Vulnerabilities (CVE)

Total 367136 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42641 1 Printerlogic 1 Web Stack 2026-07-09 5.0 MEDIUM 7.5 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.
CVE-2021-42640 1 Printerlogic 1 Web Stack 2026-07-09 6.4 MEDIUM 9.1 CRITICAL
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.
CVE-2021-42639 1 Printerlogic 1 Web Stack 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.
CVE-2021-42638 3 Apple, Linux, Printerlogic 3 Macos, Linux Kernel, Web Stack 2026-07-09 9.3 HIGH 8.1 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.
CVE-2021-42637 1 Printerlogic 1 Web Stack 2026-07-09 7.5 HIGH 9.8 CRITICAL
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.
CVE-2021-42635 3 Apple, Linux, Printerlogic 3 Macos, Linux Kernel, Web Stack 2026-07-09 9.3 HIGH 8.1 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.
CVE-2021-42633 1 Printerlogic 1 Web Stack 2026-07-09 5.0 MEDIUM 5.3 MEDIUM
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.
CVE-2021-42631 3 Apple, Linux, Printerlogic 4 Macos, Linux Kernel, Virtual Appliance and 1 more 2026-07-09 9.3 HIGH 8.1 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.
CVE-2021-42627 1 Dlink 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more 2026-07-09 N/A 9.8 CRITICAL
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
CVE-2021-42232 1 Tp-link 2 Archer A7, Archer A7 Firmware 2026-07-09 N/A 9.8 CRITICAL
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.
CVE-2021-42216 1 Anonaddy 1 Anonaddy 2026-07-09 7.5 HIGH 9.8 CRITICAL
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
CVE-2021-41945 1 Encode 1 Httpx 2026-07-09 6.4 MEDIUM 9.1 CRITICAL
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
CVE-2021-41716 1 Mahadiscom 1 Mahavitaran 2026-07-09 7.5 HIGH 9.8 CRITICAL
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function
CVE-2021-41672 1 Peel 1 Peel Shopping 2026-07-09 5.5 MEDIUM 6.5 MEDIUM
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database.
CVE-2021-41663 1 1234n 1 Minicms 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page.
CVE-2021-41657 1 Smartbear 1 Collaborator 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
CVE-2021-41653 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2026-07-09 10.0 HIGH 9.8 CRITICAL
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVE-2021-41451 1 Tp-link 2 Archer Ax10, Archer Ax10 Firmware 2026-07-09 5.0 MEDIUM 7.5 HIGH
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.
CVE-2021-41450 1 Tp-link 2 Archer Ax10 V1, Archer Ax10 V1 Firmware 2026-07-09 5.0 MEDIUM 7.5 HIGH
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.
CVE-2021-41449 1 Netgear 6 Rax35, Rax35 Firmware, Rax38 and 3 more 2026-07-09 3.6 LOW 7.1 HIGH
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.