| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9356 | Cri | 0.64 | 9.8 | 0.03 | Nov 6, 2018 | In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0… | ||
| CVE-2018-9355 | Cri | 0.64 | 9.8 | 0.03 | Nov 6, 2018 | In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | ||
| CVE-2018-18963 | Cri | 0.64 | 9.8 | 0.02 | Nov 6, 2018 | Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. | ||
| CVE-2018-18957 | Cri | 0.68 | 9.8 | 0.12 | Nov 5, 2018 | An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | ||
| CVE-2018-9208 | Cri | 0.64 | 9.8 | 0.03 | Nov 5, 2018 | Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta | ||
| CVE-2018-18949 | Cri | 0.66 | 9.8 | 0.24 | Nov 5, 2018 | Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. | ||
| CVE-2018-18934 | Cri | 0.64 | 9.8 | 0.01 | Nov 5, 2018 | An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be… | ||
| CVE-2018-18933 | Cri | 0.59 | 9.1 | 0.03 | Nov 5, 2018 | The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL… | ||
| CVE-2018-18928 | Cri | 0.00 | 9.8 | 0.03 | Nov 4, 2018 | International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. | ||
| CVE-2018-18926 | — | Cri | 0.57 | 9.8 | 0.03 | Nov 4, 2018 | Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron. | |
| CVE-2018-18925 | Cri | 0.66 | 9.8 | 0.32 | Nov 4, 2018 | Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. | ||
| CVE-2018-18903 | Cri | 0.64 | 9.8 | 0.05 | Nov 3, 2018 | Vanilla 2.6.x before 2.6.4 allows remote code execution. | ||
| CVE-2018-15762 | Cri | 0.59 | 9.0 | 0.01 | Nov 2, 2018 | Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may… | ||
| CVE-2018-3934 | Cri | 0.64 | 9.8 | 0.03 | Nov 2, 2018 | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of… | ||
| CVE-2018-17922 | Cri | 0.64 | 9.8 | 0.03 | Nov 2, 2018 | Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | ||
| CVE-2018-17918 | Cri | 0.64 | 9.8 | 0.04 | Nov 2, 2018 | Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | ||
| CVE-2018-17916 | Cri | 0.64 | 9.8 | 0.04 | Nov 2, 2018 | InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related… | ||
| CVE-2018-17914 | Cri | 0.64 | 9.8 | 0.05 | Nov 2, 2018 | InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or… | ||
| CVE-2018-6908 | Cri | 0.64 | 9.8 | 0.02 | Nov 1, 2018 | An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as… | ||
| CVE-2018-6012 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2018 | The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. | ||
| CVE-2018-18892 | Cri | 0.64 | 9.8 | 0.03 | Nov 1, 2018 | MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | ||
| CVE-2018-18888 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2018 | An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. | ||
| CVE-2018-18887 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2018 | S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | ||
| CVE-2018-16840 | Cri | 0.00 | 9.8 | 0.03 | Oct 31, 2018 | A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and… | ||
| CVE-2018-18874 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2018 | nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. | ||
| CVE-2018-18869 | Cri | 0.64 | 9.8 | 0.04 | Oct 31, 2018 | EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. | ||
| CVE-2018-8858 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 30, 2018 | If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials. | |
| CVE-2018-16462 | — | Cri | 0.66 | 10.0 | 0.07 | Oct 30, 2018 | A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. | |
| CVE-2018-16461 | — | Cri | 0.64 | 9.8 | 0.04 | Oct 30, 2018 | A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. | |
| CVE-2017-8931 | Cri | 0.64 | 9.8 | 0.02 | Oct 30, 2018 | Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. | ||
| CVE-2018-14558 | Cri | 0.76 | 9.8 | 0.09 | KEV | Oct 30, 2018 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute… | |
| CVE-2018-18835 | Cri | 0.64 | 9.8 | 0.02 | Oct 30, 2018 | upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. | ||
| CVE-2018-18834 | Cri | 0.64 | 9.8 | 0.02 | Oct 30, 2018 | An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | ||
| CVE-2018-18832 | Cri | 0.64 | 9.8 | 0.01 | Oct 30, 2018 | admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. | ||
| CVE-2018-18830 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 30, 2018 | An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename,… | |
| CVE-2018-18822 | Cri | 0.64 | 9.8 | 0.02 | Oct 30, 2018 | Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter. | ||
| CVE-2018-18792 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | ||
| CVE-2018-18791 | Cri | 0.64 | 9.8 | 0.02 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | ||
| CVE-2018-18789 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | ||
| CVE-2018-18787 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | ||
| CVE-2018-18786 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | ||
| CVE-2018-18785 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | ||
| CVE-2018-18765 | Cri | 0.59 | 9.1 | 0.02 | Oct 29, 2018 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory… | ||
| CVE-2018-18764 | Cri | 0.59 | 9.1 | 0.02 | Oct 29, 2018 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory… | ||
| CVE-2018-18754 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2018 | ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. | ||
| CVE-2018-18753 | Cri | 0.64 | 9.8 | 0.03 | Oct 29, 2018 | Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | ||
| CVE-2018-18752 | Cri | 0.64 | 9.8 | 0.02 | Oct 29, 2018 | Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter. | ||
| CVE-2018-18751 | Cri | 0.64 | 9.8 | 0.04 | Oct 29, 2018 | An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. | ||
| CVE-2018-18748 | Cri | 0.65 | 10.0 | 0.02 | Oct 29, 2018 | Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality | ||
| CVE-2018-18729 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2018 | An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the… |
- risk 0.64cvss 9.8epss 0.03
In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0…
- risk 0.64cvss 9.8epss 0.03
In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- risk 0.64cvss 9.8epss 0.02
Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI.
- risk 0.68cvss 9.8epss 0.12
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
- risk 0.64cvss 9.8epss 0.03
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
- risk 0.66cvss 9.8epss 0.24
Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be…
- risk 0.59cvss 9.1epss 0.03
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL…
- risk 0.00cvss 9.8epss 0.03
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
- risk 0.57cvss 9.8epss 0.03
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.
- risk 0.66cvss 9.8epss 0.32
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
- risk 0.64cvss 9.8epss 0.05
Vanilla 2.6.x before 2.6.4 allows remote code execution.
- risk 0.59cvss 9.0epss 0.01
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may…
- risk 0.64cvss 9.8epss 0.03
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of…
- risk 0.64cvss 9.8epss 0.03
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.
- risk 0.64cvss 9.8epss 0.04
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.
- risk 0.64cvss 9.8epss 0.04
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related…
- risk 0.64cvss 9.8epss 0.05
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or…
- risk 0.64cvss 9.8epss 0.02
An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as…
- risk 0.64cvss 9.8epss 0.01
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.
- risk 0.64cvss 9.8epss 0.03
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.
- risk 0.64cvss 9.8epss 0.01
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
- risk 0.00cvss 9.8epss 0.03
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and…
- risk 0.64cvss 9.8epss 0.02
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
- risk 0.64cvss 9.8epss 0.04
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
- risk 0.64cvss 9.8epss 0.01
If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.
- risk 0.66cvss 10.0epss 0.07
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
- risk 0.64cvss 9.8epss 0.04
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.
- risk 0.64cvss 9.8epss 0.02
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
- risk 0.76cvss 9.8epss 0.09
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute…
- risk 0.64cvss 9.8epss 0.02
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
- risk 0.64cvss 9.8epss 0.02
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.
- risk 0.64cvss 9.8epss 0.01
admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename,…
- risk 0.64cvss 9.8epss 0.02
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
- risk 0.59cvss 9.1epss 0.02
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory…
- risk 0.59cvss 9.1epss 0.02
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory…
- risk 0.64cvss 9.8epss 0.01
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
- risk 0.64cvss 9.8epss 0.03
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
- risk 0.64cvss 9.8epss 0.02
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
- risk 0.65cvss 10.0epss 0.02
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality
- risk 0.64cvss 9.8epss 0.01
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the…