Latest CVE Feed
-
9.4
CRITICALCVE-2024-36059
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol.... Read more
Affected Products :- Published: Jun. 27, 2024
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2024-7205
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.... Read more
Affected Products : ewelink- Published: Jul. 31, 2024
- Modified: Jul. 31, 2024
-
9.4
CRITICALCVE-2024-41940
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privilege... Read more
Affected Products : sinec_nms- Published: Aug. 13, 2024
- Modified: Aug. 14, 2024
-
9.4
CRITICALCVE-2024-36439
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password.... Read more
Affected Products :- Published: Aug. 22, 2024
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2024-42764
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.... Read more
Affected Products : bus_ticket_reservation_system- Published: Aug. 23, 2024
- Modified: May. 06, 2025
-
9.4
CRITICALCVE-2024-7873
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 20, 2024
-
9.4
CRITICALCVE-2022-0942
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.... Read more
Affected Products : showdoc- EPSS Score: %0.33
- Published: Mar. 15, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2022-1330
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .... Read more
Affected Products : fullpage- EPSS Score: %0.32
- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2022-1592
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...... Read more
Affected Products : scout- EPSS Score: %0.30
- Published: May. 05, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2022-1682
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser... Read more
Affected Products : facturascripts- EPSS Score: %0.28
- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2021-27442
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.... Read more
Affected Products : cmt-svr-100_firmware cmt-svr-102_firmware cmt-svr-200_firmware cmt-svr-202_firmware cmt-g01_firmware cmt-g02_firmware cmt-g03_firmware cmt-g04_firmware cmt3071_firmware cmt3072_firmware +22 more products- EPSS Score: %0.14
- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2016-5843
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.... Read more
Affected Products : faq- EPSS Score: %1.10
- Published: Sep. 17, 2016
- Modified: Apr. 12, 2025
-
9.4
CRITICALCVE-2016-2296
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.... Read more
- EPSS Score: %75.31
- Published: May. 14, 2016
- Modified: Apr. 12, 2025
-
9.4
CRITICALCVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.... Read more
Affected Products : parse-url- EPSS Score: %0.18
- Published: Sep. 15, 2022
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2016-1000112
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin... Read more
Affected Products : contus-video-comments- EPSS Score: %35.66
- Published: Oct. 06, 2016
- Modified: Apr. 12, 2025
-
9.4
CRITICALCVE-2025-54071
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This ... Read more
Affected Products :- Published: Jul. 21, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Path Traversal
-
9.4
CRITICALCVE-2025-34152
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without reboo... Read more
Affected Products :- Published: Aug. 07, 2025
- Modified: Aug. 07, 2025
- Vuln Type: Injection
-
9.4
HIGHCVE-2016-8491
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.... Read more
- EPSS Score: %0.27
- Published: Feb. 01, 2017
- Modified: Apr. 20, 2025
-
9.4
HIGHCVE-2021-38917
IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018.... Read more
Affected Products : powervm_hypervisor- EPSS Score: %0.21
- Published: Dec. 10, 2021
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2021-39635
ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions... Read more
Affected Products : android- EPSS Score: %0.08
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024