Latest CVE Feed
-
9.8
CRITICALCVE-2021-37782
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.... Read more
Affected Products : employee_record_management_system- Published: Oct. 28, 2022
- Modified: May. 12, 2025
-
9.8
CRITICALCVE-2021-38737
SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.... Read more
Affected Products : semcms- Published: Oct. 28, 2022
- Modified: May. 07, 2025
-
9.8
CRITICALCVE-2021-38217
SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.... Read more
Affected Products : semcms- Published: Oct. 28, 2022
- Modified: May. 08, 2025
-
9.8
CRITICALCVE-2022-2474
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and ... Read more
- Published: Oct. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37623
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.... Read more
Affected Products : browserify-shim- Published: Oct. 31, 2022
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2014-125049
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is c... Read more
Affected Products : blogile- Published: Jan. 06, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-40293
The application was vulnerable to a session fixation that could be used hijack accounts. ... Read more
Affected Products : php_point_of_sale- Published: Oct. 31, 2022
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2022-27584
Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in ... Read more
- Published: Nov. 01, 2022
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2022-39382
Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"develo... Read more
Affected Products : keystone- Published: Nov. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-43101
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.... Read more
- Published: Nov. 03, 2022
- Modified: May. 02, 2025
-
9.8
CRITICALCVE-2022-43102
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.... Read more
- Published: Nov. 03, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-43104
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.... Read more
- Published: Nov. 03, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-43105
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.... Read more
- Published: Nov. 03, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-43106
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function.... Read more
- Published: Nov. 03, 2022
- Modified: May. 02, 2025
-
9.8
CRITICALCVE-2022-43109
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet.... Read more
- Published: Nov. 03, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2020-22818
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.... Read more
Affected Products : mkcms- Published: Nov. 03, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2025-45984
Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via... Read more
Affected Products : bl-wr9000_firmware bl-wr9000 bl-ac1900_firmware bl-ac1900 bl-ac2100_az3_firmware bl-ac2100_az3 bl-x10_ac8_firmware bl-x10_ac8 bl-lte300_firmware bl-lte300 +8 more products- Published: Jun. 13, 2025
- Modified: Jul. 10, 2025
-
9.8
CRITICALCVE-2025-45985
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDH... Read more
Affected Products : bl-wr9000_firmware bl-wr9000 bl-ac2100_az3_firmware bl-ac2100_az3 bl-x10_ac8_firmware bl-x10_ac8 bl-lte300_firmware bl-lte300 bl-f1200_at1_firmware bl-f1200_at1 +6 more products- Published: Jun. 13, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-28389
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.... Read more
Affected Products : cosmos- Published: Jun. 13, 2025
- Modified: Jun. 17, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2020-22820
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.... Read more
Affected Products : mkcms- Published: Nov. 03, 2022
- Modified: May. 05, 2025