LiveActive security incident?Get immediate response
CVE archive

2021 CVE Archive

Browse CVE records published in 2021 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 22585 matching CVEs · Page 1 of 452.

Unknown · CVSS Not scored

CVE-2021-46355: OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS).

OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).

Published Feb 11, 2022 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-46354: Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information di...

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.

Published Feb 9, 2022 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-45420: Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_...

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced.

Published Feb 14, 2022 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-44596: Wondershare LTD Dr.

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges

Published Apr 29, 2022 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2021-44595: Wondershare Dr.

Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.

Published Apr 29, 2022 · Updated Jul 9, 2026