| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-21124 | Cri | 0.64 | 9.8 | 0.02 | Sep 15, 2021 | UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | ||
| CVE-2020-21121 | Cri | 0.64 | 9.8 | 0.01 | Sep 15, 2021 | Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file. | ||
| CVE-2021-3797 | Cri | 0.00 | 9.8 | 0.01 | Sep 15, 2021 | hestiacp is vulnerable to Use of Wrong Operator in String Comparison | ||
| CVE-2021-38647 | Cri | 0.93 | 9.8 | 1.00 | KEV | Sep 15, 2021 | Open Management Infrastructure Remote Code Execution Vulnerability | |
| CVE-2021-3751 | Cri | 0.00 | 9.8 | 0.01 | Sep 15, 2021 | libmobi is vulnerable to Out-of-bounds Write | ||
| CVE-2021-23031 | — | Cri | 0.65 | 9.9 | 0.02 | Sep 14, 2021 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note:… | |
| CVE-2021-35493 | Cri | 0.59 | 9.0 | 0.01 | Sep 14, 2021 | The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low… | ||
| CVE-2021-23038 | — | Cri | 0.59 | 9.0 | 0.01 | Sep 14, 2021 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to… | |
| CVE-2021-23037 | — | Cri | 0.62 | 9.6 | 0.01 | Sep 14, 2021 | On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently… | |
| CVE-2021-38163 | Cri | 0.79 | 9.9 | 0.35 | KEV | Sep 14, 2021 | SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with… | |
| CVE-2021-37535 | Cri | 0.64 | 9.8 | 0.01 | Sep 14, 2021 | SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. | ||
| CVE-2021-36582 | Cri | 0.64 | 9.8 | 0.01 | Sep 14, 2021 | In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. | ||
| CVE-2021-36581 | Cri | 0.64 | 9.8 | 0.01 | Sep 14, 2021 | Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. | ||
| CVE-2021-33672 | Cri | 0.62 | 9.6 | 0.01 | Sep 14, 2021 | Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the… | ||
| CVE-2021-37184 | Cri | 0.64 | 9.8 | 0.01 | Sep 14, 2021 | A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system. | ||
| CVE-2021-37181 | Cri | 0.65 | 10.0 | 0.02 | Sep 14, 2021 | A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC… | ||
| CVE-2021-33719 | Cri | 0.64 | 9.8 | 0.02 | Sep 14, 2021 | A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port… | ||
| CVE-2021-31891 | Cri | 0.65 | 10.0 | 0.04 | Sep 14, 2021 | A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS… | ||
| CVE-2021-27391 | Cri | 0.64 | 9.8 | 0.03 | Sep 14, 2021 | A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC… | ||
| CVE-2021-38833 | Cri | 0.64 | 9.8 | 0.02 | Sep 13, 2021 | SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE. | ||
| CVE-2021-3666 | — | Cri | 0.57 | 9.8 | 0.01 | Sep 13, 2021 | body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| CVE-2021-33543 | Cri | 0.73 | 9.8 | 0.82 | Sep 13, 2021 | Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. | ||
| CVE-2021-24493 | Cri | 0.64 | 9.8 | 0.02 | Sep 13, 2021 | The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary… | ||
| CVE-2021-40870 | Cri | 0.83 | 9.8 | 0.93 | KEV | Sep 13, 2021 | An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | |
| CVE-2021-40866 | Cri | 0.64 | 9.8 | 0.02 | Sep 13, 2021 | Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects… | ||
| CVE-2021-40146 | Cri | 0.64 | 9.8 | 0.06 | Sep 11, 2021 | A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE… | ||
| CVE-2021-38555 | Cri | 0.59 | 9.1 | 0.03 | Sep 11, 2021 | An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an… | ||
| CVE-2021-24040 | — | Cri | 0.61 | 9.8 | 0.17 | Sep 10, 2021 | Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. | |
| CVE-2021-40864 | Cri | 0.00 | 9.8 | 0.02 | Sep 10, 2021 | The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields. | ||
| CVE-2021-37422 | Cri | 0.64 | 9.8 | 0.03 | Sep 10, 2021 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | ||
| CVE-2021-37423 | Cri | 0.64 | 9.8 | 0.03 | Sep 10, 2021 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | ||
| CVE-2021-40373 | Cri | 0.64 | 9.8 | 0.05 | Sep 10, 2021 | playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | ||
| CVE-2021-3645 | — | Cri | 0.57 | 9.8 | 0.01 | Sep 10, 2021 | merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |
| CVE-2021-34346 | Cri | 0.64 | 9.8 | 0.02 | Sep 10, 2021 | A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion:… | ||
| CVE-2021-34345 | Cri | 0.64 | 9.8 | 0.02 | Sep 10, 2021 | A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion:… | ||
| CVE-2021-34344 | Cri | 0.64 | 9.8 | 0.02 | Sep 10, 2021 | A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4… | ||
| CVE-2021-28813 | Cri | 0.62 | 9.6 | 0.01 | Sep 10, 2021 | A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage… | ||
| CVE-2021-32724 | Cri | 0.58 | 9.9 | 0.02 | Sep 9, 2021 | check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can… | ||
| CVE-2021-39296 | Cri | 0.65 | 10.0 | 0.03 | Sep 9, 2021 | In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. | ||
| CVE-2021-28913 | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2021 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH… | ||
| CVE-2021-28911 | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2021 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface.… | ||
| CVE-2021-28909 | Cri | 0.64 | 9.8 | 0.01 | Sep 9, 2021 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an… | ||
| CVE-2020-19267 | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2021 | An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||
| CVE-2021-38727 | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2021 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items | ||
| CVE-2021-38540 | Cri | 0.63 | 9.8 | 0.81 | Sep 9, 2021 | The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code… | ||
| CVE-2021-28494 | Cri | 0.62 | 9.6 | 0.01 | Sep 9, 2021 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior… | ||
| CVE-2021-38408 | Cri | 0.65 | 9.8 | 0.12 | Sep 9, 2021 | A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | ||
| CVE-2021-37579 | — | Cri | 0.64 | 9.8 | 0.07 | Sep 9, 2021 | The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization… | |
| CVE-2021-36161 | — | Cri | 0.64 | 9.8 | 0.02 | Sep 9, 2021 | Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in… | |
| CVE-2021-1946 | Cri | 0.64 | 9.8 | 0.01 | Sep 9, 2021 | Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
- risk 0.64cvss 9.8epss 0.02
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
- risk 0.64cvss 9.8epss 0.01
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
- risk 0.00cvss 9.8epss 0.01
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
- risk 0.93cvss 9.8epss 1.00
Open Management Infrastructure Remote Code Execution Vulnerability
- risk 0.00cvss 9.8epss 0.01
libmobi is vulnerable to Out-of-bounds Write
- risk 0.65cvss 9.9epss 0.02
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note:…
- risk 0.59cvss 9.0epss 0.01
The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low…
- risk 0.59cvss 9.0epss 0.01
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to…
- risk 0.62cvss 9.6epss 0.01
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently…
- risk 0.79cvss 9.9epss 0.35
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with…
- risk 0.64cvss 9.8epss 0.01
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
- risk 0.64cvss 9.8epss 0.01
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.
- risk 0.64cvss 9.8epss 0.01
Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.
- risk 0.62cvss 9.6epss 0.01
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the…
- risk 0.64cvss 9.8epss 0.01
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.
- risk 0.65cvss 10.0epss 0.02
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC…
- risk 0.64cvss 9.8epss 0.02
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port…
- risk 0.65cvss 10.0epss 0.04
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS…
- risk 0.64cvss 9.8epss 0.03
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC…
- risk 0.64cvss 9.8epss 0.02
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.
- risk 0.57cvss 9.8epss 0.01
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- risk 0.73cvss 9.8epss 0.82
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.
- risk 0.64cvss 9.8epss 0.02
The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary…
- risk 0.83cvss 9.8epss 0.93
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
- risk 0.64cvss 9.8epss 0.02
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects…
- risk 0.64cvss 9.8epss 0.06
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE…
- risk 0.59cvss 9.1epss 0.03
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an…
- risk 0.61cvss 9.8epss 0.17
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
- risk 0.00cvss 9.8epss 0.02
The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.
- risk 0.64cvss 9.8epss 0.03
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.
- risk 0.64cvss 9.8epss 0.03
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.
- risk 0.64cvss 9.8epss 0.05
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
- risk 0.57cvss 9.8epss 0.01
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- risk 0.64cvss 9.8epss 0.02
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion:…
- risk 0.64cvss 9.8epss 0.02
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion:…
- risk 0.64cvss 9.8epss 0.02
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4…
- risk 0.62cvss 9.6epss 0.01
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage…
- risk 0.58cvss 9.9epss 0.02
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can…
- risk 0.65cvss 10.0epss 0.03
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.
- risk 0.64cvss 9.8epss 0.02
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH…
- risk 0.64cvss 9.8epss 0.02
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface.…
- risk 0.64cvss 9.8epss 0.01
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an…
- risk 0.64cvss 9.8epss 0.02
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
- risk 0.64cvss 9.8epss 0.02
FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items
- risk 0.63cvss 9.8epss 0.81
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code…
- risk 0.62cvss 9.6epss 0.01
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior…
- risk 0.65cvss 9.8epss 0.12
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
- risk 0.64cvss 9.8epss 0.07
The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization…
- risk 0.64cvss 9.8epss 0.02
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in…
- risk 0.64cvss 9.8epss 0.01
Null Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile