Latest CVE Feed
-
9.8
CRITICALCVE-2021-27426
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.... Read more
- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27581
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.... Read more
- Published: Mar. 05, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-20830
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.... Read more
- Published: Jun. 04, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28122
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example,... Read more
Affected Products : open5gs- Published: Mar. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3378
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.... Read more
Affected Products : fortilogger- Published: Feb. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34187
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.... Read more
- Published: Jun. 28, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28673
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridg... Read more
- Published: Mar. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-29369
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.... Read more
Affected Products : gnuplot- Published: May. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-11283
A buffer overflow can occur when playing an MKV clip due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag... Read more
- Published: Feb. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34746
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as ... Read more
Affected Products : enterprise_nfv_infrastructure_software- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-2303
SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon... Read more
Affected Products : sdx55_firmware sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware mdm9150_firmware qcs605_firmware sdx24_firmware +100 more products- Published: Nov. 21, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22794
Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNE... Read more
Affected Products : pineapp_mail_secure- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-4852
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge spe... Read more
- Published: Jul. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-35522
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and inform... Read more
- Published: Jul. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30064
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).... Read more
Affected Products : tofino_xenon_security_appliance_firmware tofino_argon_fa-tsa-220-tx\/mm_firmware tofino_argon_fa-tsa-220-tx\/tx_firmware tofino_argon_fa-tsa-220-mm\/tx_firmware tofino_argon_fa-tsa-220-mm\/mm_firmware tofino_argon_fa-tsa-100-tx\/tx_firmware eagle_20_tofino_943_987-505-mm\/mm_firmware eagle_20_tofino_943_987-504-mm\/tx_firmware eagle_20_tofino_943_987-502_-tx\/mm_firmware eagle_20_tofino_943_987-501-tx\/tx_firmware +16 more products- Published: Apr. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22880
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.... Read more
Affected Products : jeecg_boot- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22881
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.... Read more
Affected Products : jeecg_boot- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22916
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.... Read more
Affected Products : o2oa- Published: Feb. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23389
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.... Read more
Affected Products : publiccms- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36314
Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system.... Read more
- Published: Nov. 23, 2021
- Modified: Nov. 21, 2024