| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22354 | Cri | 0.59 | 9.1 | 0.01 | Jun 30, 2021 | There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. | ||
| CVE-2021-35973 | Cri | 0.64 | 9.8 | 0.03 | Jun 30, 2021 | NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This… | ||
| CVE-2021-35971 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2021 | Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting. | ||
| CVE-2021-22373 | Cri | 0.59 | 9.1 | 0.01 | Jun 30, 2021 | There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. | ||
| CVE-2021-22323 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2021 | There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. | ||
| CVE-2021-22380 | Cri | 0.59 | 9.1 | 0.01 | Jun 30, 2021 | There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability. | ||
| CVE-2021-22375 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2021 | There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. | ||
| CVE-2021-27903 | — | Cri | 0.57 | 9.8 | 0.03 | Jun 30, 2021 | An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). | |
| CVE-2021-30648 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2021 | The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the… | ||
| CVE-2019-18906 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2021 | A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5… | ||
| CVE-2021-35474 | Cri | 0.64 | 9.8 | 0.03 | Jun 30, 2021 | Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | ||
| CVE-2021-35958 | Cri | 0.59 | 9.1 | 0.02 | Jun 30, 2021 | TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives | ||
| CVE-2021-29485 | Cri | 0.65 | 9.9 | 0.02 | Jun 29, 2021 | Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use… | ||
| CVE-2021-32992 | Cri | 0.64 | 9.8 | 0.02 | Jun 29, 2021 | FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code. | ||
| CVE-2021-32990 | Cri | 0.64 | 9.8 | 0.02 | Jun 29, 2021 | FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | ||
| CVE-2021-32988 | Cri | 0.64 | 9.8 | 0.02 | Jun 29, 2021 | FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | ||
| CVE-2021-31531 | Cri | 0.64 | 9.8 | 0.02 | Jun 29, 2021 | Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). | ||
| CVE-2020-7869 | Cri | 0.59 | 9.0 | 0.02 | Jun 29, 2021 | An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK… | ||
| CVE-2020-7868 | Cri | 0.63 | 9.6 | 0.03 | Jun 29, 2021 | A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login. | ||
| CVE-2020-23711 | Cri | 0.64 | 9.8 | 0.01 | Jun 28, 2021 | SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. | ||
| CVE-2021-34187 | Cri | 0.01 | 9.8 | 0.16 | Jun 28, 2021 | main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. | ||
| CVE-2021-35456 | Cri | 0.64 | 9.8 | 0.02 | Jun 28, 2021 | Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload | ||
| CVE-2021-31337 | Cri | 0.64 | 9.8 | 0.02 | Jun 28, 2021 | The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage… | ||
| CVE-2021-35514 | — | Cri | 0.57 | 9.8 | 0.01 | Jun 28, 2021 | Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. | |
| CVE-2021-35502 | Cri | 0.64 | 9.8 | 0.01 | Jun 25, 2021 | app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. | ||
| CVE-2021-34427 | Cri | 0.68 | 9.8 | 0.58 | Jun 25, 2021 | In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | ||
| CVE-2021-34074 | Cri | 0.64 | 9.8 | 0.07 | Jun 25, 2021 | PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | ||
| CVE-2021-34184 | Cri | 0.64 | 9.8 | 0.01 | Jun 25, 2021 | Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. | ||
| CVE-2021-35049 | Cri | 0.65 | 9.9 | 0.05 | Jun 25, 2021 | Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an… | ||
| CVE-2021-35048 | Cri | 0.64 | 9.8 | 0.01 | Jun 25, 2021 | Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and… | ||
| CVE-2021-35047 | Cri | 0.64 | 9.9 | 0.02 | Jun 25, 2021 | Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis… | ||
| CVE-2021-28958 | Cri | 0.70 | 9.8 | 0.73 | Jun 25, 2021 | Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | ||
| CVE-2021-32711 | — | Cri | 0.52 | 9.1 | 0.01 | Jun 24, 2021 | Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected… | |
| CVE-2020-17752 | Cri | 0.64 | 9.8 | 0.02 | Jun 24, 2021 | Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON). | ||
| CVE-2021-32708 | Cri | 0.57 | 9.8 | 0.03 | Jun 24, 2021 | Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is… | ||
| CVE-2020-18667 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2021 | SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. | ||
| CVE-2021-33346 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2021 | There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. | ||
| CVE-2021-31649 | — | Cri | 0.64 | 9.8 | 0.02 | Jun 24, 2021 | In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute | |
| CVE-2020-21786 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2021 | In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. | ||
| CVE-2020-21784 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2021 | phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | ||
| CVE-2020-18662 | Cri | 0.67 | 9.8 | 0.05 | Jun 24, 2021 | SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. | ||
| CVE-2020-21787 | Cri | 0.64 | 9.8 | 0.02 | Jun 24, 2021 | CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | ||
| CVE-2021-29954 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2021 | Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255. | ||
| CVE-2021-21809 | — | Cri | 0.64 | 9.1 | 0.24 | Jun 23, 2021 | A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities. | |
| CVE-2020-20392 | Cri | 0.64 | 9.8 | 0.01 | Jun 23, 2021 | SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. | ||
| CVE-2021-21998 | Cri | 0.65 | 9.8 | 0.11 | Jun 23, 2021 | VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without… | ||
| CVE-2021-27649 | Cri | 0.64 | 9.8 | 0.02 | Jun 23, 2021 | Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2021-32700 | Cri | 0.00 | 9.1 | 0.01 | Jun 22, 2021 | Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate… | ||
| CVE-2021-3044 | Cri | 0.64 | 9.8 | 0.01 | Jun 22, 2021 | An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than… | ||
| CVE-2021-20736 | Cri | 0.59 | 9.1 | 0.01 | Jun 22, 2021 | NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors. |
- risk 0.59cvss 9.1epss 0.01
There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.
- risk 0.64cvss 9.8epss 0.03
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This…
- risk 0.64cvss 9.8epss 0.01
Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.
- risk 0.59cvss 9.1epss 0.01
There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability.
- risk 0.64cvss 9.8epss 0.01
There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
- risk 0.59cvss 9.1epss 0.01
There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.
- risk 0.64cvss 9.8epss 0.01
There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity.
- risk 0.57cvss 9.8epss 0.03
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
- risk 0.64cvss 9.8epss 0.01
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the…
- risk 0.64cvss 9.8epss 0.01
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5…
- risk 0.64cvss 9.8epss 0.03
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
- risk 0.59cvss 9.1epss 0.02
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives
- risk 0.65cvss 9.9epss 0.02
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use…
- risk 0.64cvss 9.8epss 0.02
FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
- risk 0.59cvss 9.0epss 0.02
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK…
- risk 0.63cvss 9.6epss 0.03
A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
- risk 0.01cvss 9.8epss 0.16
main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.
- risk 0.64cvss 9.8epss 0.02
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload
- risk 0.64cvss 9.8epss 0.02
The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage…
- risk 0.57cvss 9.8epss 0.01
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
- risk 0.64cvss 9.8epss 0.01
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.
- risk 0.68cvss 9.8epss 0.58
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
- risk 0.64cvss 9.8epss 0.07
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
- risk 0.64cvss 9.8epss 0.01
Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.
- risk 0.65cvss 9.9epss 0.05
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an…
- risk 0.64cvss 9.8epss 0.01
Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and…
- risk 0.64cvss 9.9epss 0.02
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis…
- risk 0.70cvss 9.8epss 0.73
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.
- risk 0.52cvss 9.1epss 0.01
Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected…
- risk 0.64cvss 9.8epss 0.02
Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).
- risk 0.57cvss 9.8epss 0.03
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is…
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.
- risk 0.64cvss 9.8epss 0.01
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.
- risk 0.64cvss 9.8epss 0.02
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
- risk 0.64cvss 9.8epss 0.01
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.
- risk 0.64cvss 9.8epss 0.01
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.
- risk 0.67cvss 9.8epss 0.05
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
- risk 0.64cvss 9.8epss 0.02
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
- risk 0.64cvss 9.8epss 0.01
Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.
- risk 0.64cvss 9.1epss 0.24
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
- risk 0.65cvss 9.8epss 0.11
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without…
- risk 0.64cvss 9.8epss 0.02
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.00cvss 9.1epss 0.01
Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate…
- risk 0.64cvss 9.8epss 0.01
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than…
- risk 0.59cvss 9.1epss 0.01
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.