Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38417 1 Visam 1 Vbase Web-remote 2026-06-17 N/A 7.4 HIGH
VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.
CVE-2021-38378 1 Open-xchange 1 Ox App Suite 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
CVE-2021-38179 1 Sap 1 Business One 2026-06-17 4.0 MEDIUM 4.9 MEDIUM
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.
CVE-2021-38178 1 Sap 2 Netweaver Abap, Netweaver Application Server Abap 2026-06-17 6.5 MEDIUM 8.8 HIGH
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.
CVE-2021-38118 1 Microfocus 1 Imanager 2026-06-17 N/A 5.5 MEDIUM
Possible improper input validation Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000.
CVE-2021-38020 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2021-37965 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-37791 1 Myadmin Project 1 Myadmin 2026-06-17 4.0 MEDIUM 4.9 MEDIUM
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.
CVE-2021-37601 1 Prosody 1 Prosody 2026-06-17 5.0 MEDIUM 7.5 HIGH
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
CVE-2021-37471 1 Cradlepoint 6 Ibr600, Ibr600 Firmware, Ibr600c and 3 more 2026-06-17 7.8 HIGH 7.5 HIGH
Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line.
CVE-2021-37394 1 Rpcms 1 Rpcms 2026-06-17 6.0 MEDIUM 8.8 HIGH
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.
CVE-2021-37101 1 Huawei 2 Ais-bw50-00, Ais-bw50-00 Firmware 2026-06-17 7.2 HIGH 6.8 MEDIUM
There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device.
CVE-2021-37093 1 Huawei 3 Emui, Harmonyos, Magic Ui 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages.
CVE-2021-37091 1 Huawei 1 Harmonyos 2026-06-17 5.0 MEDIUM 7.5 HIGH
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.
CVE-2021-37038 1 Huawei 2 Emui, Magic Ui 2026-06-17 5.0 MEDIUM 7.5 HIGH
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36992 1 Huawei 2 Emui, Magic Ui 2026-06-17 5.0 MEDIUM 7.5 HIGH
There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36942 1 Microsoft 6 Windows Server 2004, Windows Server 2008, Windows Server 2012 and 3 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Windows LSA Spoofing Vulnerability
CVE-2021-36934 1 Microsoft 5 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 2 more 2026-06-17 4.6 MEDIUM 7.8 HIGH
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
CVE-2021-36802 1 Akaunting 1 Akaunting 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product.
CVE-2021-36792 1 Dated News Project 1 Dated News 2026-06-17 6.4 MEDIUM 7.2 HIGH
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.