Export limit exceeded: 357188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10466 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26424 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 9.9 Critical |
| Windows TCP/IP Remote Code Execution Vulnerability | ||||
| CVE-2021-26422 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2024-11-21 | 7.2 High |
| Skype for Business and Lync Remote Code Execution Vulnerability | ||||
| CVE-2021-26420 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 7.1 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2021-26412 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.1 Critical |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2021-25953 | 1 Putil-merge Project | 1 Putil-merge | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25952 | 1 Just-safe-set Project | 1 Just-safe-set | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25949 | 1 Set-getter Project | 1 Set-getter | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25948 | 1 Expand-hash Project | 1 Expand-hash | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25947 | 1 Nestie Project | 1 Nestie | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25946 | 1 Nconf-toml Project | 1 Nconf-toml | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25945 | 1 Js-extend Project | 1 Js-extend | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25944 | 1 Deep-defaults Project | 1 Deep-defaults | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25913 | 1 Set-or-get Project | 1 Set-or-get | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25912 | 1 Dotty Project | 1 Dotty | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2021-25833 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 9.8 Critical |
| A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer. | ||||
| CVE-2021-25832 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 9.8 Critical |
| A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer. | ||||
| CVE-2021-25831 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 9.8 Critical |
| A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer. | ||||
| CVE-2021-25830 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 9.8 Critical |
| A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer. | ||||
| CVE-2021-25669 | 1 Siemens | 58 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 55 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution. | ||||
| CVE-2021-25294 | 1 Opencats | 1 Opencats | 2024-11-21 | 9.8 Critical |
| OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp. | ||||