Latest CVE Feed
-
9.8
CRITICALCVE-2018-13862
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (... Read more
- Published: Jul. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11757
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitat... Read more
Affected Products : openwhisk- Published: Jul. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-2067
A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injectio... Read more
Affected Products : computer_inventory_system- Published: Mar. 01, 2024
- Modified: Dec. 17, 2024
-
9.8
CRITICALCVE-2022-45710
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.... Read more
- Published: Dec. 23, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2014-125075
A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It ... Read more
Affected Products : gmail-servlet- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-15893
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.... Read more
Affected Products : wuzhi_cms- Published: Aug. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-48126
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.... Read more
- Published: Jan. 20, 2023
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2020-21152
SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.... Read more
- Published: Jan. 20, 2023
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2018-16731
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.... Read more
Affected Products : cscms- Published: Sep. 08, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-10076
A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The ma... Read more
Affected Products : shaarlier- Published: Feb. 09, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33948
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.... Read more
Affected Products : hotels_server- Published: Feb. 17, 2023
- Modified: Mar. 18, 2025
-
9.8
CRITICALCVE-2022-36231
pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.... Read more
Affected Products : pdf_info- Published: Feb. 23, 2023
- Modified: Mar. 13, 2025
-
9.8
CRITICAL- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-1537
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.... Read more
Affected Products : answer- Published: Mar. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-19695
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.... Read more
- Published: Apr. 04, 2023
- Modified: Aug. 12, 2025
-
9.8
CRITICALCVE-2017-14349
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.... Read more
Affected Products : sitescope- Published: Sep. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.... Read more
- Published: Oct. 03, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-33259
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.... Read more
Affected Products : mdm9206_firmware wcd9330_firmware mdm9205_firmware qca4004_firmware wcd9306_firmware mdm8207_firmware mdm9207_firmware qts110_firmware snapdragon_wear_1300_firmware snapdragon_wear_1100_firmware +14 more products- Published: Apr. 13, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-14003
An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an at... Read more
- Published: Oct. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-27742
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.... Read more
- Published: May. 16, 2023
- Modified: Jan. 23, 2025