CVE-2021-38457

Same vendor

• CVE-2021-38481 — The scheduler service running on a specific TCP port enables the user to start and stop jobs (8.1 HIGH)
• CVE-2021-38479 — Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions (6.5 MEDIUM)
• CVE-2021-38477 — There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the mani... (9.8 CRITICAL)
• CVE-2021-38475 — The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permi... (7.3 HIGH)
• CVE-2021-38473 — The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow (8.0 HIGH)

Same CWE

• CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
• CVE-2026-47261 — Wasmtime is a runtime for WebAssembly (7.5 HIGH)
• CVE-2026-50892 — Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attacke... (6.5 MEDIUM)
• CVE-2026-50891 — Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a cra... (8.1 HIGH)
• CVE-2026-50886 — Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources vi... (9.1 CRITICAL)