Latest CVE Feed
-
9.9
CRITICALCVE-2024-52429
Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.... Read more
Affected Products : wp_quick_setup- Published: Nov. 18, 2024
- Modified: Nov. 20, 2024
-
9.9
CRITICALCVE-2022-26420
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests ... Read more
- EPSS Score: %9.34
- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2022-26085
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigg... Read more
- EPSS Score: %2.68
- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2022-36992
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execu... Read more
- EPSS Score: %1.05
- Published: Jul. 28, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2025-33024
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All ... Read more
Affected Products : ruggedcom_rox_mx5000_firmware ruggedcom_rox_rx1400_firmware ruggedcom_rox_rx1500_firmware ruggedcom_rox_rx1501_firmware ruggedcom_rox_rx1510_firmware ruggedcom_rox_rx1511_firmware ruggedcom_rox_rx1512_firmware ruggedcom_rox_rx1524_firmware ruggedcom_rox_rx1536_firmware ruggedcom_rox_rx5000_firmware +1 more products- Published: May. 13, 2025
- Modified: May. 13, 2025
-
9.9
CRITICALCVE-2022-2234
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.... Read more
Affected Products : mypro- EPSS Score: %2.01
- Published: Aug. 24, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2022-2104
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).... Read more
Affected Products : sepcos_control_and_protection_relay_firmware sepcos_control_and_protection_relay- EPSS Score: %0.24
- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2022-36130
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.... Read more
Affected Products : boundary- EPSS Score: %0.24
- Published: Sep. 01, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2021-36782
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This ... Read more
- EPSS Score: %77.97
- Published: Sep. 07, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2022-39206
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a proje... Read more
Affected Products : onedev- EPSS Score: %0.62
- Published: Sep. 13, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2022-2471
Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. Th... Read more
- EPSS Score: %1.74
- Published: Sep. 15, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2025-48782
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file... Read more
Affected Products :- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Misconfiguration
-
9.9
CRITICALCVE-2025-40585
A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
-
9.9
CRITICALCVE-2022-42925
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnera... Read more
Affected Products : formalms- EPSS Score: %0.58
- Published: Oct. 31, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2022-41934
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki lea... Read more
Affected Products : xwiki- EPSS Score: %2.32
- Published: Nov. 23, 2022
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2023-0016
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend... Read more
Affected Products : business_planning_and_consolidation- EPSS Score: %0.18
- Published: Jan. 10, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2017-16256
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more
- EPSS Score: %0.08
- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2017-16257
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more
- EPSS Score: %0.08
- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2017-16258
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more
- EPSS Score: %0.08
- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2017-16260
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more
- EPSS Score: %0.08
- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024