Latest CVE Feed
-
9.8
CRITICALCVE-2017-10817
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.... Read more
Affected Products : malion- Published: Aug. 04, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall ... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9859
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack t... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9861
An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to succ... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-1020
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does no... Read more
Affected Products : woo_product_table- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-9632
A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, Lase... Read more
- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-0992
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized... Read more
- Published: Apr. 19, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2021-43481
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.... Read more
Affected Products : webtareas- Published: Apr. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28030
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate.... Read more
Affected Products : simple_real_estate_portal_system- Published: Apr. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28429
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.... Read more
Affected Products : baby_care_system- Published: Apr. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-26672
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user ac... Read more
Affected Products : webstorage- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3849
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. ... Read more
Affected Products : nextscale_n1200_enclosure_firmware thinkagile_hx_enclosure_certified_node_firmware thinkagile_vx_enclosure_firmware thinksystem_d2_enclosure_firmware nextscale_fan_power_controller_firmware nextscale_n1200_enclosure thinkagile_hx_enclosure_certified_node thinkagile_vx_enclosure thinksystem_d2_enclosure nextscale_fan_power_controller- Published: Apr. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0541
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.... Read more
Affected Products : flo-launch- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0657
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users,... Read more
Affected Products : 5_stars_rating_funnel- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-1390
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte techni... Read more
Affected Products : admin_word_count_column- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27985
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.... Read more
Affected Products : cuppacms- Published: Apr. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28994
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.... Read more
Affected Products : small_http_server- Published: Apr. 29, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28481
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.... Read more
Affected Products : csv-safe- Published: May. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28571
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.... Read more
- Published: May. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-1281
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.... Read more
Affected Products : photo_gallery- Published: May. 02, 2022
- Modified: Nov. 21, 2024