| CVE-2021-41149 | Improper sanitization of target names in tough | S | |
| CVE-2021-41150 | Improper sanitization of delegated role names in tough | S | |
| CVE-2021-41151 | Path Traversal in @backstage/plugin-scaffolder-backend | S | |
| CVE-2021-41152 | Path Traversal in Folder Component Leading to Local File Inclusion | S | |
| CVE-2021-41153 | Specification non-compliance in JUMPI | S | |
| CVE-2021-41154 | SQL injection in the "SVN core" commits browser | S | |
| CVE-2021-41155 | SQL injection in CVS revisions browser | S | |
| CVE-2021-41156 | Reflected XSS vulnerability | | |
| CVE-2021-41157 | FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default | E S | |
| CVE-2021-41158 | FreeSWITCH vulnerable to SIP digest leak for configured gateways | E S | |
| CVE-2021-41159 | Improper client input validation for FreeRDP gateway connections allows to overwrite memory | | |
| CVE-2021-41160 | Improper region checks in FreeRDP allow out of bound write to memory | | |
| CVE-2021-41161 | XSS in csvimport in 3.0.0-beta versions | S | |
| CVE-2021-41162 | Cross-site Scripting in Combodo iTop | S | |
| CVE-2021-41163 | RCE via malicious SNS subscription payload | S | |
| CVE-2021-41164 | Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML | S | |
| CVE-2021-41165 | HTML comments vulnerability allowing to execute JavaScript code | S | |
| CVE-2021-41166 | Permission bypass in Nextcloud Android App | S | |
| CVE-2021-41167 | Unlimited requests in modern-async | E S | |
| CVE-2021-41168 | Hash-Collision Denial-of-Service Vulnerability in snudown | E S | |
| CVE-2021-41169 | Improper Neutralization HTML tags in sulu/sulu | S | |
| CVE-2021-41170 | Evaluation of closures can lead to execution of methods & functions in current program scope | S | |
| CVE-2021-41171 | Bypass bruteforce protection on login form in elabftw | E S | |
| CVE-2021-41172 | Self-XSS in AS_Redis | E | |
| CVE-2021-41173 | DoS via maliciously crafted p2p message | S | |
| CVE-2021-41174 | XSS vulnerability allowing arbitrary JavaScript execution | S | |
| CVE-2021-41175 | Stored XSS in Client Groups Management (Authenticated) | E S | |
| CVE-2021-41176 | logout CSRF in Pterodactyl Panel | S | |
| CVE-2021-41177 | Rate-limits not working on instances without configured memory cache backend | S | |
| CVE-2021-41178 | File Traversal affecting SVG files on Nextcloud Server | S | |
| CVE-2021-41179 | Two-Factor Authentication not enforced for pages marked as public | S | |
| CVE-2021-41180 | Geolocation preview links can be set to arbitrary links in nextcloud talk | E S | |
| CVE-2021-41181 | Nextcloud Talk app exposes chat messages on lockscreen | S | |
| CVE-2021-41182 | XSS in the `altField` option of the Datepicker widget | E S | |
| CVE-2021-41183 | XSS in `*Text` options of the Datepicker widget | E S | |
| CVE-2021-41184 | XSS in the `of` option of the `.position()` util | S | |
| CVE-2021-41185 | Download file outside intended directory | S | |
| CVE-2021-41186 | ReDoS vulnerability in parser_apache2 | | |
| CVE-2021-41187 | SQL Injection in DHIS2 Tracker API | | |
| CVE-2021-41188 | Authenticated Stored XSS in Administration | S | |
| CVE-2021-41189 | Communities and collections administrators can escalate their privilege up to system administrator | E S | |
| CVE-2021-41190 | Clarify Content-Type handling in OCI spec | S | |
| CVE-2021-41191 | API giving out files without key | S | |
| CVE-2021-41192 | Insecure default configuration | E S | |
| CVE-2021-41193 | Use of Externally-Controlled Format String in wire-avs | S | |
| CVE-2021-41194 | Improper Access Control in jupyterhub-firstuseauthenticator | S | |
| CVE-2021-41195 | Crash in `tf.math.segment_*` operations | E S | |
| CVE-2021-41196 | Crash in `max_pool3d` when size argument is 0 or negative | E S | |
| CVE-2021-41197 | Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes | E S | |
| CVE-2021-41198 | Overflow/crash in `tf.tile` when tiling tensor is large | E S | |
| CVE-2021-41199 | Overflow/crash in `tf.image.resize` when size is large | E S | |
| CVE-2021-41200 | Incomplete validation in `tf.summary.create_file_writer` | E S | |
| CVE-2021-41201 | Unitialized access in `EinsumHelper::ParseEquation` | E S | |
| CVE-2021-41202 | Overflow/crash in `tf.range` | S | |
| CVE-2021-41203 | Missing validation during checkpoint loading | S | |
| CVE-2021-41204 | Segfault while copying constant resource tensor | | |
| CVE-2021-41205 | Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops | S | |
| CVE-2021-41206 | Incomplete validation of shapes in multiple TF ops | S | |
| CVE-2021-41207 | Division by zero in `ParallelConcat` | S | |
| CVE-2021-41208 | Incomplete validation in boosted trees code | S | |
| CVE-2021-41209 | FPE in convolutions with zero size filters | S | |
| CVE-2021-41210 | Heap OOB read in `tf.raw_ops.SparseCountSparseOutput` | S | |
| CVE-2021-41211 | Heap OOB read in shape inference for `QuantizeV2` | E S | |
| CVE-2021-41212 | Heap OOB read in `tf.ragged.cross` | E S | |
| CVE-2021-41213 | Deadlock in mutually recursive `tf.function` objects | S | |
| CVE-2021-41214 | Reference binding to `nullptr` in `tf.ragged.cross` | E S | |
| CVE-2021-41215 | Null pointer exception in `DeserializeSparse` | E S | |
| CVE-2021-41216 | Heap buffer overflow in `Transpose` | S | |
| CVE-2021-41217 | Null pointer exception when `Exit` node is not preceded by `Enter` op | E S | |
| CVE-2021-41218 | Integer division by 0 in `tf.raw_ops.AllToAll` | S | |
| CVE-2021-41219 | Undefined behavior via `nullptr` reference binding in sparse matrix multiplication | E S | |
| CVE-2021-41220 | Use after free in `CollectiveReduceV2` | E S | |
| CVE-2021-41221 | Access to invalid memory during shape inference in `Cudnn*` ops | E S | |
| CVE-2021-41222 | Segfault due to negative splits in `SplitV` | E S | |
| CVE-2021-41223 | Heap OOB read in `FusedBatchNorm` kernels | E S | |
| CVE-2021-41224 | `SparseFillEmptyRows` heap OOB read | E S | |
| CVE-2021-41225 | A use of uninitialized value vulnerability in Tensorflow | E S | |
| CVE-2021-41226 | Heap OOB read in `SparseBinCount` | E S | |
| CVE-2021-41227 | Arbitrary memory read in `ImmutableConst` | E S | |
| CVE-2021-41228 | Code injection in `saved_model_cli` | E S | |
| CVE-2021-41229 | Memory leak in BlueZ | E | |
| CVE-2021-41230 | OIDC claims not updated from Identity Provider in Pomerium | S | |
| CVE-2021-41231 | OpenMage LTS DataFlow upload remote code execution vulnerability | S | |
| CVE-2021-41232 | Improper Neutralization of Special Elements used in an LDAP Query | S | |
| CVE-2021-41233 | Missing authorization in Nextcloud text | S | |
| CVE-2021-41236 | XSS vulnerability in oro/platform | S | |
| CVE-2021-41238 | Missing Authorization with Default Settings in Dashboard UI | | |
| CVE-2021-41239 | User enumeration setting not respected in Nextcloud server | S | |
| CVE-2021-41241 | Advanced permissions is not respected for subfolders in Nextcloud server | S | |
| CVE-2021-41242 | Path Traversal in some REST methods leading to file upload to arbitrary places | S | |
| CVE-2021-41243 | OS Command Injection Vulnerability and Potential Zip Slip Vulnerability | S | |
| CVE-2021-41244 | Cross organization admin control in Grafana | | |
| CVE-2021-41245 | Possible Cross-Site Request Forgery in Combodo iTop | E S | |
| CVE-2021-41246 | Session fixation in express-openid-connect | S | |
| CVE-2021-41247 | incomplete logout in JupyterHub | S | |
| CVE-2021-41248 | XSS vulnerability in GraphiQL | S | |
| CVE-2021-41249 | XSS vulnerability in GraphQL Playground | S | |
| CVE-2021-41250 | Presence of non-blacklisted URL bypasses all other filters | S | |
| CVE-2021-41251 | Possibility to elevate privileges or get unauthorized access to data | E S | |
| CVE-2021-41252 | Cross-site scripting (XSS) from writer field content in the site frontend | S | |
| CVE-2021-41253 | Possible heap buffer overflow when using zycore string functions in formatter hooks | E S | |
| CVE-2021-41254 | Privilege escalation to cluster admin on multi-tenant environments | E M | |
| CVE-2021-41256 | Intent URI permissions manipulation in nextcloud news-android | E S | |
| CVE-2021-41258 | Cross-site scripting (XSS) from image block content in the site frontend | S | |
| CVE-2021-41259 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been re... | R | |
| CVE-2021-41260 | Missing CSRF checks in Galette | S | |
| CVE-2021-41261 | Stored Cross-site Scripting in Galette | S | |
| CVE-2021-41262 | SQL Injection in Galette | S | |
| CVE-2021-41263 | Secure/signed cookies share secrets between sites in rails_multisite | S | |
| CVE-2021-41264 | UUPSUpgradeable vulnerability in OpenZeppelin Contracts | S | |
| CVE-2021-41265 | Improper Authentication in Flask-AppBuilder | S | |
| CVE-2021-41266 | Authentication bypass issue in the Operator Console | E S | |
| CVE-2021-41267 | Webcache Poisoning in Symfony | S | |
| CVE-2021-41268 | Cookie persistence in Symfony | S | |
| CVE-2021-41269 | Unauthenticated remote code injection in cron-utils | E S | |
| CVE-2021-41270 | CSV Injection in Symfony | S | |
| CVE-2021-41271 | Cache poisoning via maliciously-formed request in discourse | S | |
| CVE-2021-41272 | SHL, SHR, and SAR operations trigger native exception at key values in besu | S | |
| CVE-2021-41273 | Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys | S | |
| CVE-2021-41274 | Authentication Bypass by CSRF Weakness | E S | |
| CVE-2021-41275 | Authentication Bypass by CSRF Weakness | S | |
| CVE-2021-41276 | Indirect LDAP injection in Tuleap | S | |
| CVE-2021-41277 | GeoJSON URL validation can expose server files and environment variables to unauthorized users | KEV S | |
| CVE-2021-41278 | Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors | S | |
| CVE-2021-41279 | Zip Slip Vulnerability in BaserCMS | S | |
| CVE-2021-41280 | OS command injection in Sharetribe Go | S | |
| CVE-2021-41281 | Path traversal in Matrix Synapse | S | |
| CVE-2021-41282 | diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be a... | E | |
| CVE-2021-41285 | Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver... | E | |
| CVE-2021-41286 | Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user... | | |
| CVE-2021-41288 | Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReport... | | |
| CVE-2021-41289 | ASUS P453UJ - Improper Restriction of Operations within the Bounds of a Memory Buffer | S | |
| CVE-2021-41290 | ECOA BAS controller - Path Traversal-1 | S | |
| CVE-2021-41291 | ECOA BAS controller - Path Traversal-1 | S | |
| CVE-2021-41292 | ECOA BAS controller - Broken Authentication | S | |
| CVE-2021-41293 | ECOA BAS controller - Path Traversal-3 | S | |
| CVE-2021-41294 | ECOA BAS controller - Path Traversal-4 | S | |
| CVE-2021-41295 | ECOA BAS controller - Cross-Site Request Forgery (CSRF) | S | |
| CVE-2021-41296 | ECOA BAS controller - Weak Password Requirements | S | |
| CVE-2021-41297 | ECOA BAS controller - Insufficiently Protected Credentials-1 | S | |
| CVE-2021-41298 | ECOA BAS controller - Improper Access Control | S | |
| CVE-2021-41299 | ECOA BAS controller - Use of Hard-coded Credentials | S | |
| CVE-2021-41300 | ECOA BAS controller - Insufficiently Protected Credentials-2 | S | |
| CVE-2021-41301 | ECOA BAS controller - Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2021-41302 | ECOA BAS controller - Missing Encryption of Sensitive Data | S | |
| CVE-2021-41303 | Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass | S | |
| CVE-2021-41304 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to injec... | S | |
| CVE-2021-41305 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view ... | S | |
| CVE-2021-41306 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view ... | S | |
| CVE-2021-41307 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to... | S | |
| CVE-2021-41308 | Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator... | S | |
| CVE-2021-41309 | Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Servi... | | |
| CVE-2021-41310 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to injec... | | |
| CVE-2021-41311 | Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an adminis... | | |
| CVE-2021-41312 | Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their... | S | |
| CVE-2021-41313 | Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote ... | | |
| CVE-2021-41314 | Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which ... | E | |
| CVE-2021-41315 | The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity ... | | |
| CVE-2021-41316 | The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utili... | | |
| CVE-2021-41317 | XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths... | S | |
| CVE-2021-41318 | In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanit... | E | |
| CVE-2021-41320 | A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with high... | | |
| CVE-2021-41322 | Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST ... | E | |
| CVE-2021-41323 | Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users t... | | |
| CVE-2021-41324 | Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authen... | | |
| CVE-2021-41325 | Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create... | | |
| CVE-2021-41326 | In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in ... | S | |
| CVE-2021-41329 | Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see qu... | E | |
| CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | S | |
| CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability | S | |
| CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability | S | |
| CVE-2021-41333 | Windows Print Spooler Elevation of Privilege Vulnerability | S | |
| CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability | S | |
| CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability | S | |
| CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | S | |
| CVE-2021-41339 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | S | |
| CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability | S | |
| CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability | S | |
| CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | S | |
| CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability | S | |
| CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability | S | |
| CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | S | |
| CVE-2021-41348 | Microsoft Exchange Server Elevation of Privilege Vulnerability | S | |
| CVE-2021-41349 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2021-41351 | Microsoft Edge (Chrome based) Spoofing on IE Mode | S | |
| CVE-2021-41352 | SCOM Information Disclosure Vulnerability | S | |
| CVE-2021-41353 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | S | |
| CVE-2021-41354 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | S | |
| CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability | S | |
| CVE-2021-41356 | Windows Denial of Service Vulnerability | S | |
| CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-41360 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability | S | |
| CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability | S | |
| CVE-2021-41365 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2021-41366 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | S | |
| CVE-2021-41367 | NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2021-41368 | Microsoft Access Remote Code Execution Vulnerability | S | |
| CVE-2021-41370 | NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2021-41371 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | S | |
| CVE-2021-41372 | Power BI Report Server Spoofing Vulnerability | S | |
| CVE-2021-41373 | FSLogix Information Disclosure Vulnerability | S | |
| CVE-2021-41374 | Azure Sphere Information Disclosure Vulnerability | S | |
| CVE-2021-41375 | Azure Sphere Information Disclosure Vulnerability | S | |
| CVE-2021-41376 | Azure Sphere Information Disclosure Vulnerability | S | |
| CVE-2021-41377 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-41378 | Windows NTFS Remote Code Execution Vulnerability | S | |
| CVE-2021-41379 | Windows Installer Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-41380 | RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) v... | E | |
| CVE-2021-41381 | Payara Micro Community 5.2021.6 and below allows Directory Traversal.... | E | |
| CVE-2021-41382 | Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.... | E | |
| CVE-2021-41383 | setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via ... | E | |
| CVE-2021-41385 | The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenti... | | |
| CVE-2021-41387 | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may ... | | |
| CVE-2021-41388 | Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. Th... | S | |
| CVE-2021-41390 | In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Man... | E | |
| CVE-2021-41391 | In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Manag... | E | |
| CVE-2021-41392 | static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attack... | E | |
| CVE-2021-41393 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of ... | S | |
| CVE-2021-41394 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration ... | S | |
| CVE-2021-41395 | Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string... | S | |
| CVE-2021-41396 | Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket c... | E | |
| CVE-2021-41402 | flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user exec... | E | |
| CVE-2021-41403 | flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabil... | E S | |
| CVE-2021-41408 | VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and ... | E | |
| CVE-2021-41411 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.jav... | S | |
| CVE-2021-41413 | ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_graysc... | E | |
| CVE-2021-41415 | Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDeta... | E | |
| CVE-2021-41418 | AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulnerability through not authentica... | E | |
| CVE-2021-41419 | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.... | E | |
| CVE-2021-41420 | A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary Ja... | E | |
| CVE-2021-41421 | A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain ... | E | |
| CVE-2021-41426 | Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.... | E | |
| CVE-2021-41427 | Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to... | E | |
| CVE-2021-41428 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41432 | A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrar... | E | |
| CVE-2021-41433 | SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Webs... | E | |
| CVE-2021-41434 | A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management Sy... | E | |
| CVE-2021-41435 | A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-... | | |
| CVE-2021-41436 | An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-... | | |
| CVE-2021-41437 | An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allo... | S | |
| CVE-2021-41438 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41439 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41441 | A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unaut... | S | |
| CVE-2021-41442 | An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a ... | | |
| CVE-2021-41445 | A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Bet... | S | |
| CVE-2021-41446 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41449 | A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.1... | | |
| CVE-2021-41450 | An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated ... | | |
| CVE-2021-41451 | A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 ... | | |
| CVE-2021-41452 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41453 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41454 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41456 | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send... | E | |
| CVE-2021-41457 | There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing w... | E | |
| CVE-2021-41458 | In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a d... | E | |
| CVE-2021-41459 | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send... | E | |
| CVE-2021-41460 | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitiv... | | |
| CVE-2021-41461 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy... | E | |
| CVE-2021-41462 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy... | E | |
| CVE-2021-41463 | Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combi... | E | |
| CVE-2021-41464 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy... | E | |
| CVE-2021-41465 | Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-lega... | E | |
| CVE-2021-41467 | Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0... | | |
| CVE-2021-41471 | SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom... | E | |
| CVE-2021-41472 | SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attac... | E | |
| CVE-2021-41487 | NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.... | E | |
| CVE-2021-41490 | Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.... | E | |
| CVE-2021-41492 | Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 vi... | E | |
| CVE-2021-41495 | Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_Des... | E | |
| CVE-2021-41496 | Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows at... | E S | |
| CVE-2021-41497 | Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 a... | E | |
| CVE-2021-41498 | Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allo... | E | |
| CVE-2021-41499 | Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug functio... | E | |
| CVE-2021-41500 | Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmo... | E S | |
| CVE-2021-41502 | An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerabi... | E | |
| CVE-2021-41503 | DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the... | | |
| CVE-2021-41504 | An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use ... | | |
| CVE-2021-41506 | Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2,... | E | |
| CVE-2021-41511 | The username and password field of login in Lodging Reservation Management System V1 can give access... | E | |
| CVE-2021-41524 | null pointer dereference in h2 fuzzing | S | |
| CVE-2021-41525 | An issue related to modification of otherwise restricted files through a locally authenticated attac... | | |
| CVE-2021-41526 | A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom act... | | |
| CVE-2021-41527 | 2FA bypass on the RISC Platform | | |
| CVE-2021-41528 | Improper authorization related to Import / Export interfaces on RISC Platform | | |
| CVE-2021-41530 | Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to ... | M | |
| CVE-2021-41531 | Invalid RPKI data could disable Route Origin Validation on RTR clients. | | |
| CVE-2021-41532 | Unauthenticated access to Ozone Recon HTTP endpoints | M | |
| CVE-2021-41533 | A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All... | S | |
| CVE-2021-41534 | A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All... | S | |
| CVE-2021-41535 | A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (A... | S | |
| CVE-2021-41536 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected ap... | S | |
| CVE-2021-41537 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected ap... | S | |
| CVE-2021-41538 | A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (A... | S | |
| CVE-2021-41539 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected ap... | S | |
| CVE-2021-41540 | A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected ap... | S | |
| CVE-2021-41541 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climati... | S | |
| CVE-2021-41542 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climati... | S | |
| CVE-2021-41543 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climati... | S | |
| CVE-2021-41544 | A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijackin... | | |
| CVE-2021-41545 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (Al... | | |
| CVE-2021-41546 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX ... | | |
| CVE-2021-41547 | A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Te... | S | |
| CVE-2021-41550 | Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.... | | |
| CVE-2021-41551 | Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks b... | | |
| CVE-2021-41552 | CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.... | | |
| CVE-2021-41553 | In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axv... | | |
| CVE-2021-41554 | ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access... | | |
| CVE-2021-41555 | In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall... | | |
| CVE-2021-41556 | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core ... | E S | |
| CVE-2021-41557 | Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker ... | E | |
| CVE-2021-41558 | The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_... | | |
| CVE-2021-41559 | Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enable... | | |
| CVE-2021-41560 | OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable ... | E S | |
| CVE-2021-41561 | Apache Parquet-MR potential DoS in case of malicious Parquet file | M | |
| CVE-2021-41562 | Deletion of arbitrary files vulnerability in Snow Agent for Windows | S | |
| CVE-2021-41563 | Tad Book3 - Stored XSS | S | |
| CVE-2021-41564 | Tad Honor - Improper Authorization | S | |
| CVE-2021-41565 | Tad TadTools - Reflected XSS | S | |
| CVE-2021-41566 | Tad TadTools - Arbitrary File Upload | S | |
| CVE-2021-41567 | Tad Uploader - Stored XSS | S | |
| CVE-2021-41568 | Tad Web - Improper Authorization | S | |
| CVE-2021-41569 | SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by... | E | |
| CVE-2021-41570 | Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display N... | | |
| CVE-2021-41571 | Pulsar Admin API allows access to data from other tenants using getMessageById API | E S | |
| CVE-2021-41573 | Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authent... | | |
| CVE-2021-41574 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41575 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41576 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41578 | mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files.... | | |
| CVE-2021-41579 | LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an att... | | |
| CVE-2021-41580 | The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to ob... | S | |
| CVE-2021-41581 | x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 ha... | E S | |
| CVE-2021-41583 | vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, ... | | |
| CVE-2021-41584 | Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosu... | | |
| CVE-2021-41585 | ATS stops accepting connections on FreeBSD | S | |
| CVE-2021-41586 | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can poten... | | |
| CVE-2021-41587 | In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can poten... | | |
| CVE-2021-41588 | In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary uns... | | |
| CVE-2021-41589 | In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential... | | |
| CVE-2021-41590 | In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an... | | |
| CVE-2021-41591 | ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.... | E S | |
| CVE-2021-41592 | Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.... | M | |
| CVE-2021-41593 | Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.... | E | |
| CVE-2021-41594 | In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can... | | |
| CVE-2021-41595 | SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attack... | | |
| CVE-2021-41596 | SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attack... | | |
| CVE-2021-41597 | SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the Upgrad... | | |
| CVE-2021-41598 | UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user | | |
| CVE-2021-41599 | Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution | | |
| CVE-2021-41608 | A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before... | E M | |
| CVE-2021-41609 | SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET befo... | E M | |
| CVE-2021-41610 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-27339. Reason: This candidat... | R | |
| CVE-2021-41611 | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or... | S | |
| CVE-2021-41612 | An issue was discovered in the ALU unit of the OpenRISC mor1kx processor. The carry flag is not bein... | E | |
| CVE-2021-41613 | An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of ... | | |
| CVE-2021-41614 | An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write acce... | | |
| CVE-2021-41615 | websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation rel... | | |
| CVE-2021-41616 | Apache ddlutils 1.0 readobject vulnerability | | |
| CVE-2021-41617 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows... | S | |
| CVE-2021-41619 | An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code executi... | | |
| CVE-2021-41634 | A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FT... | E | |
| CVE-2021-41635 | When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remot... | E | |
| CVE-2021-41636 | MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers r... | E M | |
| CVE-2021-41637 | Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the l... | E | |
| CVE-2021-41638 | The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a ... | E | |
| CVE-2021-41639 | MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.... | E | |
| CVE-2021-41641 | Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific... | E | |
| CVE-2021-41643 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via ... | E | |
| CVE-2021-41644 | Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 vi... | E | |
| CVE-2021-41645 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System... | E | |
| CVE-2021-41646 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by upl... | E | |
| CVE-2021-41647 | An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik J... | E | |
| CVE-2021-41648 | An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through t... | E | |
| CVE-2021-41649 | An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through t... | E | |
| CVE-2021-41651 | A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A mali... | E | |
| CVE-2021-41652 | Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the ent... | | |
| CVE-2021-41653 | The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_17121... | E | |
| CVE-2021-41654 | SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary S... | E | |
| CVE-2021-41657 | SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which w... | E | |
| CVE-2021-41658 | Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows a... | E | |
| CVE-2021-41659 | SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to ex... | E | |
| CVE-2021-41660 | SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, ... | E | |
| CVE-2021-41661 | Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a... | E | |
| CVE-2021-41662 | The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can b... | E | |
| CVE-2021-41663 | A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the... | E | |
| CVE-2021-41672 | PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user tha... | E | |
| CVE-2021-41674 | An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email para... | E | |
| CVE-2021-41675 | A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/p... | E | |
| CVE-2021-41676 | An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login... | E | |
| CVE-2021-41677 | A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the ... | E | |
| CVE-2021-41678 | A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the ... | E | |
| CVE-2021-41679 | A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the ... | E | |
| CVE-2021-41682 | There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings... | E S | |
| CVE-2021-41683 | There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0... | E | |
| CVE-2021-41687 | DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsi... | S | |
| CVE-2021-41688 | DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its ... | S | |
| CVE-2021-41689 | DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb p... | S | |
| CVE-2021-41690 | DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file i... | S | |
| CVE-2021-41694 | An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password cha... | E | |
| CVE-2021-41695 | An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect... | E | |
| CVE-2021-41696 | An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due ... | E | |
| CVE-2021-41697 | A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the a... | E | |
| CVE-2021-41714 | In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachment... | E S | |
| CVE-2021-41715 | libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.... | E | |
| CVE-2021-41716 | Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to r... | E | |
| CVE-2021-41719 | Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 applicati... | | |
| CVE-2021-41720 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41728 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search fun... | | |
| CVE-2021-41729 | BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacke... | E | |
| CVE-2021-41731 | Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.... | | |
| CVE-2021-41732 | An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that ... | E | |
| CVE-2021-41733 | Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.... | S | |
| CVE-2021-41736 | Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at pr... | E | |
| CVE-2021-41737 | In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^... | | |
| CVE-2021-41738 | ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may a... | | |
| CVE-2021-41739 | A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execu... | | |
| CVE-2021-41744 | All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle... | | |
| CVE-2021-41745 | ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain ... | | |
| CVE-2021-41746 | SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in c... | E | |
| CVE-2021-41747 | Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attack... | | |
| CVE-2021-41748 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-41874. Reason: This candidat... | R | |
| CVE-2021-41749 | In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to... | S | |
| CVE-2021-41750 | A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remo... | S | |
| CVE-2021-41751 | Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_ar... | S | |
| CVE-2021-41752 | Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 o... | E | |
| CVE-2021-41753 | A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B0... | | |
| CVE-2021-41754 | dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php.... | E | |
| CVE-2021-41755 | dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php.... | E | |
| CVE-2021-41756 | dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php.... | E | |
| CVE-2021-41764 | A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The... | E | |
| CVE-2021-41765 | A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev... | E | |
| CVE-2021-41766 | Insecure Java Deserialization in Apache Karaf | M | |
| CVE-2021-41767 | Private tunnel identifier may be included in the non-private details of active connections | | |
| CVE-2021-41769 | A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < ... | | |
| CVE-2021-41770 | Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack... | | |
| CVE-2021-41771 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 A... | | |
| CVE-2021-41772 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP... | | |
| CVE-2021-41773 | Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 | KEV E S | |
| CVE-2021-41780 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke... | | |
| CVE-2021-41781 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke... | | |
| CVE-2021-41782 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke... | | |
| CVE-2021-41783 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke... | | |
| CVE-2021-41784 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke... | | |
| CVE-2021-41785 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attacke... | | |
| CVE-2021-41788 | MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle atte... | | |
| CVE-2021-41789 | In wifi driver, there is a possible system crash due to a missing validation check. This could lead ... | | |
| CVE-2021-41790 | An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Act... | | |
| CVE-2021-41791 | An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-shar... | | |
| CVE-2021-41792 | An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.al... | | |
| CVE-2021-41794 | ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value,... | E | |
| CVE-2021-41795 | The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerab... | | |
| CVE-2021-41796 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41797 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41798 | MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being us... | E S | |
| CVE-2021-41799 | MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query pr... | | |
| CVE-2021-41800 | MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query pr... | S | |
| CVE-2021-41801 | The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is bl... | S | |
| CVE-2021-41802 | HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to... | | |
| CVE-2021-41803 | HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment... | | |
| CVE-2021-41805 | HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorre... | | |
| CVE-2021-41807 | Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts. | S | |
| CVE-2021-41808 | In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs. | S | |
| CVE-2021-41809 | SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server. | | |
| CVE-2021-41810 | Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool | | |
| CVE-2021-41816 | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buff... | E | |
| CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service... | E | |
| CVE-2021-41819 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affe... | E | |
| CVE-2021-41821 | Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that mi... | E | |
| CVE-2021-41823 | The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to... | E | |
| CVE-2021-41824 | Craft CMS before 3.7.14 allows CSV injection.... | | |
| CVE-2021-41825 | Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin us... | E | |
| CVE-2021-41826 | PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb o... | E S | |
| CVE-2021-41827 | Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only acce... | E | |
| CVE-2021-41828 | Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with re... | E | |
| CVE-2021-41829 | Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to ... | E | |
| CVE-2021-41830 | Double Certificate Attack | | |
| CVE-2021-41831 | Timestamp Manipulation with Signature Wrapping | | |
| CVE-2021-41832 | Content Manipulation with Certificate Validation Attack | | |
| CVE-2021-41833 | Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execu... | S | |
| CVE-2021-41834 | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the c... | S | |
| CVE-2021-41835 | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm | S | |
| CVE-2021-41836 | Fathom Analytics <= 3.0.4 Authenticated Stored Cross-Site Scripting | S | |
| CVE-2021-41837 | An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of ... | | |
| CVE-2021-41838 | An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is ... | | |
| CVE-2021-41839 | An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because ... | | |
| CVE-2021-41840 | An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is... | | |
| CVE-2021-41841 | An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an... | | |
| CVE-2021-41842 | An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 ... | | |
| CVE-2021-41843 | An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3... | E | |
| CVE-2021-41844 | Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.... | | |
| CVE-2021-41845 | A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only ... | | |
| CVE-2021-41847 | An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical s... | E | |
| CVE-2021-41848 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates su... | E | |
| CVE-2021-41849 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally... | E | |
| CVE-2021-41850 | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a packag... | E | |
| CVE-2021-41851 | Rejected reason: This is unused.... | R | |
| CVE-2021-41852 | Rejected reason: This is unused.... | R | |
| CVE-2021-41853 | Rejected reason: This is unused.... | R | |
| CVE-2021-41854 | Rejected reason: This is unused.... | R | |
| CVE-2021-41855 | Rejected reason: This is unused.... | R | |
| CVE-2021-41856 | Rejected reason: This is unused.... | R | |
| CVE-2021-41857 | Rejected reason: This is unused.... | R | |
| CVE-2021-41858 | Rejected reason: This is unused.... | R | |
| CVE-2021-41859 | Rejected reason: This is unused.... | R | |
| CVE-2021-41860 | Rejected reason: This is unused.... | R | |
| CVE-2021-41861 | The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-dest... | | |
| CVE-2021-41862 | AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code E... | E | |
| CVE-2021-41864 | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unpri... | S | |
| CVE-2021-41865 | HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submis... | | |
| CVE-2021-41866 | MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's the... | S | |
| CVE-2021-41867 | An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated a... | E S | |
| CVE-2021-41868 | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public no... | E S | |
| CVE-2021-41869 | SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.... | | |
| CVE-2021-41870 | An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenti... | | |
| CVE-2021-41871 | An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the u... | | |
| CVE-2021-41872 | Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which ca... | | |
| CVE-2021-41873 | Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skywo... | | |
| CVE-2021-41874 | An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a maliciou... | | |
| CVE-2021-41878 | A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Ver... | E | |
| CVE-2021-41916 | A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remo... | E | |
| CVE-2021-41917 | webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML... | E | |
| CVE-2021-41918 | webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTM... | E | |
| CVE-2021-41919 | webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dan... | E | |
| CVE-2021-41920 | webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based b... | E | |
| CVE-2021-41921 | novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead... | E | |
| CVE-2021-41924 | Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS).... | S | |
| CVE-2021-41927 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-41928 | SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allow... | E | |
| CVE-2021-41929 | Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23... | E | |
| CVE-2021-41930 | Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System... | E | |
| CVE-2021-41931 | The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page a... | E | |
| CVE-2021-41932 | A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any a... | E | |
| CVE-2021-41938 | An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitra... | E | |
| CVE-2021-41942 | The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabil... | | |
| CVE-2021-41943 | Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a n... | | |
| CVE-2021-41945 | Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` an... | E | |
| CVE-2021-41946 | In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parenta... | E | |
| CVE-2021-41947 | A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.... | E | |
| CVE-2021-41948 | A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.... | E | |
| CVE-2021-41950 | A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated ... | E | |
| CVE-2021-41951 | ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in ... | E | |
| CVE-2021-41952 | Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attac... | E | |
| CVE-2021-41959 | JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-c... | E S | |
| CVE-2021-41962 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System ... | E | |
| CVE-2021-41965 | A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticate... | E | |
| CVE-2021-41971 | Possible SQL Injection when template processing is enabled | M | |
| CVE-2021-41972 | Credentials leak | M | |
| CVE-2021-41973 | Apache MINA HTTP listener DOS | S | |
| CVE-2021-41974 | Tad Book3 - Improper Authorization | S | |
| CVE-2021-41975 | Tad TadTools - Improper Authorization | S | |
| CVE-2021-41976 | Tad Uploader - Improper Authorization | S | |
| CVE-2021-41977 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41978 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41979 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41980 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41981 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41982 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41983 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41984 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41985 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41986 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-41987 | In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based bu... | E | |
| CVE-2021-41988 | Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Perm... | | |
| CVE-2021-41989 | Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permission... | | |
| CVE-2021-41990 | The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate wi... | | |
| CVE-2021-41991 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiv... | S | |
| CVE-2021-41992 | PingID Windows Login RSA cryptographic weakness with possible offline MFA bypass | | |
| CVE-2021-41993 | PingID Android mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks | S | |
| CVE-2021-41994 | PingID iOS mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks | S | |
| CVE-2021-41995 | PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks | |