Latest CVE Feed
-
9.8
CRITICALCVE-2021-33543
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.... Read more
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.... Read more
Affected Products : url-parse- Published: Feb. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33390
dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.... Read more
Affected Products : dpic- Published: Aug. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.... Read more
Affected Products : help_desk- Published: Mar. 08, 2023
- Modified: Mar. 05, 2025
-
9.8
CRITICALCVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS comma... Read more
Affected Products : raspap- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33316
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a cr... Read more
Affected Products : ti-pg1284i_firmware ti-g102i_firmware ti-g160i_firmware ti-g642i_firmware ti-pg102i_firmware ti-pg541i_firmware ti-rp262i_firmware teg-30102ws_firmware tpe-30102ws_firmware ti-pg1284i +8 more products- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2021-33216
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.... Read more
Affected Products : ruckus_iot_controller- Published: Jul. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33346
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.... Read more
- Published: Jun. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33388
dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y... Read more
Affected Products : dpic- Published: Aug. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33207
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.... Read more
Affected Products : mashzone_nextgen- Published: Apr. 05, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33199
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.... Read more
Affected Products : expressionengine- Published: Aug. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).... Read more
Affected Products : minimist- Published: Mar. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33180
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : media_server- Published: Jun. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44732
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.... Read more
- Published: Dec. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43299
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.... Read more
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41303
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.... Read more
- Published: Sep. 17, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should u... Read more
Affected Products : storm- Published: Oct. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33026
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they c... Read more
Affected Products : flask-caching- Published: May. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32976
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024