Latest CVE Feed
-
9.8
CRITICALCVE-2020-14936
Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmp_oid_decode_oid()... Read more
Affected Products : contiki-ng- EPSS Score: %0.59
- Published: Aug. 18, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-4694
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. ... Read more
- EPSS Score: %0.06
- Published: Aug. 26, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7723
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.... Read more
Affected Products : promisehelpers- EPSS Score: %0.41
- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-25069
USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.... Read more
Affected Products : usvn- EPSS Score: %1.10
- Published: Sep. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-0447
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617... Read more
Affected Products : android- EPSS Score: %0.15
- Published: Nov. 10, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versi... Read more
- EPSS Score: %0.71
- Published: Nov. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-29563
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.... Read more
Affected Products : my_cloud_os_5 my_cloud_ex2_ultra my_cloud_ex4100 my_cloud_pr2100 my_cloud_pr4100 my_cloud_mirror_gen_2- EPSS Score: %5.62
- Published: Dec. 12, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-25179
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.... Read more
- EPSS Score: %0.22
- Published: Dec. 14, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-4747
IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516.... Read more
Affected Products : connect\- EPSS Score: %2.00
- Published: Dec. 15, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-35880
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation.... Read more
Affected Products : bigint- EPSS Score: %0.43
- Published: Dec. 31, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-7575
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.... Read more
Affected Products : ui_for_wpf- Published: Sep. 25, 2024
- Modified: Oct. 03, 2024
-
9.8
CRITICALCVE-2024-9322
A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit_manufacturer.php. The manipulation of the argument id leads to sql injection. It is possibl... Read more
Affected Products : supply_chain_management- Published: Sep. 29, 2024
- Modified: Oct. 02, 2024
-
9.8
CRITICALCVE-2024-10022
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is pos... Read more
Affected Products : pharmacy_management_system- Published: Oct. 16, 2024
- Modified: Oct. 21, 2024
-
9.8
CRITICALCVE-2024-47485
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.... Read more
Affected Products : hikcentral_master- Published: Oct. 18, 2024
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2024-43177
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.... Read more
Affected Products : concert- Published: Oct. 22, 2024
- Modified: Oct. 25, 2024
-
9.8
CRITICALCVE-2024-10421
A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtime_row.php. The manipulation of the argument id leads to sql injection. The attack can b... Read more
Affected Products : attendance_and_payroll_system- Published: Oct. 27, 2024
- Modified: Oct. 29, 2024
-
9.8
CRITICALCVE-2024-50428
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21.... Read more
Affected Products : multi_step_form- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
9.8
CRITICALCVE-2024-10991
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The at... Read more
Affected Products : hospital_appointment_system- Published: Nov. 08, 2024
- Modified: Nov. 18, 2024
-
9.8
CRITICALCVE-2024-50371
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1... Read more
Affected Products :- Published: Nov. 26, 2024
- Modified: Nov. 26, 2024
-
9.8
CRITICALCVE-2024-53477
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java... Read more
Affected Products :- Published: Dec. 02, 2024
- Modified: Dec. 11, 2024