Latest CVE Feed
-
9.8
CRITICALCVE-2021-32512
QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Man... Read more
Affected Products : storage_manager- Published: Jul. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1619
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, ... Read more
Affected Products : ios_xe ios_xe_sd-wan ios_xe_sd-wan_16.10.1_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.1_when_installed_on_integrated_services_virtual ios_xe_sd-wan_16.10.2_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.2_when_installed_on_integrated_services_virtual +136 more products- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1610
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) co... Read more
- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-50623
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.... Read more
- Actively Exploited
- Published: Oct. 28, 2024
- Modified: Dec. 23, 2024
-
9.8
CRITICALCVE-2024-50694
In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.... Read more
- Published: Jan. 24, 2025
- Modified: May. 29, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2021-32520
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.... Read more
Affected Products : storage_manager- Published: Jul. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-0254
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to... Read more
Affected Products : junos- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-9850
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-50648
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.... Read more
Affected Products : yshopmall- Published: Nov. 15, 2024
- Modified: Jun. 17, 2025
-
9.8
CRITICALCVE-2020-9671
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.... Read more
- Published: Jul. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-50563
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud ver... Read more
Affected Products : fortimanager fortios fortiproxy fortianalyzer fortianalyzer fortianalyzer_cloud fortimanager_cloud- Published: Jan. 16, 2025
- Modified: Feb. 03, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2020-8479
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to... Read more
- Published: Apr. 29, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8443
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delive... Read more
Affected Products : ossec- Published: Jan. 30, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-50557
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more
Affected Products : scalance_s615_firmware scalance_m804pb_firmware scalance_m826-2_firmware scalance_m874-2_firmware scalance_m874-3_firmware scalance_m876-3_firmware scalance_m876-4_firmware ruggedcom_rm1224_lte\(4g\)_eu_firmware ruggedcom_rm1224_lte\(4g\)_nam_firmware scalance_m812-1_adsl-router_firmware +48 more products- Published: Nov. 12, 2024
- Modified: Nov. 13, 2024
-
9.8
CRITICALCVE-2020-7774
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.... Read more
- Published: Nov. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7475
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (... Read more
- Published: Mar. 23, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimit... Read more
Affected Products : django- Published: Feb. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-50503
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3.... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
9.8
CRITICALCVE-2020-6989
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.... Read more
Affected Products : pt-7528-24tx-hv_firmware pt-7528-24tx-hv-hv_firmware pt-7528-24tx-wv_firmware pt-7528-24tx-wv-hv_firmware pt-7528-24tx-wv-wv_firmware pt-7528-12msc-12tx-4gsfp-hv_firmware pt-7528-12msc-12tx-4gsfp-hv-hv_firmware pt-7528-12msc-12tx-4gsfp-wv_firmware pt-7528-12msc-12tx-4gsfp-wv-wv_firmware pt-7528-12mst-12tx-4gsfp-hv_firmware +100 more products- Published: Mar. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-6814
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vuln... Read more
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024