Latest CVE Feed
-
9.8
CRITICALCVE-2022-29080
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.... Read more
Affected Products : npm-dependency-versions- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27163
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser... Read more
Affected Products : csz_cms- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28035
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php... Read more
Affected Products : atomcms- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27260
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.... Read more
Affected Products : buttercms- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27262
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.... Read more
Affected Products : skipper- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43741
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.... Read more
Affected Products : cmsimple- Published: Apr. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-11380
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.... Read more
Affected Products : deep_discovery_director- Published: Aug. 01, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2015-1174
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.... Read more
Affected Products : teta_web- Published: Aug. 02, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-11384
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.... Read more
Affected Products : control_manager- Published: Aug. 02, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-11385
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.... Read more
Affected Products : control_manager- Published: Aug. 02, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2021-36205
Under certain circumstances the session token is not cleared on logout.... Read more
- Published: Apr. 15, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-11965
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial ... Read more
- Published: Apr. 21, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-10817
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.... Read more
Affected Products : malion- Published: Aug. 04, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall ... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9859
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack t... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9861
An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to succ... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-1020
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does no... Read more
Affected Products : woo_product_table- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-9632
A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, Lase... Read more
- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-0992
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized... Read more
- Published: Apr. 19, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2021-43481
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.... Read more
Affected Products : webtareas- Published: Apr. 20, 2022
- Modified: Nov. 21, 2024