Latest CVE Feed
-
7.5
HIGHCVE-2021-22854
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.... Read more
Affected Products : hr_portal- Published: Feb. 17, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-22853
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.... Read more
Affected Products : hr_portal- Published: Feb. 17, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22852
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.... Read more
Affected Products : oaklouds_openid- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22851
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.... Read more
Affected Products : oaklouds_openid- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22850
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.... Read more
Affected Products : oaklouds_portal- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-22849
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.... Read more
Affected Products : hycms-j1- Published: Jan. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22848
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.... Read more
Affected Products : msr45_isherlock-antispam msr45_isherlock-user ssr45_isherlock-antispam ssr45_isherlock-user- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22847
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.... Read more
Affected Products : hycms-j1- Published: Jan. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22827
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22826
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphica... Read more
Affected Products : interactive_graphical_scada_system_data_collector- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-22823
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA ... Read more
Affected Products : interactive_graphical_scada_system_data_collector- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22822
A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted mali... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-22821
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Produc... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22820
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22819
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Prod... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22818
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22817
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All V... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22816
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: S... Read more
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22815
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Managem... Read more
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024