Latest CVE Feed
-
9.8
CRITICALCVE-2021-34170
Bandai Namco FromSoftware Dark Souls III allows remote attackers to execute arbitrary code.... Read more
Affected Products : dark_souls_iii- Published: Jun. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-17843
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase M... Read more
- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34427
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.... Read more
Affected Products : business_intelligence_and_reporting_tools- Published: Jun. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-17918
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.... Read more
- Published: Nov. 02, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-18633
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.... Read more
Affected Products : eidas-node_integration_package- Published: Oct. 30, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27413
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.... Read more
Affected Products : hospital_management_system- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40329
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.... Read more
Affected Products : pingfederate- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27420
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.... Read more
Affected Products : hospital_management_system- Published: May. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27567
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.... Read more
- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40532
Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.... Read more
Affected Products : web_k_alpha- Published: Sep. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40670
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.... Read more
Affected Products : wuzhicms- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-2765
A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/settings. The manipulation leads to improper authentication. The attac... Read more
Affected Products : company_website_cms- Published: Aug. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5519
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more
Affected Products : genixcms- Published: Jan. 17, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-28032
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php... Read more
Affected Products : atomcms- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5778
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
- Published: Jan. 24, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28585
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php... Read more
Affected Products : empirecms- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5586
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.... Read more
Affected Products : documentum_d2- Published: Feb. 22, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2021-36560
Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.... Read more
Affected Products : phone_shop_sales_management_system- Published: Nov. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5878
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.... Read more
Affected Products : sd_625_firmware sd_835_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware mdm9635m_firmware sd_210_firmware sd_212_firmware sd_205_firmware sd_615_firmware +14 more products- Published: Jul. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28722
Certain HP Print Products are potentially vulnerable to Buffer Overflow.... Read more
Affected Products : j9v82a_firmware j6u55a_firmware j6u55b_firmware j9v80a_firmware d3q15a_firmware d3q17a_firmware d3q19a_firmware d3q20a_firmware d3q21a_firmware k9z76a_firmware +188 more products- Published: Sep. 26, 2022
- Modified: May. 27, 2025