Latest CVE Feed
-
7.5
HIGHCVE-2021-22854
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.... Read more
Affected Products : hr_portal- EPSS Score: %0.39
- Published: Feb. 17, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-22853
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.... Read more
Affected Products : hr_portal- EPSS Score: %0.26
- Published: Feb. 17, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22852
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.... Read more
Affected Products : oaklouds_openid- EPSS Score: %0.26
- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22851
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.... Read more
Affected Products : oaklouds_openid- EPSS Score: %0.26
- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22850
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.... Read more
Affected Products : oaklouds_portal- EPSS Score: %0.29
- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-22849
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.... Read more
Affected Products : hycms-j1- EPSS Score: %0.17
- Published: Jan. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22848
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.... Read more
Affected Products : msr45_isherlock-antispam msr45_isherlock-user ssr45_isherlock-antispam ssr45_isherlock-user- EPSS Score: %0.44
- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22847
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.... Read more
Affected Products : hycms-j1- EPSS Score: %1.17
- Published: Jan. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22827
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- EPSS Score: %0.41
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22826
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- EPSS Score: %0.69
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-22825
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. ... Read more
- EPSS Score: %0.38
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphica... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %0.63
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-22823
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA ... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %1.75
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22822
A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted mali... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.53
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-22821
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Produc... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.20
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22820
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.57
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22819
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Prod... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.21
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22818
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.25
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22817
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All V... Read more
- EPSS Score: %0.04
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22816
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: S... Read more
- EPSS Score: %0.37
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024