Latest CVE Feed
-
10.0
CRITICALCVE-2022-30603
An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make... Read more
- EPSS Score: %2.47
- Published: Oct. 25, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-33192
Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands t... Read more
Affected Products : iota_all-in-one_security_kit_firmware- EPSS Score: %0.32
- Published: Oct. 25, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-33204
Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An att... Read more
Affected Products : iota_all-in-one_security_kit_firmware- EPSS Score: %0.45
- Published: Oct. 25, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2025-34030
An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can in... Read more
Affected Products :- Published: Jun. 20, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2022-4291
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in versi... Read more
Affected Products : script_shield- EPSS Score: %0.02
- Published: Dec. 08, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-4390
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restric... Read more
- EPSS Score: %0.10
- Published: Dec. 09, 2022
- Modified: Apr. 14, 2025
-
10.0
CRITICALCVE-2025-53091
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint... Read more
Affected Products : wegia- Published: Jun. 27, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2023-22600
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the sam... Read more
- EPSS Score: %0.13
- Published: Jan. 12, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-22601
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An u... Read more
- EPSS Score: %0.12
- Published: Jan. 12, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-45444
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted acc... Read more
Affected Products : real-time_location_system_studio- EPSS Score: %0.31
- Published: Jan. 18, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2025-53823
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint `/WeGIA/html/socio/sistema/processa_deletar_socio.php`, in the `id_socio` p... Read more
Affected Products : wegia- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2023-24482
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), CO... Read more
Affected Products : comos- EPSS Score: %0.23
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2014-125124
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p paramet... Read more
Affected Products :- Published: Jul. 31, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2022-43604
An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing... Read more
Affected Products : opener- EPSS Score: %2.83
- Published: Mar. 16, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2012-10026
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 07, 2025
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2022-47190
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.... Read more
- EPSS Score: %0.72
- Published: Mar. 31, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2012-10058
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code executi... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2023-27497
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploit... Read more
- EPSS Score: %0.34
- Published: Apr. 11, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-43243
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6.... Read more
Affected Products :- Published: Jan. 07, 2025
- Modified: Jan. 07, 2025
- Vuln Type: Misconfiguration
-
10.0
HIGHCVE-2023-2231
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attac... Read more
- EPSS Score: %0.20
- Published: Apr. 21, 2023
- Modified: Nov. 21, 2024