Latest CVE Feed
-
10.0
HIGHCVE-2016-10457
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/5... Read more
Affected Products : android sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9206_firmware mdm9607_firmware +43 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-10458
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware sdx20_firmware sdm630_firmware sdm636_firmware sd_410_firmware +41 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-10471
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, an unsigned RTIC health report susceptible to tampering by malware executi... Read more
Affected Products : sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_425_firmware sd_430_firmware sd_650_firmware sd_652_firmware sd_425 sd_430 +6 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-10475
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, lack input validation may lead to a integer o... Read more
Affected Products : android sd_625_firmware sd_820_firmware sd_210_firmware sd_212_firmware sd_205_firmware sd_430_firmware sd_615_firmware sd_616_firmware sd_415_firmware +23 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-10482
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 4... Read more
Affected Products : android sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9206_firmware mdm9607_firmware +57 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-7243
An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a ... Read more
Affected Products : 66074_mge_network_management_card_transverse mge_comet_ups mge_eps_6000 mge_eps_7000 mge_eps_8000 mge_galaxy_3000 mge_galaxy_4000 mge_galaxy_5000 mge_galaxy_6000 mge_galaxy_9000 +1 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2017-12087
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dn... Read more
Affected Products : tinysvcmdns- Published: Apr. 24, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-6248
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, v... Read more
- Published: Nov. 21, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-6709
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.... Read more
Affected Products : mlflow- Published: Dec. 12, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-3746
The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.... Read more
Affected Products : pdfinfojs- Published: Jun. 01, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-3757
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.... Read more
Affected Products : pdf-image- Published: Jun. 01, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2023-6906
A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument... Read more
- Published: Dec. 18, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-16127
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.... Read more
Affected Products : pandora-doomsday- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-25054
Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. ... Read more
Affected Products : rsvpmaker- Published: Dec. 29, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-4804
An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.... Read more
Affected Products : quantum_hd_unity_compressor_firmware quantum_hd_unity_acuair_firmware quantum_hd_unity_condenser\/vessel_firmware quantum_hd_unity_evaporator_firmware quantum_hd_unity_engine_room_firmware quantum_hd_unity_interface_firmware quantum_hd_unity_compressor quantum_hd_unity_acuair quantum_hd_unity_condenser\/vessel quantum_hd_unity_evaporator +2 more products- Published: Nov. 10, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2014-0593
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the ... Read more
Affected Products : open_build_service- Published: Jun. 08, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-4434
The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.... Read more
Affected Products : social_warfare- Published: Jan. 17, 2024
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-12526
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.... Read more
- Published: Jun. 21, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2024-23619
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. ... Read more
Affected Products : merge_efilm_workstation- Published: Jan. 26, 2024
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-5855
While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.... Read more
Affected Products : android- Published: Jul. 06, 2018
- Modified: Nov. 21, 2024