Latest CVE Feed
-
9.8
CRITICALCVE-2021-22848
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.... Read more
Affected Products : msr45_isherlock-antispam msr45_isherlock-user ssr45_isherlock-antispam ssr45_isherlock-user- EPSS Score: %0.44
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22847
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.... Read more
Affected Products : hycms-j1- EPSS Score: %1.17
- Published: Jan. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22827
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- EPSS Score: %0.41
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22826
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- EPSS Score: %0.69
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-22825
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. ... Read more
- EPSS Score: %0.38
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphica... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %0.63
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-22823
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA ... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %1.75
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22822
A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted mali... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.53
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-22821
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Produc... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.20
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22820
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.57
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22819
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Prod... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.21
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22818
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.25
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22817
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All V... Read more
- EPSS Score: %0.04
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22816
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: S... Read more
- EPSS Score: %0.37
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22815
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Managem... Read more
- EPSS Score: %0.25
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22814
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing ... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22811
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Produ... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22810
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing ... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024