Latest CVE Feed
-
9.8
CRITICALCVE-2022-34821
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router... Read more
Affected Products : scalance_s615_firmware simatic_cp_1242-7_v2_firmware simatic_cp_1243-1_firmware simatic_cp_1243-7_lte_eu_firmware simatic_cp_1243-7_lte_us_firmware simatic_cp_1243-8_irc_firmware simatic_cp_1542sp-1_irc_firmware simatic_cp_1543sp-1_firmware siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware siplus_et_200sp_cp_1543sp-1_isec_firmware +50 more products- Published: Jul. 12, 2022
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2022-21306
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more
Affected Products : weblogic_server- Published: Jan. 19, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33635
When malicious images are pulled by isula pull, attackers can execute arbitrary code.... Read more
Affected Products : isula- Published: Oct. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-51800
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.... Read more
Affected Products : homey- Published: Apr. 04, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2021-33485
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.... Read more
- Published: Aug. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33543
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.... Read more
Affected Products : url-parse- Published: Feb. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33390
dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.... Read more
Affected Products : dpic- Published: Aug. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.... Read more
Affected Products : help_desk- Published: Mar. 08, 2023
- Modified: Mar. 05, 2025
-
9.8
CRITICALCVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS comma... Read more
Affected Products : raspap- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33316
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a cr... Read more
Affected Products : ti-pg1284i_firmware ti-g102i_firmware ti-g160i_firmware ti-g642i_firmware ti-pg102i_firmware ti-pg541i_firmware ti-rp262i_firmware teg-30102ws_firmware tpe-30102ws_firmware ti-pg1284i +8 more products- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2021-33216
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.... Read more
Affected Products : ruckus_iot_controller- Published: Jul. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33346
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.... Read more
- Published: Jun. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33388
dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y... Read more
Affected Products : dpic- Published: Aug. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33207
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.... Read more
Affected Products : mashzone_nextgen- Published: Apr. 05, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33199
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.... Read more
Affected Products : expressionengine- Published: Aug. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).... Read more
Affected Products : minimist- Published: Mar. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33180
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : media_server- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44732
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.... Read more
- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024