Latest CVE Feed
-
9.8
CRITICALCVE-2022-29994
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=.... Read more
Affected Products : online_sports_complex_booking_system- EPSS Score: %0.25
- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20389
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more
- EPSS Score: %1.38
- Published: Dec. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10199
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.... Read more
Affected Products : mruby- EPSS Score: %1.52
- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-46371
TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.... Read more
- EPSS Score: %0.79
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30063
ftcms <=2.1 was discovered to be vulnerable to code execution attacks .... Read more
Affected Products : ftcms- EPSS Score: %2.00
- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-46522
TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.... Read more
- EPSS Score: %0.27
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-42468
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no prot... Read more
Affected Products : flume- EPSS Score: %0.81
- Published: Oct. 26, 2022
- Modified: May. 07, 2025
-
9.8
CRITICALCVE-2023-46547
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.... Read more
- EPSS Score: %0.24
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-3947
Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server.... Read more
Affected Products : v-server- EPSS Score: %0.42
- Published: Jun. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-24734
An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.... Read more
Affected Products : pmb- EPSS Score: %9.85
- Published: Mar. 06, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-25569
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.... Read more
Affected Products : sgsetup- EPSS Score: %1.80
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-28322
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.... Read more
Affected Products : event_management- Published: Apr. 26, 2024
- Modified: May. 14, 2025
-
9.8
CRITICALCVE-2024-28557
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.... Read more
Affected Products : php_task_management_system- Published: Apr. 15, 2024
- Modified: Mar. 31, 2025
-
9.8
CRITICALCVE-2024-3423
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack ... Read more
Affected Products : online_courseware- Published: Apr. 07, 2024
- Modified: Jan. 31, 2025
-
9.8
CRITICALCVE-2024-23679
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. ... Read more
Affected Products : xp- EPSS Score: %0.90
- Published: Jan. 19, 2024
- Modified: May. 30, 2025
-
9.8
CRITICALCVE-2023-4671
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.This issue affects ECOP: before 32255.... Read more
Affected Products : ecop- EPSS Score: %0.09
- Published: Dec. 28, 2023
- Modified: Nov. 25, 2024
-
9.8
CRITICALCVE-2023-4673
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 . ... Read more
Affected Products : turasistan- EPSS Score: %0.14
- Published: Sep. 15, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-41555
Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.... Read more
- EPSS Score: %0.12
- Published: Aug. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32744
Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful... Read more
- EPSS Score: %0.75
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-46817
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attacke... Read more
Affected Products : phpfox- EPSS Score: %0.77
- Published: Nov. 03, 2023
- Modified: Nov. 21, 2024