Latest CVE Feed
-
9.8
CRITICALCVE-2021-41326
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.... Read more
Affected Products : misp- Published: Sep. 17, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-3412
All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces.... Read more
- Published: Jun. 11, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22679
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versio... Read more
Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5923
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.... Read more
Affected Products : color_laserjet_cm4540_mfp_firmware color_laserjet_cp5525_firmware color_laserjet_enterprise_flow_mfp_m681f_firmware color_laserjet_enterprise_flow_mfp_m681z_firmware color_laserjet_enterprise_flow_mfp_m682z_firmware color_laserjet_enterprise_m552_firmware color_laserjet_enterprise_m553_firmware color_laserjet_enterprise_m651_firmware color_laserjet_enterprise_m652n_firmware color_laserjet_enterprise_m652dn_firmware +266 more products- Published: Mar. 27, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6024
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.... Read more
Affected Products : project_log- Published: Feb. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-18717
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.... Read more
Affected Products : zzzphp- Published: Feb. 05, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-1925
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrar... Read more
Affected Products : koha- Published: Jan. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-3773
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.... Read more
- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-37421
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.... Read more
Affected Products : manageengine_adselfservice_plus- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-37422
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.... Read more
Affected Products : manageengine_adselfservice_plus- Published: Sep. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29383
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.... Read more
- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42637
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.... Read more
Affected Products : web_stack- Published: Feb. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.... Read more
Affected Products : thinkphp- Published: Oct. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42837
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary p... Read more
Affected Products : data_catalog- Published: Nov. 05, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-37059
There is a Weaknesses Introduced During Design... Read more
Affected Products : harmonyos- Published: Dec. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-37927
Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.... Read more
Affected Products : manageengine_admanager_plus- Published: Sep. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43118
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious ... Read more
Affected Products : vigor2960_firmware vigor300b_firmware vigor3900_firmware vigor2960 vigor300b vigor3900- Published: Mar. 29, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5973
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.... Read more
Affected Products : professional_local_directory_script- Published: Jan. 25, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29985
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category.... Read more
Affected Products : online_sports_complex_booking_system- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43676
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.... Read more
Affected Products : swoole_php_framework- Published: Dec. 03, 2021
- Modified: Nov. 21, 2024