Latest CVE Feed
-
9.8
CRITICALCVE-2015-10056
A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7... Read more
Affected Products : vinylmaps- EPSS Score: %0.05
- Published: Jan. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-1886
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. ... Read more
Affected Products : phpmyfaq- EPSS Score: %0.28
- Published: Apr. 05, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21890
Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with n... Read more
Affected Products : communications_converged_application_server- EPSS Score: %0.73
- Published: Jan. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11466
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < ... Read more
- EPSS Score: %2.42
- Published: Dec. 12, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-2740
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unres... Read more
Affected Products : company_website_cms- EPSS Score: %0.24
- Published: Aug. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-32101
kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.... Read more
Affected Products : kkcms- EPSS Score: %0.25
- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27429
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.... Read more
Affected Products : jizhicms- EPSS Score: %0.30
- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30814
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.... Read more
Affected Products : elite_cms- EPSS Score: %0.25
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-30546
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (... Read more
Affected Products : contiki-ng- EPSS Score: %0.21
- Published: Apr. 26, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-29059
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN... Read more
Affected Products : 72408a_firmware 9008a_firmware 9016a_firmware 92408a_firmware 92416a_firmware 9288_firmware 97016_firmware 97024p_firmware 97028p_firmware 97042p_firmware +46 more products- EPSS Score: %0.36
- Published: Nov. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43520
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.... Read more
Affected Products : qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +132 more products- EPSS Score: %0.20
- Published: Feb. 06, 2024
- Modified: Aug. 11, 2025
-
9.8
CRITICALCVE-2019-13597
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute(... Read more
Affected Products : sahi_pro- EPSS Score: %50.45
- Published: Jul. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-3868
A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is... Read more
Affected Products : sanitization_management_system- EPSS Score: %0.06
- Published: Nov. 05, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-29062
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN... Read more
Affected Products : 72408a_firmware 9008a_firmware 9016a_firmware 92408a_firmware 92416a_firmware 9288_firmware 97016_firmware 97024p_firmware 97028p_firmware 97042p_firmware +46 more products- EPSS Score: %0.38
- Published: Nov. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-13658
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.... Read more
Affected Products : network_flow_analysis- EPSS Score: %1.27
- Published: Oct. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to i... Read more
Affected Products : e-office- EPSS Score: %93.10
- Published: May. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-26633
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.... Read more
- EPSS Score: %0.22
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-36376
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.... Read more
Affected Products : aaptjs- EPSS Score: %1.12
- Published: Oct. 31, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-1026
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn informati... Read more
Affected Products : research_javascript_cryptography_library- EPSS Score: %1.46
- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-13926
Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible... Read more
Affected Products : kylin- EPSS Score: %3.11
- Published: Jul. 14, 2020
- Modified: Nov. 21, 2024