| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40333 | Cri | 0.59 | 9.0 | 0.01 | Dec 2, 2021 | Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions… | ||
| CVE-2015-20105 | Cri | 0.62 | 9.6 | 0.01 | Dec 2, 2021 | The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored… | ||
| CVE-2021-43679 | Cri | 0.64 | 9.8 | 0.02 | Dec 2, 2021 | ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. | ||
| CVE-2021-26777 | Cri | 0.64 | 9.8 | 0.02 | Dec 2, 2021 | Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code. | ||
| CVE-2021-33274 | Cri | 0.64 | 9.8 | 0.04 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-33271 | Cri | 0.64 | 9.8 | 0.04 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-33270 | Cri | 0.64 | 9.8 | 0.04 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-33269 | Cri | 0.64 | 9.8 | 0.04 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-33268 | Cri | 0.64 | 9.8 | 0.04 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-33267 | Cri | 0.64 | 9.8 | 0.04 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-33266 | Cri | 0.65 | 9.8 | 0.17 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-33265 | Cri | 0.65 | 9.8 | 0.14 | Dec 1, 2021 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | ||
| CVE-2021-43451 | Cri | 0.64 | 9.8 | 0.02 | Dec 1, 2021 | SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | ||
| CVE-2021-43685 | Cri | 0.64 | 9.8 | 0.01 | Dec 1, 2021 | libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. | ||
| CVE-2021-26334 | Cri | 0.64 | 9.9 | 0.01 | Dec 1, 2021 | The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | ||
| CVE-2021-44280 | Cri | 0.64 | 9.8 | 0.02 | Dec 1, 2021 | attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. | ||
| CVE-2021-3994 | Cri | 0.56 | 9.6 | 0.01 | Dec 1, 2021 | django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-3985 | — | Cri | 0.52 | 9.0 | 0.01 | Dec 1, 2021 | kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
| CVE-2021-43319 | Cri | 0.65 | 9.8 | 0.21 | Nov 30, 2021 | Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | ||
| CVE-2021-42099 | Cri | 0.64 | 9.8 | 0.07 | Nov 30, 2021 | Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution. | ||
| CVE-2021-43202 | Cri | 0.64 | 9.8 | 0.01 | Nov 30, 2021 | In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. | ||
| CVE-2021-41679 | Cri | 0.64 | 9.8 | 0.01 | Nov 30, 2021 | A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter. | ||
| CVE-2021-41678 | Cri | 0.64 | 9.8 | 0.01 | Nov 30, 2021 | A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter. | ||
| CVE-2021-41677 | Cri | 0.64 | 9.8 | 0.01 | Nov 30, 2021 | A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter. | ||
| CVE-2021-44427 | — | Cri | 0.61 | 9.8 | 0.51 | Nov 29, 2021 | An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. | |
| CVE-2021-43787 | Cri | 0.52 | 9.0 | 0.01 | Nov 29, 2021 | Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in… | ||
| CVE-2021-43786 | Cri | 0.57 | 9.8 | 0.02 | Nov 29, 2021 | Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as… | ||
| CVE-2021-43691 | Cri | 0.64 | 9.8 | 0.02 | Nov 29, 2021 | tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability. | ||
| CVE-2021-43693 | Cri | 0.64 | 9.8 | 0.01 | Nov 29, 2021 | vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. | ||
| CVE-2021-24915 | Cri | 0.65 | 9.8 | 0.13 | Nov 29, 2021 | The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform… | ||
| CVE-2021-44077 | Cri | 0.86 | 9.8 | 0.94 | KEV | Nov 29, 2021 | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. | |
| CVE-2021-44093 | Cri | 0.64 | 9.8 | 0.03 | Nov 28, 2021 | A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | ||
| CVE-2021-41243 | Cri | 0.52 | 9.1 | 0.02 | Nov 26, 2021 | There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability… | ||
| CVE-2021-38685 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2021 | A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later | ||
| CVE-2021-44219 | Cri | 0.00 | 9.8 | 0.01 | Nov 24, 2021 | Gin-Vue-Admin before 2.4.6 mishandles a SQL database. | ||
| CVE-2021-43778 | Cri | 0.04 | 9.1 | 0.53 | Nov 24, 2021 | Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the… | ||
| CVE-2021-34423 | Cri | 0.64 | 9.8 | 0.03 | Nov 24, 2021 | A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and… | ||
| CVE-2021-22049 | Cri | 0.64 | 9.8 | 0.02 | Nov 24, 2021 | The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter… | ||
| CVE-2021-3554 | Cri | 0.59 | 9.0 | 0.03 | Nov 24, 2021 | Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools… | ||
| CVE-2021-20850 | Cri | 0.64 | 9.8 | 0.01 | Nov 24, 2021 | PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors. | ||
| CVE-2021-44140 | — | Cri | 0.60 | 9.1 | 0.06 | Nov 24, 2021 | Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to… | |
| CVE-2021-42785 | Cri | 0.64 | 9.8 | 0.02 | Nov 23, 2021 | Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server. | ||
| CVE-2021-42784 | Cri | 0.64 | 9.8 | 0.07 | Nov 23, 2021 | OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. | ||
| CVE-2021-42783 | Cri | 0.64 | 9.8 | 0.04 | Nov 23, 2021 | Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. | ||
| CVE-2021-38002 | Cri | 0.62 | 9.6 | 0.01 | Nov 23, 2021 | Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2021-36313 | Cri | 0.59 | 9.1 | 0.02 | Nov 23, 2021 | Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges… | ||
| CVE-2021-36312 | Cri | 0.59 | 9.1 | 0.01 | Nov 23, 2021 | Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. | ||
| CVE-2021-37022 | Cri | 0.64 | 9.8 | 0.01 | Nov 23, 2021 | There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. | ||
| CVE-2021-37016 | Cri | 0.59 | 9.1 | 0.01 | Nov 23, 2021 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. | ||
| CVE-2021-44144 | — | Cri | 0.52 | 9.1 | 0.01 | Nov 22, 2021 | Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. |
- risk 0.59cvss 9.0epss 0.01
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions…
- risk 0.62cvss 9.6epss 0.01
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored…
- risk 0.64cvss 9.8epss 0.02
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.
- risk 0.64cvss 9.8epss 0.02
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.
- risk 0.64cvss 9.8epss 0.04
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.
- risk 0.65cvss 9.8epss 0.17
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.
- risk 0.65cvss 9.8epss 0.14
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
- risk 0.64cvss 9.8epss 0.01
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.
- risk 0.64cvss 9.9epss 0.01
The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
- risk 0.64cvss 9.8epss 0.02
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.
- risk 0.56cvss 9.6epss 0.01
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- risk 0.52cvss 9.0epss 0.01
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- risk 0.65cvss 9.8epss 0.21
Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.
- risk 0.64cvss 9.8epss 0.07
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.
- risk 0.64cvss 9.8epss 0.01
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.
- risk 0.61cvss 9.8epss 0.51
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
- risk 0.52cvss 9.0epss 0.01
Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in…
- risk 0.57cvss 9.8epss 0.02
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as…
- risk 0.64cvss 9.8epss 0.02
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.
- risk 0.64cvss 9.8epss 0.01
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
- risk 0.65cvss 9.8epss 0.13
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform…
- risk 0.86cvss 9.8epss 0.94
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
- risk 0.64cvss 9.8epss 0.03
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
- risk 0.52cvss 9.1epss 0.02
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability…
- risk 0.64cvss 9.8epss 0.01
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
- risk 0.00cvss 9.8epss 0.01
Gin-Vue-Admin before 2.4.6 mishandles a SQL database.
- risk 0.04cvss 9.1epss 0.53
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the…
- risk 0.64cvss 9.8epss 0.03
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and…
- risk 0.64cvss 9.8epss 0.02
The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter…
- risk 0.59cvss 9.0epss 0.03
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools…
- risk 0.64cvss 9.8epss 0.01
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
- risk 0.60cvss 9.1epss 0.06
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to…
- risk 0.64cvss 9.8epss 0.02
Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server.
- risk 0.64cvss 9.8epss 0.07
OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.
- risk 0.64cvss 9.8epss 0.04
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions.
- risk 0.62cvss 9.6epss 0.01
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- risk 0.59cvss 9.1epss 0.02
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges…
- risk 0.59cvss 9.1epss 0.01
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system.
- risk 0.64cvss 9.8epss 0.01
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated.
- risk 0.59cvss 9.1epss 0.01
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service.
- risk 0.52cvss 9.1epss 0.01
Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.