Latest CVE Feed
-
10.0
HIGHCVE-2022-30311
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper acc... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30308
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improp... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-34079
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.... Read more
Affected Products : docker-tester- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-34235
Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page.... Read more
Affected Products : tokheim_profleet_dialog- Published: Feb. 11, 2022
- Modified: Feb. 06, 2025
-
10.0
HIGHCVE-2021-34066
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file.... Read more
Affected Products : developer-be- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified v... Read more
- Published: Oct. 20, 2022
- Modified: Jan. 14, 2025
-
10.0
HIGHCVE-2021-33907
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privilege... Read more
Affected Products : meetings- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-33885
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full syste... Read more
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-33796
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. ... Read more
Affected Products : mujs- Published: Jul. 07, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20704
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20702
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-33583
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.... Read more
Affected Products : timecard- Published: Sep. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-51790
Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51791
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51788
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51789
Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker ... Read more
Affected Products : fedora debian_linux active_iq_unified_manager finesse webex_meetings_server fxos oncommand_insight snapcenter enterprise_chat_and_email dna_center +165 more products- Actively Exploited
- Published: Dec. 10, 2021
- Modified: Aug. 08, 2025
-
10.0
HIGHCVE-2021-33044
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.... Read more
Affected Products : sd6al_firmware sd50_firmware sd52c_firmware ipc-hum7xxx_firmware ipc-hx3xxx_firmware ipc-hx5xxx_firmware sd1a1_firmware sd22_firmware sd41_firmware tpc-bf1241_firmware +28 more products- Actively Exploited
- Published: Sep. 15, 2021
- Modified: Feb. 24, 2025
-
10.0
HIGHCVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword b... Read more
Affected Products : diaenergie- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-32974
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024