Latest CVE Feed
-
9.8
CRITICALCVE-2024-31276
Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8.... Read more
Affected Products : products\,_order_\&_customers_export_for_woocommerce- Published: Jun. 09, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-42769
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. ... Read more
Affected Products : analog_fm_transmitter_exc5000gx_firmware analog_fm_transmitter_exc120gx_firmware analog_fm_transmitter_exc300gx_firmware analog_fm_transmitter_exc1600gx_firmware analog_fm_transmitter_exc2000gx_firmware analog_fm_transmitter_exc1000gx_firmware analog_fm_transmitter_exc3000gx_firmware analog_fm_transmitter_exc30gt_firmware analog_fm_transmitter_exc300gt_firmware analog_fm_transmitter_exc100gt_firmware +20 more products- Published: Oct. 26, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled.... Read more
- Published: Oct. 14, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-10083
A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. Thi... Read more
Affected Products : dynosaur-rails- Published: Feb. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-36061
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function ... Read more
Affected Products : elrond_go- Published: Sep. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36812
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration... Read more
Affected Products : opentsdb- Published: Jun. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-3087
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The ma... Read more
Affected Products : emergency_ambulance_hiring_portal- Published: Mar. 30, 2024
- Modified: Feb. 14, 2025
-
9.8
CRITICALCVE-2015-10035
A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b... Read more
Affected Products : angular-test-reporter- Published: Jan. 09, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-2429
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.... Read more
Affected Products : phpmyfaq- Published: Apr. 30, 2023
- Modified: Jan. 30, 2025
-
9.8
CRITICALCVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature use... Read more
Affected Products :- Published: Jul. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11247
The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.... Read more
Affected Products : bwise- Published: Aug. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27005
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary ... Read more
- Published: Mar. 15, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-33561
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.... Read more
Affected Products : xstore- Published: Jun. 09, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0412
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allow... Read more
Affected Products : ti_woocommerce_wishlist- Published: Feb. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27126
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.... Read more
Affected Products : zbzcms- Published: Apr. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48265
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.... Read more
Affected Products : nexo-os nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\) nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\) nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\) nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\) nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\) nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\) nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\) nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\) nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\) +11 more products- Published: Jan. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-25209
Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.... Read more
Affected Products : barangay_population_monitoring_system- Published: Feb. 14, 2024
- Modified: May. 12, 2025
-
9.8
CRITICALCVE-2015-10069
A vulnerability was found in viakondratiuk cash-machine. It has been declared as critical. This vulnerability affects the function is_card_pin_at_session/update_failed_attempts of the file machine.py. The manipulation leads to sql injection. The name of t... Read more
Affected Products : cash-machine- Published: Jan. 19, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-25223
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.... Read more
Affected Products : simple_admin_panel- Published: Feb. 14, 2024
- Modified: May. 12, 2025
-
9.8
CRITICALCVE-2024-25248
SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter.... Read more
Affected Products : b2b2c_multi-business- Published: Feb. 26, 2024
- Modified: Mar. 27, 2025