Latest CVE Feed
-
9.8
CRITICALCVE-2018-17893
LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.... Read more
Affected Products : laquis_scada- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15069
An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.... Read more
- Published: Sep. 25, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-37220
Synel Terminals - CWE-494: Download of Code Without Integrity Check ... Read more
- Published: Sep. 03, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15322
The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.... Read more
Affected Products : shortcode_factory- Published: Aug. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11420
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.... Read more
Affected Products : oncell_g3150-hspa_firmware oncell_g3150-hspa-t_firmware oncell_g3150-hspa-t oncell_g3150-hspa- Published: Jul. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15536
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.... Read more
Affected Products : acclaim- Published: Aug. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15554
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.... Read more
Affected Products : smallvec- Published: Aug. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15561
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.... Read more
Affected Products : flashlingo- Published: Aug. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11653
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.... Read more
- Published: Aug. 24, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15631
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.... Read more
- Published: Dec. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18800
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.... Read more
Affected Products : welcome_to_our_resort- Published: May. 14, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18995
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading... Read more
- Published: Jan. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18998
LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges.... Read more
Affected Products : laquis_scada- Published: Feb. 05, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12045
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.... Read more
Affected Products : dedecms- Published: Jun. 08, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-19559
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.... Read more
Affected Products : cuppacms- Published: Nov. 26, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12503
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.... Read more
Affected Products : tinyexr- Published: Jun. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12915
In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.... Read more
Affected Products : pbc- Published: Jun. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-17399
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.... Read more
Affected Products : shack_forms_pro- Published: Oct. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-17394
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.... Read more
Affected Products : parent_and_family- Published: Oct. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18240
In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.... Read more
Affected Products : v-server- Published: Nov. 13, 2019
- Modified: Nov. 21, 2024