Latest CVE Feed
-
10.0
HIGHCVE-2020-27660
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.... Read more
Affected Products : safeaccess- Published: Nov. 30, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-5944
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions... Read more
- Published: Oct. 03, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2022-24293
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.... Read more
Affected Products : laserjet_pro_m304-m305_w1a46a_firmware laserjet_pro_m304-m305_w1a47a_firmware laserjet_pro_m304-m305_w1a48a_firmware laserjet_pro_m304-m305_w1a66a_firmware laserjet_pro_m404-m405_93m22a_firmware laserjet_pro_m453-m454_w1y40a_firmware laserjet_pro_m453-m454_w1y41a_firmware laserjet_pro_m453-m454_w1y43a_firmware laserjet_pro_m453-m454_w1y44a_firmware laserjet_pro_m453-m454_w1y45a_firmware +126 more products- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-5945
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 al... Read more
Affected Products : dsr-150_firmware dsr-150n_firmware dsr-250_firmware dsr-250n_firmware dsr-500_firmware dsr-500n_firmware dsr-1000_firmware dsr-1000n_firmware dsr-500 dsr-150n +6 more products- Published: Feb. 11, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-6035
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP p... Read more
- Published: Feb. 04, 2014
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2019-8186
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lea... Read more
- Published: Oct. 17, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-5830
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confident... Read more
- Published: Oct. 16, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2020-27600
HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter.... Read more
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-5824
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a diffe... Read more
- Published: Oct. 16, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-5817
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to... Read more
- Published: Oct. 16, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-5829
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors re... Read more
- Published: Oct. 16, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-5787
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a diffe... Read more
- Published: Oct. 16, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-5755
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote att... Read more
Affected Products : sip-t38g- Published: Jul. 16, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2013-5715
Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.... Read more
Affected Products : gom_player- Published: Sep. 09, 2013
- Modified: Apr. 11, 2025
-
10.0
CRITICALCVE-2021-28799
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to ... Read more
- Actively Exploited
- Published: May. 13, 2021
- Modified: Mar. 12, 2025
-
10.0
HIGHCVE-2013-5667
The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter.... Read more
- Published: Jan. 24, 2014
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2012-5960
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary... Read more
Affected Products : portable_sdk_for_upnp- Published: Jan. 31, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-5618
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remot... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux fedora enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +7 more products- Published: Dec. 11, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-5600
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey bef... Read more
- Published: Oct. 30, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-5597
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allo... Read more
- Published: Oct. 30, 2013
- Modified: Apr. 11, 2025