Latest CVE Feed
-
10.0
HIGHCVE-2021-46200
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.... Read more
- Published: Jan. 21, 2022
- Modified: Dec. 27, 2024
-
10.0
HIGHCVE-2021-46201
An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.... Read more
Affected Products : online_resort_management_system- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45966
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.... Read more
Affected Products : cloud_phone_system- Published: Mar. 18, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45809
GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--scr... Read more
Affected Products : globalprotect-openconnect- Published: Mar. 22, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45742
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45738
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45617
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 befor... Read more
Affected Products : r6900p_firmware r7000_firmware r7000p_firmware rbk752_firmware rbr750_firmware rbs750_firmware rbk852_firmware rbr850_firmware rbs850_firmware cbr40_firmware +56 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45621
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 befo... Read more
Affected Products : ex7000_firmware r6900p_firmware r7000_firmware r7000p_firmware rbk752_firmware rbr750_firmware rbs750_firmware rbk852_firmware rbr850_firmware rbs850_firmware +86 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45511
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R... Read more
Affected Products : d7000_firmware r6220_firmware r6260_firmware r6800_firmware ac2100_firmware ac2400_firmware ac2600_firmware r6230_firmware r6330_firmware r6350_firmware +24 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45610
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80... Read more
Affected Products : r6900p_firmware r7000_firmware r7000p_firmware eax80_firmware r6400v2_firmware r6700v3_firmware r7900_firmware r7900p_firmware r7960p_firmware r8000_firmware +46 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45618
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800... Read more
Affected Products : r7800_firmware ex8000_firmware r8900_firmware r9000_firmware xr500_firmware d7800_firmware rax120_firmware rbk12_firmware rbr10_firmware rbs10_firmware +62 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45498
NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.... Read more
- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45613
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before ... Read more
Affected Products : rbk752_firmware rbr750_firmware rbs750_firmware rbk852_firmware rbr850_firmware rbs850_firmware cbr40_firmware mk62_firmware mr60_firmware ms60_firmware +42 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45040
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.... Read more
Affected Products : laravel_media_library- Published: Mar. 17, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45255
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The... Read more
Affected Products : video_sharing_website- Published: Dec. 21, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-44738
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.... Read more
Affected Products : cx820_firmware cx825_firmware cx860_firmware xc4150_firmware xc6152_firmware xc8155_firmware xc8160_firmware b2236_firmware b2338_firmware b2442_firmware +457 more products- Published: Jan. 20, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-44736
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.... Read more
- Published: Jan. 20, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-44630
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-44629
A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-44734
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.... Read more
Affected Products : cx820_firmware cx825_firmware cx860_firmware xc4150_firmware xc6152_firmware xc8155_firmware xc8160_firmware b2236_firmware b2338_firmware b2442_firmware +457 more products- Published: Jan. 20, 2022
- Modified: Nov. 21, 2024