Latest CVE Feed
-
9.8
CRITICALCVE-2020-3446
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker ... Read more
Affected Products : wide_area_application_services encs_5406-w_firmware encs_5408-w_firmware encs_5412-w_firmware csp_5228-w_firmware csp_5436-w_firmware encs_5406-w encs_5408-w encs_5412-w csp_5228-w +1 more products- Published: Aug. 26, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7232
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_ce... Read more
- Published: Mar. 09, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7259
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive... Read more
Affected Products : a320-x- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0510
Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors.... Read more
Affected Products : kkcald- Published: Feb. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7785
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.... Read more
Affected Products : u.motion_builder- Published: Jul. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8073
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.... Read more
- Published: Mar. 21, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1000131
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack... Read more
Affected Products : wp_support_plus_responsive_ticket_system- Published: Mar. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1000885
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to man... Read more
Affected Products : phkp- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-9161
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.... Read more
Affected Products : checkweigher_prismaweb- Published: Mar. 31, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-1962
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of ... Read more
- Published: Apr. 09, 2023
- Modified: Mar. 07, 2025
-
9.8
CRITICALCVE-2018-9208
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta... Read more
Affected Products : jquery_picture_cut- Published: Nov. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-17407
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the h... Read more
Affected Products : enterprise_manager- Published: Jan. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10734
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.... Read more
Affected Products : d303_firmware d305_firmware d403_firmware a303_firmware a403_firmware d303 d305 d403 a303 a403- Published: May. 08, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5959
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.... Read more
Affected Products : genixcms- Published: Feb. 21, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6034
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2019-0285
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.... Read more
Affected Products : crystal_reports- Published: Apr. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.... Read more
Affected Products : commerce_cloud- Actively Exploited
- Published: Aug. 14, 2019
- Modified: Jan. 27, 2025
-
9.8
CRITICALCVE-2018-11547
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.... Read more
Affected Products : md4c- Published: May. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-17430
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.... Read more
- Published: Dec. 07, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-11635
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.... Read more
Affected Products : powermedia_xms- Published: Jul. 03, 2018
- Modified: Nov. 21, 2024