| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-23907 | Cri | 0.00 | 9.8 | 0.03 | Apr 21, 2021 | An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. | ||
| CVE-2020-35314 | Cri | 0.69 | 9.8 | 0.27 | Apr 20, 2021 | A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | ||
| CVE-2020-35313 | Cri | 0.70 | 9.8 | 0.45 | Apr 20, 2021 | A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | ||
| CVE-2021-29459 | Cri | 0.62 | 9.6 | 0.01 | Apr 20, 2021 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their… | ||
| CVE-2021-28827 | Cri | 0.62 | 9.6 | 0.01 | Apr 20, 2021 | The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for… | ||
| CVE-2021-28793 | Cri | 0.00 | 9.8 | 0.02 | Apr 20, 2021 | vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration. | ||
| CVE-2020-27241 | Cri | 0.64 | 9.8 | 0.01 | Apr 19, 2021 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this… | ||
| CVE-2020-27240 | Cri | 0.64 | 9.8 | 0.01 | Apr 19, 2021 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this… | ||
| CVE-2021-20991 | Cri | 0.64 | 9.8 | 0.05 | Apr 19, 2021 | In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. | ||
| CVE-2021-23378 | — | Cri | 0.64 | 9.8 | 0.02 | Apr 18, 2021 | This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |
| CVE-2021-23377 | — | Cri | 0.64 | 9.8 | 0.03 | Apr 18, 2021 | This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |
| CVE-2021-23376 | — | Cri | 0.64 | 9.8 | 0.02 | Apr 18, 2021 | This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |
| CVE-2020-36195 | Cri | 0.64 | 9.8 | 0.02 | Apr 17, 2021 | An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following… | ||
| CVE-2020-2509 | Cri | 0.78 | 9.8 | 0.33 | KEV | Apr 17, 2021 | A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build… | |
| CVE-2021-29451 | Cri | 0.52 | 9.1 | 0.01 | Apr 16, 2021 | Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release. | ||
| CVE-2021-26830 | — | Cri | 0.56 | 9.1 | 0.05 | Apr 16, 2021 | SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. | |
| CVE-2021-31414 | Cri | 0.00 | 9.8 | 0.02 | Apr 16, 2021 | The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. | ||
| CVE-2021-27692 | Cri | 0.64 | 9.8 | 0.03 | Apr 16, 2021 | Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount"… | ||
| CVE-2021-27691 | Cri | 0.66 | 9.8 | 0.25 | Apr 16, 2021 | Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted… | ||
| CVE-2021-27112 | Cri | 0.64 | 9.8 | 0.02 | Apr 15, 2021 | LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. | ||
| CVE-2020-28592 | Cri | 0.64 | 9.8 | 0.03 | Apr 15, 2021 | A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this… | ||
| CVE-2020-27239 | Cri | 0.64 | 9.8 | 0.01 | Apr 15, 2021 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this… | ||
| CVE-2020-27238 | Cri | 0.64 | 9.8 | 0.01 | Apr 15, 2021 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||
| CVE-2020-27237 | Cri | 0.64 | 9.8 | 0.01 | Apr 15, 2021 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP… | ||
| CVE-2021-27850 | Cri | 0.74 | 9.8 | 0.94 | Apr 15, 2021 | A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of… | ||
| CVE-2021-30459 | — | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2021 | A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form. | |
| CVE-2021-27710 | Cri | 0.64 | 9.8 | 0.08 | Apr 14, 2021 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes… | ||
| CVE-2021-27708 | Cri | 0.64 | 9.8 | 0.08 | Apr 14, 2021 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes… | ||
| CVE-2021-27258 | Cri | 0.64 | 9.8 | 0.04 | Apr 14, 2021 | This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results… | ||
| CVE-2021-27707 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2021 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex"… | ||
| CVE-2021-27706 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2021 | Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter… | ||
| CVE-2021-27705 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2021 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without… | ||
| CVE-2021-27130 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2021 | Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. | ||
| CVE-2020-29592 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2021 | An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in… | ||
| CVE-2021-28300 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2021 | NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. | ||
| CVE-2021-27114 | Cri | 0.66 | 9.8 | 0.25 | Apr 14, 2021 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. | ||
| CVE-2021-27113 | Cri | 0.64 | 9.8 | 0.03 | Apr 14, 2021 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | ||
| CVE-2020-19778 | Cri | 0.64 | 9.8 | 0.02 | Apr 14, 2021 | Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request. | ||
| CVE-2021-28797 | Cri | 0.64 | 9.8 | 0.06 | Apr 14, 2021 | A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance… | ||
| CVE-2021-31162 | Cri | 0.00 | 9.8 | 0.03 | Apr 14, 2021 | In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. | ||
| CVE-2021-24028 | Cri | 0.00 | 9.8 | 0.02 | Apr 14, 2021 | An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | ||
| CVE-2019-10881 | Cri | 0.64 | 9.8 | 0.01 | Apr 13, 2021 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. | ||
| CVE-2021-28483 | Cri | 0.59 | 9.0 | 0.01 | Apr 13, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-28481 | Cri | 0.67 | 9.8 | 0.36 | Apr 13, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-28480 | Cri | 0.69 | 9.8 | 0.71 | Apr 13, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2021-21399 | Cri | 0.59 | 9.1 | 0.01 | Apr 13, 2021 | Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For… | ||
| CVE-2021-27602 | Cri | 0.65 | 9.9 | 0.02 | Apr 13, 2021 | SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject… | ||
| CVE-2021-23281 | Cri | 0.65 | 10.0 | 0.02 | Apr 13, 2021 | Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to… | ||
| CVE-2021-0430 | Cri | 0.64 | 9.8 | 0.03 | Apr 13, 2021 | In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-29999 | Cri | 0.64 | 9.8 | 0.02 | Apr 13, 2021 | An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. |
- risk 0.00cvss 9.8epss 0.03
An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution.
- risk 0.69cvss 9.8epss 0.27
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
- risk 0.70cvss 9.8epss 0.45
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
- risk 0.62cvss 9.6epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their…
- risk 0.62cvss 9.6epss 0.01
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for…
- risk 0.00cvss 9.8epss 0.02
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
- risk 0.64cvss 9.8epss 0.01
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this…
- risk 0.64cvss 9.8epss 0.01
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this…
- risk 0.64cvss 9.8epss 0.05
In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.
- risk 0.64cvss 9.8epss 0.02
This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
- risk 0.64cvss 9.8epss 0.03
This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
- risk 0.64cvss 9.8epss 0.02
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
- risk 0.64cvss 9.8epss 0.02
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following…
- risk 0.78cvss 9.8epss 0.33
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build…
- risk 0.52cvss 9.1epss 0.01
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
- risk 0.56cvss 9.1epss 0.05
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
- risk 0.00cvss 9.8epss 0.02
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
- risk 0.64cvss 9.8epss 0.03
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount"…
- risk 0.66cvss 9.8epss 0.25
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted…
- risk 0.64cvss 9.8epss 0.02
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.
- risk 0.64cvss 9.8epss 0.03
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this…
- risk 0.64cvss 9.8epss 0.01
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this…
- risk 0.64cvss 9.8epss 0.01
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
- risk 0.64cvss 9.8epss 0.01
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP…
- risk 0.74cvss 9.8epss 0.94
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of…
- risk 0.64cvss 9.8epss 0.02
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
- risk 0.64cvss 9.8epss 0.08
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…
- risk 0.64cvss 9.8epss 0.08
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results…
- risk 0.64cvss 9.8epss 0.03
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex"…
- risk 0.64cvss 9.8epss 0.03
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter…
- risk 0.64cvss 9.8epss 0.03
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without…
- risk 0.64cvss 9.8epss 0.02
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in…
- risk 0.64cvss 9.8epss 0.02
NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.
- risk 0.66cvss 9.8epss 0.25
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
- risk 0.64cvss 9.8epss 0.02
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.
- risk 0.64cvss 9.8epss 0.06
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance…
- risk 0.00cvss 9.8epss 0.03
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
- risk 0.00cvss 9.8epss 0.02
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
- risk 0.64cvss 9.8epss 0.01
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
- risk 0.59cvss 9.0epss 0.01
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.67cvss 9.8epss 0.36
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.69cvss 9.8epss 0.71
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.59cvss 9.1epss 0.01
Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For…
- risk 0.65cvss 9.9epss 0.02
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject…
- risk 0.65cvss 10.0epss 0.02
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to…
- risk 0.64cvss 9.8epss 0.03
In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.