Latest CVE Feed
-
9.8
CRITICALCVE-2021-43736
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule... Read more
Affected Products : cmswing- Published: Mar. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18755
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.... Read more
Affected Products : k-iwi- Published: Nov. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30506
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.... Read more
Affected Products : mcms- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30510
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.... Read more
Affected Products : school_dormitory_management_system- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44090
An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.... Read more
- Published: Jan. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-4008
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.... Read more
Affected Products : api_connect- Published: Feb. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via c... Read more
Affected Products : hermes- Published: Sep. 04, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5974
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.... Read more
Affected Products : simplecalendar- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30816
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.... Read more
Affected Products : elite_cms- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-39392
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.... Read more
Affected Products : mylittlebackup- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31053
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to c... Read more
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-45389
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 68... Read more
- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31232
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.... Read more
Affected Products : smartfabric_storage_software- Published: Aug. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31328
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.... Read more
Affected Products : online_ordering_system- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-45644
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before ... Read more
Affected Products : r6220_firmware r6260_firmware r6800_firmware ac2100_firmware ac2400_firmware ac2600_firmware r6230_firmware r6330_firmware r6350_firmware r6700v2_firmware +22 more products- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18903
Vanilla 2.6.x before 2.6.4 allows remote code execution.... Read more
Affected Products : vanilla- Published: Nov. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6295
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams... Read more
- Published: Mar. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-12110
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.... Read more
Affected Products : nc200_firmware nc210_firmware nc220_firmware nc230_firmware nc250_firmware nc260_firmware nc450_firmware nc250 nc450 nc260 +4 more products- Published: May. 04, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18963
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.... Read more
Affected Products : degraupublicidade- Published: Nov. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40618
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.... Read more
Affected Products : opensis- Published: Oct. 12, 2021
- Modified: Nov. 21, 2024