| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26688 | Cri | 0.64 | 9.8 | 0.00 | Feb 4, 2021 | An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021). | ||
| CVE-2021-26687 | Cri | 0.64 | 9.8 | 0.01 | Feb 4, 2021 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021). | ||
| CVE-2021-20016 | Cri | 0.85 | 9.8 | 0.40 | KEV | Feb 4, 2021 | A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. | |
| CVE-2021-3401 | Cri | 0.01 | 9.8 | 0.10 | Feb 4, 2021 | Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser.… | ||
| CVE-2021-25274 | Cri | 0.67 | 9.8 | 0.36 | Feb 3, 2021 | The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process.… | ||
| CVE-2020-17523 | — | Cri | 0.07 | 9.8 | 0.86 | Feb 3, 2021 | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. | |
| CVE-2021-25770 | Cri | 0.64 | 9.8 | 0.03 | Feb 3, 2021 | In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | ||
| CVE-2020-35481 | Cri | 0.64 | 9.8 | 0.01 | Feb 3, 2021 | SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. | ||
| CVE-2020-2507 | Cri | 0.64 | 9.8 | 0.03 | Feb 3, 2021 | The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | ||
| CVE-2020-28653 | Cri | 0.73 | 9.8 | 0.79 | Feb 3, 2021 | Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | ||
| CVE-2020-29165 | Cri | 0.64 | 9.8 | 0.02 | Feb 3, 2021 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges. | ||
| CVE-2020-28144 | Cri | 0.64 | 9.8 | 0.02 | Feb 3, 2021 | Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote… | ||
| CVE-2021-25912 | — | Cri | 0.57 | 9.8 | 0.03 | Feb 2, 2021 | Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-7775 | — | Cri | 0.64 | 9.8 | 0.01 | Feb 2, 2021 | This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | |
| CVE-2020-15097 | Cri | 0.00 | 9.1 | 0.02 | Feb 2, 2021 | loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal… | ||
| CVE-2020-18568 | Cri | 0.65 | 9.8 | 0.15 | Feb 2, 2021 | The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. | ||
| CVE-2020-25506 | Cri | 0.84 | 9.8 | 1.00 | KEV | Feb 2, 2021 | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | |
| CVE-2020-1896 | Cri | 0.00 | 9.8 | 0.02 | Feb 2, 2021 | A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted… | ||
| CVE-2021-3378 | Cri | 0.75 | 9.8 | 0.98 | Feb 1, 2021 | FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. | ||
| CVE-2019-20468 | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2021 | An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. | ||
| CVE-2020-21180 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | ||
| CVE-2020-21179 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | ||
| CVE-2020-21176 | — | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter. | |
| CVE-2020-20296 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | ||
| CVE-2020-20295 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. | ||
| CVE-2020-20294 | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2021 | An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | ||
| CVE-2020-20289 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability. | ||
| CVE-2020-20287 | Cri | 0.64 | 9.8 | 0.03 | Feb 1, 2021 | Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution. | ||
| CVE-2021-23330 | — | Cri | 0.00 | 9.8 | 0.05 | Feb 1, 2021 | All versions of package launchpad are vulnerable to Command Injection via stop. | |
| CVE-2021-21276 | Cri | 0.04 | 9.3 | 0.07 | Feb 1, 2021 | Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an… | ||
| CVE-2020-36109 | Cri | 0.64 | 9.8 | 0.04 | Feb 1, 2021 | ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data. | ||
| CVE-2020-28194 | Cri | 0.00 | 9.8 | 0.03 | Feb 1, 2021 | Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution. | ||
| CVE-2020-26547 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver… | ||
| CVE-2020-15836 | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2021 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root. | ||
| CVE-2020-15835 | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2021 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely… | ||
| CVE-2020-15833 | Cri | 0.64 | 9.8 | 0.02 | Feb 1, 2021 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner. | ||
| CVE-2020-13859 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard… | ||
| CVE-2020-13858 | Cri | 0.64 | 9.8 | 0.01 | Feb 1, 2021 | An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. | ||
| CVE-2020-15690 | Cri | 0.64 | 9.8 | 0.03 | Jan 30, 2021 | In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | ||
| CVE-2020-15568 | Cri | 0.66 | 9.8 | 0.28 | Jan 30, 2021 | TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the… | ||
| CVE-2020-29557 | Cri | 0.80 | 9.8 | 0.54 | KEV | Jan 29, 2021 | An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | |
| CVE-2021-3346 | Cri | 0.64 | 9.8 | 0.02 | Jan 29, 2021 | Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. | ||
| CVE-2020-35547 | Cri | 0.59 | 9.1 | 0.01 | Jan 29, 2021 | A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. | ||
| CVE-2021-26305 | — | Cri | 0.57 | 9.8 | 0.02 | Jan 29, 2021 | An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. | |
| CVE-2021-3160 | Cri | 0.64 | 9.8 | 0.05 | Jan 28, 2021 | Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code… | ||
| CVE-2020-4682 | Cri | 0.64 | 9.8 | 0.08 | Jan 28, 2021 | IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. | ||
| CVE-2020-35124 | — | Cri | 0.56 | 9.6 | 0.02 | Jan 28, 2021 | A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads. | |
| CVE-2020-25785 | Cri | 0.64 | 9.8 | 0.02 | Jan 28, 2021 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure. | ||
| CVE-2020-25784 | Cri | 0.64 | 9.8 | 0.02 | Jan 28, 2021 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling. | ||
| CVE-2020-25783 | Cri | 0.64 | 9.8 | 0.02 | Jan 28, 2021 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling. |
- risk 0.64cvss 9.8epss 0.00
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).
- risk 0.85cvss 9.8epss 0.40
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
- risk 0.01cvss 9.8epss 0.10
Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser.…
- risk 0.67cvss 9.8epss 0.36
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process.…
- risk 0.07cvss 9.8epss 0.86
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
- risk 0.64cvss 9.8epss 0.03
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
- risk 0.64cvss 9.8epss 0.01
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
- risk 0.64cvss 9.8epss 0.03
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
- risk 0.73cvss 9.8epss 0.79
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
- risk 0.64cvss 9.8epss 0.02
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
- risk 0.64cvss 9.8epss 0.02
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote…
- risk 0.57cvss 9.8epss 0.03
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.01
This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.
- risk 0.00cvss 9.1epss 0.02
loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal…
- risk 0.65cvss 9.8epss 0.15
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
- risk 0.84cvss 9.8epss 1.00
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.
- risk 0.00cvss 9.8epss 0.02
A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted…
- risk 0.75cvss 9.8epss 0.98
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
- risk 0.64cvss 9.8epss 0.01
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.
- risk 0.64cvss 9.8epss 0.01
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
- risk 0.64cvss 9.8epss 0.01
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
- risk 0.64cvss 9.8epss 0.01
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
- risk 0.64cvss 9.8epss 0.02
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
- risk 0.64cvss 9.8epss 0.01
Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.
- risk 0.64cvss 9.8epss 0.03
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.
- risk 0.00cvss 9.8epss 0.05
All versions of package launchpad are vulnerable to Command Injection via stop.
- risk 0.04cvss 9.3epss 0.07
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an…
- risk 0.64cvss 9.8epss 0.04
ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.
- risk 0.00cvss 9.8epss 0.03
Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations.
- risk 0.64cvss 9.8epss 0.03
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
- risk 0.66cvss 9.8epss 0.28
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the…
- risk 0.80cvss 9.8epss 0.54
An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.
- risk 0.64cvss 9.8epss 0.02
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.
- risk 0.59cvss 9.1epss 0.01
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.
- risk 0.57cvss 9.8epss 0.02
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
- risk 0.64cvss 9.8epss 0.05
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code…
- risk 0.64cvss 9.8epss 0.08
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
- risk 0.56cvss 9.6epss 0.02
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.