Latest CVE Feed
-
9.8
CRITICALCVE-2017-7909
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept reques... Read more
- EPSS Score: %1.60
- Published: May. 06, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2019-17601
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.... Read more
Affected Products : minishare- EPSS Score: %0.57
- Published: Oct. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2011-3203
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.... Read more
Affected Products : jcow_cms- EPSS Score: %0.41
- Published: Jan. 14, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-1813
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthen... Read more
Affected Products : simple_job_board- Published: Apr. 09, 2024
- Modified: Jan. 31, 2025
-
9.8
CRITICALCVE-2024-2224
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following pr... Read more
- Published: Apr. 09, 2024
- Modified: Feb. 07, 2025
-
9.8
CRITICALCVE-2024-3355
A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mod_users/controller.php?action=add. The manipula... Read more
Affected Products : aplaya_beach_resort_online_reservation_system- Published: Apr. 05, 2024
- Modified: Feb. 11, 2025
-
9.8
CRITICALCVE-2024-30849
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.... Read more
Affected Products : complete_e-commerce_site- Published: Apr. 05, 2024
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2017-2522
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attac... Read more
- EPSS Score: %13.05
- Published: May. 22, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2020-15320
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.... Read more
- EPSS Score: %0.51
- Published: Jun. 29, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48810
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.... Read more
- EPSS Score: %0.35
- Published: Nov. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %0.12
- Published: Nov. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-49313
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive u... Read more
Affected Products : xmachoviewer- EPSS Score: %4.17
- Published: Nov. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-49046
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.... Read more
- EPSS Score: %1.66
- Published: Nov. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-10282
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature... Read more
Affected Products : micro_air_vehicle_link- EPSS Score: %0.44
- Published: Jul. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35437
SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.... Read more
Affected Products : lmxcms- EPSS Score: %0.08
- Published: Nov. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-6126
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.... Read more
Affected Products : suitecrm- EPSS Score: %0.14
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-47445
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.... Read more
Affected Products : pre-school_enrollment_system- EPSS Score: %0.41
- Published: Nov. 15, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20852
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or ... Read more
Affected Products : a\+hrd- EPSS Score: %0.48
- Published: Apr. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7548
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.... Read more
- EPSS Score: %0.59
- Published: Dec. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-2217
A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possi... Read more
- EPSS Score: %0.05
- Published: Apr. 21, 2023
- Modified: Nov. 21, 2024