Latest CVE Feed
-
9.8
CRITICALCVE-2021-31897
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.... Read more
Affected Products : webstorm- EPSS Score: %0.01
- Published: May. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-31932
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for t... Read more
Affected Products : bts_trs_web_console- EPSS Score: %1.14
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29739
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.... Read more
Affected Products : money_transfer_management_system- EPSS Score: %0.25
- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-9148
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.... Read more
Affected Products : fiyo_cms- EPSS Score: %24.23
- Published: Oct. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2024-22394
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. ... Read more
Affected Products : sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 nssp_10700 nssp_11700 nssp_13700 nsv_270 +12 more products- EPSS Score: %0.64
- Published: Feb. 08, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-25125
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.... Read more
Affected Products : mcms- EPSS Score: %82.82
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40756
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.... Read more
Affected Products : callback_widget- EPSS Score: %0.10
- Published: Aug. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40846
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.... Read more
- EPSS Score: %0.12
- Published: Aug. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40892
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.... Read more
- EPSS Score: %0.12
- Published: Aug. 24, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-22663
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg... Read more
- EPSS Score: %4.76
- Published: Jan. 23, 2024
- Modified: May. 30, 2025
-
9.8
CRITICALCVE-2024-22751
D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.... Read more
- EPSS Score: %3.44
- Published: Jan. 24, 2024
- Modified: Jun. 20, 2025
-
9.8
CRITICALCVE-2022-33318
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by s... Read more
- EPSS Score: %7.34
- Published: Jul. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-5122
A vulnerability was found in SourceCodester Event Registration System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registrar/. The manipulation of the argument search leads to sql injection. The att... Read more
- Published: May. 20, 2024
- Modified: Feb. 10, 2025
-
9.8
CRITICALCVE-2019-11929
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, ... Read more
Affected Products : hhvm- EPSS Score: %3.88
- Published: Oct. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40945
Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.... Read more
Affected Products : doctor_appointment_system- EPSS Score: %0.18
- Published: Sep. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32071
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of serv... Read more
Affected Products : micollab- EPSS Score: %0.56
- Published: Aug. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-3245
A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtun... Read more
Affected Products : library_management_system- Published: Apr. 04, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-46347
In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http ca... Read more
Affected Products : ndk_steppingpack- EPSS Score: %68.30
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20386
ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more
- EPSS Score: %0.82
- Published: Dec. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29994
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=.... Read more
Affected Products : online_sports_complex_booking_system- EPSS Score: %0.25
- Published: May. 12, 2022
- Modified: Nov. 21, 2024