| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3616 | Cri | 0.61 | 9.4 | 0.01 | Aug 17, 2021 | A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651. | ||
| CVE-2021-32829 | Cri | 0.63 | 9.6 | 0.03 | Aug 17, 2021 | ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass… | ||
| CVE-2021-22931 | Cri | 0.65 | 9.8 | 0.22 | Aug 16, 2021 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain… | ||
| CVE-2020-18705 | — | Cri | 0.64 | 9.8 | 0.03 | Aug 16, 2021 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | |
| CVE-2020-18704 | — | Cri | 0.64 | 9.8 | 0.03 | Aug 16, 2021 | Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | |
| CVE-2020-18703 | — | Cri | 0.64 | 9.8 | 0.03 | Aug 16, 2021 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | |
| CVE-2020-18701 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2021 | Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | ||
| CVE-2020-18698 | — | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2021 | Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | |
| CVE-2021-38754 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2021 | SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php. | ||
| CVE-2021-38753 | Cri | 0.64 | 9.8 | 0.01 | Aug 16, 2021 | An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. | ||
| CVE-2021-35395 | Cri | 0.84 | 9.8 | 0.98 | KEV | Aug 16, 2021 | Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both… | |
| CVE-2021-35394 | Cri | 0.84 | 9.8 | 1.00 | KEV | Aug 16, 2021 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be… | |
| CVE-2021-35393 | Cri | 0.69 | 9.8 | 0.70 | Aug 16, 2021 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability… | ||
| CVE-2021-24527 | Cri | 0.64 | 9.8 | 0.08 | Aug 16, 2021 | The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not… | ||
| CVE-2021-25955 | Cri | 0.52 | 9.0 | 0.01 | Aug 15, 2021 | In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are… | ||
| CVE-2021-37705 | Cri | 0.58 | 10.0 | 0.02 | Aug 13, 2021 | OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To… | ||
| CVE-2021-21830 | Cri | 0.64 | 9.8 | 0.02 | Aug 13, 2021 | A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||
| CVE-2021-21829 | Cri | 0.64 | 9.8 | 0.03 | Aug 13, 2021 | A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this… | ||
| CVE-2021-38302 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 13, 2021 | The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. | |
| CVE-2021-36789 | Cri | 0.64 | 9.8 | 0.01 | Aug 13, 2021 | The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. | ||
| CVE-2021-34823 | — | Cri | 0.59 | 9.1 | 0.02 | Aug 13, 2021 | The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP… | |
| CVE-2020-18758 | Cri | 0.64 | 9.8 | 0.03 | Aug 13, 2021 | An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. | ||
| CVE-2020-18753 | Cri | 0.64 | 9.8 | 0.01 | Aug 13, 2021 | An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. | ||
| CVE-2021-3352 | Cri | 0.59 | 9.1 | 0.01 | Aug 13, 2021 | The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | ||
| CVE-2021-36380 | Cri | 0.84 | 9.8 | 0.98 | KEV | Aug 13, 2021 | Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi. | |
| CVE-2021-32071 | Cri | 0.64 | 9.8 | 0.01 | Aug 13, 2021 | The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users. | ||
| CVE-2021-1104 | Cri | 0.64 | 9.8 | 0.02 | Aug 13, 2021 | The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering… | ||
| CVE-2021-38621 | Cri | 0.00 | 9.1 | 0.01 | Aug 13, 2021 | The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. | ||
| CVE-2021-27741 | Cri | 0.59 | 9.1 | 0.01 | Aug 13, 2021 | " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | ||
| CVE-2021-37353 | Cri | 0.64 | 9.8 | 0.03 | Aug 13, 2021 | Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | ||
| CVE-2021-37350 | Cri | 0.70 | 9.8 | 0.79 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | ||
| CVE-2021-37346 | Cri | 0.70 | 9.8 | 0.74 | Aug 13, 2021 | Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). | ||
| CVE-2021-37344 | Cri | 0.71 | 9.8 | 0.97 | Aug 13, 2021 | Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). | ||
| CVE-2021-37678 | Cri | 0.53 | 9.3 | 0.00 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo… | ||
| CVE-2021-31698 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2021 | Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | ||
| CVE-2021-31556 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2021 | An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob. | ||
| CVE-2021-29377 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2021 | Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt. | ||
| CVE-2021-28890 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 12, 2021 | J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements. | |
| CVE-2021-28121 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2021 | Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. | ||
| CVE-2020-36363 | Cri | 0.64 | 9.8 | 0.01 | Aug 12, 2021 | Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers. | ||
| CVE-2021-37599 | Cri | 0.64 | 9.8 | 0.03 | Aug 12, 2021 | The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter. | ||
| CVE-2021-33199 | Cri | 0.64 | 9.8 | 0.01 | Aug 12, 2021 | In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. | ||
| CVE-2021-26432 | Cri | 0.65 | 9.8 | 0.10 | Aug 12, 2021 | Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | ||
| CVE-2021-26424 | Cri | 0.69 | 9.9 | 0.59 | Aug 12, 2021 | Windows TCP/IP Remote Code Execution Vulnerability | ||
| CVE-2021-38606 | Cri | 0.00 | 9.8 | 0.01 | Aug 12, 2021 | reNgine through 0.5 relies on a predictable directory name. | ||
| CVE-2021-20509 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2021 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. | ||
| CVE-2021-20314 | Cri | 0.64 | 9.8 | 0.03 | Aug 12, 2021 | Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. | ||
| CVE-2020-20979 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2021 | An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. | ||
| CVE-2020-20975 | Cri | 0.64 | 9.8 | 0.01 | Aug 12, 2021 | In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter. | ||
| CVE-2020-28165 | Cri | 0.64 | 9.8 | 0.01 | Aug 12, 2021 | The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. |
- risk 0.61cvss 9.4epss 0.01
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.
- risk 0.63cvss 9.6epss 0.03
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass…
- risk 0.65cvss 9.8epss 0.22
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain…
- risk 0.64cvss 9.8epss 0.03
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.
- risk 0.64cvss 9.8epss 0.03
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'.
- risk 0.64cvss 9.8epss 0.03
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'.
- risk 0.64cvss 9.8epss 0.02
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
- risk 0.64cvss 9.8epss 0.02
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
- risk 0.64cvss 9.8epss 0.01
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.
- risk 0.84cvss 9.8epss 0.98
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both…
- risk 0.84cvss 9.8epss 1.00
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be…
- risk 0.69cvss 9.8epss 0.70
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability…
- risk 0.64cvss 9.8epss 0.08
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not…
- risk 0.52cvss 9.0epss 0.01
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are…
- risk 0.58cvss 10.0epss 0.02
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To…
- risk 0.64cvss 9.8epss 0.02
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
- risk 0.64cvss 9.8epss 0.03
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this…
- risk 0.64cvss 9.8epss 0.01
The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.
- risk 0.64cvss 9.8epss 0.01
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection.
- risk 0.59cvss 9.1epss 0.02
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP…
- risk 0.64cvss 9.8epss 0.03
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
- risk 0.59cvss 9.1epss 0.01
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens.
- risk 0.84cvss 9.8epss 0.98
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.
- risk 0.64cvss 9.8epss 0.01
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users.
- risk 0.64cvss 9.8epss 0.02
The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering…
- risk 0.00cvss 9.1epss 0.01
The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.
- risk 0.59cvss 9.1epss 0.01
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
- risk 0.64cvss 9.8epss 0.03
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
- risk 0.70cvss 9.8epss 0.79
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
- risk 0.70cvss 9.8epss 0.74
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
- risk 0.71cvss 9.8epss 0.97
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
- risk 0.53cvss 9.3epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo…
- risk 0.64cvss 9.8epss 0.02
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.
- risk 0.64cvss 9.8epss 0.02
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
- risk 0.64cvss 9.8epss 0.01
J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.
- risk 0.64cvss 9.8epss 0.02
Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.
- risk 0.64cvss 9.8epss 0.01
Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, which some entities consider to be weak ciphers.
- risk 0.64cvss 9.8epss 0.03
The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter.
- risk 0.64cvss 9.8epss 0.01
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
- risk 0.65cvss 9.8epss 0.10
Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
- risk 0.69cvss 9.9epss 0.59
Windows TCP/IP Remote Code Execution Vulnerability
- risk 0.00cvss 9.8epss 0.01
reNgine through 0.5 relies on a predictable directory name.
- risk 0.64cvss 9.8epss 0.02
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.
- risk 0.64cvss 9.8epss 0.03
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
- risk 0.64cvss 9.8epss 0.02
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
- risk 0.64cvss 9.8epss 0.01
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.