Latest CVE Feed
-
10.0
CRITICALCVE-2021-34679
Thycotic Password Reset Server before 5.3.0 allows credential disclosure.... Read more
Affected Products : password_reset_server- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-34819
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (... Read more
Affected Products : simatic_cp_1242-7_v2_firmware simatic_cp_1243-1_firmware simatic_cp_1243-7_lte_eu_firmware simatic_cp_1243-7_lte_us_firmware simatic_cp_1243-8_irc_firmware simatic_cp_1542sp-1_irc_firmware simatic_cp_1543sp-1_firmware siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware siplus_et_200sp_cp_1543sp-1_isec_firmware siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware +20 more products- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability... Read more
Affected Products : exchange_server- Actively Exploited
- Published: Jul. 14, 2021
- Modified: Feb. 24, 2025
-
10.0
CRITICALCVE-2022-32158
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vu... Read more
Affected Products : splunk- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30311
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper acc... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30308
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improp... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-34079
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.... Read more
Affected Products : docker-tester- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-34235
Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page.... Read more
Affected Products : tokheim_profleet_dialog- Published: Feb. 11, 2022
- Modified: Feb. 06, 2025
-
10.0
HIGHCVE-2021-34066
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file.... Read more
Affected Products : developer-be- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified v... Read more
- Published: Oct. 20, 2022
- Modified: Jan. 14, 2025
-
10.0
HIGHCVE-2021-33907
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privilege... Read more
Affected Products : meetings- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-33885
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full syste... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-33796
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. ... Read more
Affected Products : mujs- Published: Jul. 07, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20704
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20702
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-33583
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.... Read more
Affected Products : timecard- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-51790
Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51791
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51788
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51789
Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024