Latest CVE Feed
-
9.8
CRITICALCVE-2020-21784
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.... Read more
Affected Products : phpwcms- Published: Jun. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-21726
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.... Read more
Affected Products : opensns- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-21809
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.... Read more
Affected Products : nukeviet- Published: Jul. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-28392
SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method.... Read more
Affected Products :- Published: Mar. 20, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-28288
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterpri... Read more
- Published: Mar. 30, 2024
- Modified: Jun. 30, 2025
-
9.8
CRITICALCVE-2012-4750
A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service... Read more
Affected Products : ezserver- Published: Jan. 13, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-21652
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.... Read more
Affected Products : myucms- Published: Oct. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-10071
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.... Read more
- Published: Feb. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.... Read more
Affected Products : emlog- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known work... Read more
- Published: Dec. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23218
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a ... Read more
- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.... Read more
Affected Products : halo- Published: Sep. 30, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.... Read more
Affected Products : mysql2- Published: Apr. 23, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-21522
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.... Read more
Affected Products : halo- Published: Sep. 30, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-28211
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.... Read more
Affected Products : ngrinder- Published: Mar. 07, 2024
- Modified: May. 07, 2025
-
9.8
CRITICALCVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.... Read more
Affected Products : zfs_storage_appliance_kit debian_linux http_server sinema_remote_connect_server libexpat- Published: Feb. 16, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2021-33046
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.... Read more
Affected Products : sd6al_firmware sd50_firmware sd52c_firmware ipc-hx2xxx_firmware ipc-hx3xxx_firmware ipc-hx5xxx_firmware sd1a1_firmware sd22_firmware tpc-bf1241_firmware tpc-bf2221_firmware +46 more products- Published: Jan. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-14353
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.... Read more
- Published: Jul. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Actively Exploited
- Published: Feb. 13, 2024
- Modified: May. 29, 2025
-
9.8
CRITICALCVE-2024-21410
Microsoft Exchange Server Elevation of Privilege Vulnerability... Read more
Affected Products : exchange_server- Actively Exploited
- Published: Feb. 13, 2024
- Modified: Nov. 29, 2024