Latest CVE Feed
-
10.0
CRITICALCVE-2024-51551
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02... Read more
Affected Products :- Published: Dec. 05, 2024
- Modified: Dec. 05, 2024
-
10.0
HIGHCVE-2022-1039
The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by defaul... Read more
- EPSS Score: %0.21
- Published: Apr. 20, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-28354
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell pr... Read more
- Published: Mar. 15, 2024
- Modified: Apr. 01, 2025
-
10.0
HIGHCVE-2011-2595
Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.... Read more
Affected Products : fotoslate- EPSS Score: %74.00
- Published: Sep. 14, 2011
- Modified: Apr. 11, 2025
-
10.0
CRITICALCVE-2022-40981
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on th... Read more
Affected Products : remote_access_server_firmware ras-c-100-lw ras-e-100 ras-e-220 ras-e-400 ras-ec-220-lw ras-ec-400-lw ras-ec-480-lw ras-ecw-220-lw ras-ecw-400-lw +4 more products- EPSS Score: %0.04
- Published: Nov. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-33566
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. ... Read more
Affected Products :- Published: Apr. 29, 2024
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-1375
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system com... Read more
Affected Products : diaenergie- EPSS Score: %0.22
- Published: May. 02, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-14479
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution wi... Read more
Affected Products : mysql_multi-master_replication_manager- EPSS Score: %5.01
- Published: May. 09, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-6886
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.... Read more
Affected Products : gitea- Published: Aug. 06, 2024
- Modified: Aug. 06, 2024
-
10.0
HIGHCVE-2021-27692
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUS... Read more
- EPSS Score: %2.58
- Published: Apr. 16, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-8353
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address... Read more
Affected Products : givewp- Published: Sep. 28, 2024
- Modified: Oct. 01, 2024
-
10.0
HIGHCVE-2009-0718
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors.... Read more
Affected Products : storageworks_storage_mirroring- EPSS Score: %5.16
- Published: Apr. 21, 2009
- Modified: Apr. 09, 2025
-
10.0
CRITICALCVE-2024-6298
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely... Read more
- Published: Jul. 05, 2024
- Modified: Dec. 05, 2024
-
10.0
HIGHCVE-2008-0528
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data.... Read more
- EPSS Score: %8.91
- Published: Feb. 15, 2008
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2017-9860
An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version th... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- EPSS Score: %0.44
- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2019-10533
Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We... Read more
Affected Products : qca6574au_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware sd_675_firmware +68 more products- EPSS Score: %0.25
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-10534
Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wear... Read more
Affected Products : qca6574au_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware sd_675_firmware +68 more products- EPSS Score: %0.22
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-10539
Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon ... Read more
Affected Products : qca6574au_firmware ipq8074_firmware qca6574_firmware qca8081_firmware sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware +88 more products- EPSS Score: %0.43
- Published: Sep. 30, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-10540
Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra... Read more
Affected Products : qca6574au_firmware ipq8074_firmware qca8081_firmware sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_820_firmware sd_835_firmware qca6174a_firmware qca9377_firmware +44 more products- EPSS Score: %0.94
- Published: Sep. 30, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-0040
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.... Read more
Affected Products : contrail_service_orchestration- EPSS Score: %0.17
- Published: Jul. 11, 2018
- Modified: Nov. 21, 2024