Latest CVE Feed
-
9.8
CRITICALCVE-2021-29369
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.... Read more
Affected Products : gnuplot- Published: May. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-11283
A buffer overflow can occur when playing an MKV clip due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag... Read more
- Published: Feb. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34746
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as ... Read more
Affected Products : enterprise_nfv_infrastructure_software- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-2303
SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon... Read more
Affected Products : sdx55_firmware sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware mdm9150_firmware qcs605_firmware sdx24_firmware +100 more products- Published: Nov. 21, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22794
Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNE... Read more
Affected Products : pineapp_mail_secure- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-4852
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge spe... Read more
- Published: Jul. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35522
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and inform... Read more
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30064
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).... Read more
Affected Products : tofino_xenon_security_appliance_firmware tofino_argon_fa-tsa-220-tx\/mm_firmware tofino_argon_fa-tsa-220-tx\/tx_firmware tofino_argon_fa-tsa-220-mm\/tx_firmware tofino_argon_fa-tsa-220-mm\/mm_firmware tofino_argon_fa-tsa-100-tx\/tx_firmware eagle_20_tofino_943_987-505-mm\/mm_firmware eagle_20_tofino_943_987-504-mm\/tx_firmware eagle_20_tofino_943_987-502_-tx\/mm_firmware eagle_20_tofino_943_987-501-tx\/tx_firmware +16 more products- Published: Apr. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22880
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.... Read more
Affected Products : jeecg_boot- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22881
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.... Read more
Affected Products : jeecg_boot- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22916
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.... Read more
Affected Products : o2oa- Published: Feb. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23389
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.... Read more
Affected Products : publiccms- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36314
Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system.... Read more
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-17378
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.... Read more
Affected Products : penny_auction_factory- Published: Sep. 28, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-17397
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.... Read more
Affected Products : alphaindex_dictionaries- Published: Sep. 28, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24017
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerabil... Read more
- Published: Aug. 05, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24047
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. ... Read more
Affected Products : track-it\!- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24219
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.... Read more
Affected Products : elite_cms- Published: Feb. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24221
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.... Read more
Affected Products : elite_cms- Published: Feb. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3762
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for r... Read more
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024