Latest CVE Feed
-
9.8
CRITICALCVE-2021-43140
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.... Read more
- Published: Nov. 03, 2021
- Modified: Feb. 24, 2025
-
9.8
CRITICALCVE-2022-29980
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=.... Read more
Affected Products : simple_client_management_system- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29953
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its ... Read more
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-4336
A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. U... Read more
Affected Products : ninja- Published: May. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43506
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.... Read more
Affected Products : simple_client_management_system- Published: Mar. 31, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-11928
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.... Read more
- Published: Apr. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44096
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.... Read more
Affected Products : user_registration_and_login_system_with_admin_panel- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18806
School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.... Read more
Affected Products : school_equipment_monitoring_system- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44280
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.... Read more
Affected Products : attendance_management_system- Published: Dec. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30815
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=... Read more
Affected Products : elite_cms- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30887
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.... Read more
Affected Products : pharmacy_management_system- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39509
An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can l... Read more
- Published: Aug. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3958
Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0.... Read more
Affected Products : scada_automation- Published: Nov. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20149
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible v... Read more
- Published: Dec. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-45509
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more
Affected Products : rbk752_firmware rbr750_firmware rbs750_firmware rbk852_firmware rbr850_firmware rbs850_firmware cbr40_firmware rbk752 rbr750 rbs750 +4 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31210
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are co... Read more
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-6023
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior t... Read more
- Published: Mar. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-31234
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Accoun... Read more
- Published: Jul. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-45624
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 be... Read more
Affected Products : r6900p_firmware r7000_firmware r7000p_firmware r7900_firmware r8000_firmware xr300_firmware d7000v2_firmware d8500_firmware r7100lg_firmware r8300_firmware +12 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-45638
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.... Read more
Affected Products : r6900p_firmware r7000_firmware r7000p_firmware rbs40v_firmware r6400_firmware rs400_firmware d6220_firmware d6400_firmware d7000v2_firmware d8500_firmware +18 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024