Latest CVE Feed
-
9.8
CRITICALCVE-2021-26688
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).... Read more
- Published: Feb. 04, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-20857
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnera... Read more
Affected Products : nexus_dashboard- Published: Jul. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3286
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.... Read more
Affected Products : spotweb- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27410
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integra... Read more
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27965
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.... Read more
Affected Products : dragon_center- Published: Mar. 05, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28121
Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.... Read more
Affected Products : virtual_robots.txt- Published: Aug. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22505
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent.... Read more
Affected Products : operations_agent- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-29114
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.... Read more
Affected Products : arcgis_server- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-29200
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack... Read more
Affected Products : ofbiz- Published: Apr. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-2254
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware +92 more products- Published: Jul. 25, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-29655
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute.... Read more
Affected Products : infinity_connect- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-2322
Buffer overflow can occur when playing specific clip which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Sn... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +78 more products- Published: Jul. 25, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30167
The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices.... Read more
Affected Products : p2r8852e2_firmware p2r8852e4_firmware p2r6852e2_firmware p2r6852e4_firmware p2r6552e2_firmware p2r6552e4_firmware p2r6352ae2_firmware p2r6352ae4_firmware p2r3052ae2_firmware p2g1052_firmware +72 more products- Published: Apr. 28, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23315
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.... Read more
Affected Products : mcms- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23365
HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.... Read more
Affected Products : hms- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23379
Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().... Read more
Affected Products : emlog- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36440
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.... Read more
Affected Products : showdoc- Published: Sep. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30648
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, a... Read more
Affected Products : symantec_proxysg symantec_advanced_secure_gateway_s200-30_firmware symantec_advanced_secure_gateway_s200-40_firmware symantec_advanced_secure_gateway_s400-20_firmware symantec_advanced_secure_gateway_s400-30_firmware symantec_advanced_secure_gateway_s400-40_firmware symantec_advanced_secure_gateway_500-10_firmware symantec_advanced_secure_gateway_s500-20_firmware symantec_advanced_secure_gateway_s200-30 symantec_advanced_secure_gateway_s200-40 +5 more products- Published: Jun. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5166
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device.... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-23878
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.... Read more
Affected Products : seacms- Published: Mar. 02, 2022
- Modified: Nov. 21, 2024