Critical Vulnerabilities
SOCRadar, the Extended Cyber Threat Intelligence (XTI) platform, provides vulnerability intelligence for the security operations team, who can search for recent critical vulnerabilities exploited in the wild by the threat actors. SOCRadar also provides an External Attack Surface Management suite that helps cybersecurity teams to identify vulnerable assets in their internet-facing network. We select and display critical vulnerabilities below that are popular in the hacker community.
Get free access to SOCRadar XTI to start using vulnerability intelligence now.
2024
2023
2022
2021
October
September
August
July
June
May
April
March
February
January
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Linear eMerge e3-Series forgot_password os command injection | 9.8 | 10/2/2024 | Linear | Link | ||
| Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write | 7.9 | 10/2/2024 | Cisco | Link | ||
| Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write | 7.9 | 10/2/2024 | Cisco | Link | ||
| Cisco Meraki MX/Meraki Z AnyConnect VPN Server double free | 7.9 | 10/2/2024 | Cisco | Link | ||
| Cisco RV340/RV340W/RV345/RV345P Web-based Management Interface improper authorization | 8.6 | 10/2/2024 | Cisco | Link | ||
| Cisco Data Center Network Manager Nexus Dashboard path traversal | 8.6 | 10/2/2024 | Cisco | Link | ||
| Cisco Data Center Network Manager Nexus Dashboard Fabric Controller command injection | 9.1 | 10/2/2024 | Cisco | Link | ||
| Zimbra Collaboration Suite postjournal Service improper authentication | 9.7 | 10/3/2024 | Zimbra | Link | ||
| HP One Agent Software untrusted search path | 8 | 10/3/2024 | HP | Link | ||
| Elsight Halo os command injection | 9.6 | 10/6/2024 | Elsight | Link | ||
| Elsight Halo os command injection | 9.6 | 10/6/2024 | Elsight | Link | ||
| Qualcomm Snapdragon Auto HLOS use after free | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto User Packet use after free | 7.9 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Wired Infrastructure and Networking Log File memory corruption | 9.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Compute/Snapdragon Industrial IOT Camera Driver memory corruption | 7.9 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto ML IE buffer over-read | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Response Buffer memory corruption | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto IOCTL Call untrusted pointer dereference | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Beacon buffer over-read | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Remote Desktop Client use after free | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Azure CLI/Azure Service Connector command injection | 7.6 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.9 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Management Console neutralization | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Progress Telerik Reporting externally-controlled input to select classes or code | 7.6 | 10/9/2024 | Progress | Link |
Vulnerability
Linear eMerge e3-Series forgot_password os command injection
CVSSv3
9.8
Release Date
10/2/2024
Products
Linear
References
Link
Vulnerability
Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write
CVSSv3
7.9
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write
CVSSv3
7.9
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Meraki MX/Meraki Z AnyConnect VPN Server double free
CVSSv3
7.9
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco RV340/RV340W/RV345/RV345P Web-based Management Interface improper authorization
CVSSv3
8.6
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Data Center Network Manager Nexus Dashboard path traversal
CVSSv3
8.6
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Data Center Network Manager Nexus Dashboard Fabric Controller command injection
CVSSv3
9.1
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Zimbra Collaboration Suite postjournal Service improper authentication
CVSSv3
9.7
Release Date
10/3/2024
Products
Zimbra
References
Link
Vulnerability
HP One Agent Software untrusted search path
CVSSv3
8
Release Date
10/3/2024
Products
HP
References
Link
Vulnerability
Elsight Halo os command injection
CVSSv3
9.6
Release Date
10/6/2024
Products
Elsight
References
Link
Vulnerability
Elsight Halo os command injection
CVSSv3
9.6
Release Date
10/6/2024
Products
Elsight
References
Link
Vulnerability
Qualcomm Snapdragon Auto HLOS use after free
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto User Packet use after free
CVSSv3
7.9
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Wired Infrastructure and Networking Log File memory corruption
CVSSv3
9.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Compute/Snapdragon Industrial IOT Camera Driver memory corruption
CVSSv3
7.9
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto ML IE buffer over-read
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Response Buffer memory corruption
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto IOCTL Call untrusted pointer dereference
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Beacon buffer over-read
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Remote Desktop Client use after free
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Azure CLI/Azure Service Connector command injection
CVSSv3
7.6
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.9
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Management Console neutralization
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Progress Telerik Reporting externally-controlled input to select classes or code
CVSSv3
7.6
Release Date
10/9/2024
Products
Progress
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| MISP 2.4.196 lacks access restriction in BookmarksController, exposing bookmarks data | 9.8 | 9/1/2024 | MISP | Link | ||
| D-Link DAP-2310 stack-based buffer overflow in ATP binary allows arbitrary code execution (unsupported product) | 9.8 | 9/2/2024 | D-Link DAP-2310 | Link | ||
| Zyxel firmware command injection in host parameter allows unauthenticated OS command execution | 9.8 | 9/3/2024 | Zyxel firmware | Link | ||
| Firefox and Thunderbird type confusion vulnerability enables potential exploitation | 9.8 | 9/3/2024 | Firefox and Thunderbird | Link | ||
| Firefox and Thunderbird memory safety bugs in multiple versions enable arbitrary code execution | 9.8 | 9/3/2024 | Firefox and Thunderbird | Link | ||
| Firefox 129 memory safety bugs with memory corruption risk; affects Firefox < 130 | 9.8 | 9/3/2024 | Firefox | Link | ||
| Samsung Notes stack-based out-of-bounds write prior to 4.4.21.62 enables remote code execution | 9.8 | 9/4/2024 | Samsung Notes | Link | ||
| Apache OFBiz server-side request forgery and code injection vulnerability prior to 18.12.16 | 9.8 | 9/4/2024 | Apache OFBiz | Link | ||
| Apache OFBiz forced browsing vulnerability prior to 18.12.16 | 9.8 | 9/4/2024 | Apache OFBiz | Link | ||
| IBM webMethods Integration 10.15 allows authenticated arbitrary file upload and execution | 9.9 | 9/4/2024 | IBM webMethods Integration | Link | ||
| Cisco Smart Licensing Utility static admin credentials allow unauthenticated login with elevated privileges | 9.8 | 9/4/2024 | Cisco Smart Licensing Utility | Link | ||
| Micron Crucial MX500 SSDs buffer overflow vulnerability triggered by crafted ATA packets | 9.8 | 9/4/2024 | Micron Crucial MX500 SSDs | Link | ||
| MindsDB DNS rebinding vulnerability bypasses SSRF protection, leading to DoS | 9.3 | 9/5/2024 | MindsDB | Link | ||
| Progress LoadMaster improper input validation enables OS command injection | 10 | 9/5/2024 | Progress LoadMaster | Link | ||
| D-Link DI-8100G command injection via upgrade_filter.asp sub47A60C function | 9.8 | 9/6/2024 | D-Link DI-8100G | Link | ||
| D-Link DI-8100G command injection via msp_info.htm | 9.8 | 9/6/2024 | D-Link DI-8100G | Link | ||
| Veeam VSPC authentication bypass exposes NTLM hash of service account | 9.9 | 9/7/2024 | Veeam VSPC | Link | ||
| Veeam VSPC server code injection vulnerability allows arbitrary file upload and remote code execution | 9.9 | 9/7/2024 | Veeam VSPC | Link | ||
| Veeam Backup and Replication deserialization vulnerability enables unauthenticated RCE | 9.8 | 9/7/2024 | Veeam Backup and Replication | Link | ||
| Veeam Reporter Service vulnerability exposes NTLM hash with user interaction | 9 | 9/7/2024 | Veeam Reporter Service | Link | ||
| Veeam ONE Agent allows remote code execution if attacker has service account credentials | 9.1 | 9/7/2024 | Veeam ONE Agent | Link | ||
| Kibana deserialization flaw enables arbitrary code execution when parsing crafted YAML payloads with Elastic Security AI tools and Amazon Bedrock connector | 9.9 | 9/9/2024 | Kibana | Link | ||
| HPE HP-UX NFSv4 denial of service vulnerability in Network File System services | 9.3 | 9/9/2024 | HPE HP-UX | Link | ||
| D-Link DI-8300 v16.07.26A1 command injection via upgrade_filter_asp function | 9.8 | 9/9/2024 | D-Link DI-8300 | Link | ||
| D-Link DI-8300 v16.07.26A1 command injection via msp_info_htm function | 9.8 | 9/9/2024 | D-Link DI-8300 | Link | ||
| Zyxel NAS326 and NAS542 command injection via export-cgi program in HTTP POST request | 9.8 | 9/10/2024 | Zyxel | Link | ||
| Dell PowerScale InsightIQ versions 5.0 through 5.1 directory access vulnerability | 9.8 | 9/10/2024 | Dell PowerScale InsightIQ | Link | ||
| Dell PowerScale InsightIQ versions 5.0 through 5.1 weak cryptographic algorithm | 9.8 | 9/10/2024 | Dell PowerScale InsightIQ | Link | ||
| Samsung Escargot JavaScript engine 4.0.0 heap-based buffer overflow vulnerability | 9.8 | 9/10/2024 | Samsung Escargot | Link | ||
| Nix package manager 2.24 arbitrary file write vulnerability, potentially with root permissions | 9 | 9/10/2024 | Nix package manager | Link |
Vulnerability
MISP 2.4.196 lacks access restriction in BookmarksController, exposing bookmarks data
CVSSv3
9.8
Release Date
9/1/2024
Products
MISP
References
Link
Vulnerability
D-Link DAP-2310 stack-based buffer overflow in ATP binary allows arbitrary code execution (unsupported product)
CVSSv3
9.8
Release Date
9/2/2024
Products
D-Link DAP-2310
References
Link
Vulnerability
Zyxel firmware command injection in host parameter allows unauthenticated OS command execution
CVSSv3
9.8
Release Date
9/3/2024
Products
Zyxel firmware
References
Link
Vulnerability
Firefox and Thunderbird type confusion vulnerability enables potential exploitation
CVSSv3
9.8
Release Date
9/3/2024
Products
Firefox and Thunderbird
References
Link
Vulnerability
Firefox and Thunderbird memory safety bugs in multiple versions enable arbitrary code execution
CVSSv3
9.8
Release Date
9/3/2024
Products
Firefox and Thunderbird
References
Link
Vulnerability
Firefox 129 memory safety bugs with memory corruption risk; affects Firefox < 130
CVSSv3
9.8
Release Date
9/3/2024
Products
Firefox
References
Link
Vulnerability
Samsung Notes stack-based out-of-bounds write prior to 4.4.21.62 enables remote code execution
CVSSv3
9.8
Release Date
9/4/2024
Products
Samsung Notes
References
Link
Vulnerability
Apache OFBiz server-side request forgery and code injection vulnerability prior to 18.12.16
CVSSv3
9.8
Release Date
9/4/2024
Products
Apache OFBiz
References
Link
Vulnerability
Apache OFBiz forced browsing vulnerability prior to 18.12.16
CVSSv3
9.8
Release Date
9/4/2024
Products
Apache OFBiz
References
Link
Vulnerability
IBM webMethods Integration 10.15 allows authenticated arbitrary file upload and execution
CVSSv3
9.9
Release Date
9/4/2024
Products
IBM webMethods Integration
References
Link
Vulnerability
Cisco Smart Licensing Utility static admin credentials allow unauthenticated login with elevated privileges
CVSSv3
9.8
Release Date
9/4/2024
Products
Cisco Smart Licensing Utility
References
Link
Vulnerability
Micron Crucial MX500 SSDs buffer overflow vulnerability triggered by crafted ATA packets
CVSSv3
9.8
Release Date
9/4/2024
Products
Micron Crucial MX500 SSDs
References
Link
Vulnerability
MindsDB DNS rebinding vulnerability bypasses SSRF protection, leading to DoS
CVSSv3
9.3
Release Date
9/5/2024
Products
MindsDB
References
Link
Vulnerability
Progress LoadMaster improper input validation enables OS command injection
CVSSv3
10
Release Date
9/5/2024
Products
Progress LoadMaster
References
Link
Vulnerability
D-Link DI-8100G command injection via upgrade_filter.asp sub47A60C function
CVSSv3
9.8
Release Date
9/6/2024
Products
D-Link DI-8100G
References
Link
Vulnerability
D-Link DI-8100G command injection via msp_info.htm
CVSSv3
9.8
Release Date
9/6/2024
Products
D-Link DI-8100G
References
Link
Vulnerability
Veeam VSPC authentication bypass exposes NTLM hash of service account
CVSSv3
9.9
Release Date
9/7/2024
Products
Veeam VSPC
References
Link
Vulnerability
Veeam VSPC server code injection vulnerability allows arbitrary file upload and remote code execution
CVSSv3
9.9
Release Date
9/7/2024
Products
Veeam VSPC
References
Link
Vulnerability
Veeam Backup and Replication deserialization vulnerability enables unauthenticated RCE
CVSSv3
9.8
Release Date
9/7/2024
Products
Veeam Backup and Replication
References
Link
Vulnerability
Veeam Reporter Service vulnerability exposes NTLM hash with user interaction
CVSSv3
9
Release Date
9/7/2024
Products
Veeam Reporter Service
References
Link
Vulnerability
Veeam ONE Agent allows remote code execution if attacker has service account credentials
CVSSv3
9.1
Release Date
9/7/2024
Products
Veeam ONE Agent
References
Link
Vulnerability
Kibana deserialization flaw enables arbitrary code execution when parsing crafted YAML payloads with Elastic Security AI tools and Amazon Bedrock connector
CVSSv3
9.9
Release Date
9/9/2024
Products
Kibana
References
Link
Vulnerability
HPE HP-UX NFSv4 denial of service vulnerability in Network File System services
CVSSv3
9.3
Release Date
9/9/2024
Products
HPE HP-UX
References
Link
Vulnerability
D-Link DI-8300 v16.07.26A1 command injection via upgrade_filter_asp function
CVSSv3
9.8
Release Date
9/9/2024
Products
D-Link DI-8300
References
Link
Vulnerability
D-Link DI-8300 v16.07.26A1 command injection via msp_info_htm function
CVSSv3
9.8
Release Date
9/9/2024
Products
D-Link DI-8300
References
Link
Vulnerability
Zyxel NAS326 and NAS542 command injection via export-cgi program in HTTP POST request
CVSSv3
9.8
Release Date
9/10/2024
Products
Zyxel
References
Link
Vulnerability
Dell PowerScale InsightIQ versions 5.0 through 5.1 directory access vulnerability
CVSSv3
9.8
Release Date
9/10/2024
Products
Dell PowerScale InsightIQ
References
Link
Vulnerability
Dell PowerScale InsightIQ versions 5.0 through 5.1 weak cryptographic algorithm
CVSSv3
9.8
Release Date
9/10/2024
Products
Dell PowerScale InsightIQ
References
Link
Vulnerability
Samsung Escargot JavaScript engine 4.0.0 heap-based buffer overflow vulnerability
CVSSv3
9.8
Release Date
9/10/2024
Products
Samsung Escargot
References
Link
Vulnerability
Nix package manager 2.24 arbitrary file write vulnerability, potentially with root permissions
CVSSv3
9
Release Date
9/10/2024
Products
Nix package manager
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm QCN5054 WLAN memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Qualcomm AR8035 Modem memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Netman-204 Firmware File unrestricted upload | 9.9 | 10/3/2023 | Netman-204 | Link | ||
| Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine | 9.8 | 10/3/2023 | Dienstleistung | Link | ||
| Cisco Emergency Responder hard-coded credentials | 9.4 | 10/4/2023 | Cisco | Link | ||
| Schneider Electric C-Bus Toolkit path traversal | 9.6 | 10/5/2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization | 9.6 | 10/5/2023 | Schneider | Link | ||
| D-Link D-View InstallApplication hard-coded credentials | 9.5 | 10/5/2023 | D-Link | Link | ||
| D-Link D-View coreservice_action_script Remote Code Execution | 9.5 | 10/5/2023 | D-Link | Link | ||
| Qognify NiceVision hard-coded credentials | 9.7 | 10/6/2023 | Qognify | Link | ||
| Dell SmartFabric Storage Software input validation | 9.6 | 10/6/2023 | Dell | Link | ||
| Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials | 9.6 | 10/10/2023 | Siemens | Link | ||
| Siemens Simcenter Amesim SOAP Endpoint code injection | 9.6 | 10/10/2023 | Siemens | Link | ||
| Sangfor Next-Gen Application Firewall Header authentication spoofing | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall LogInOut.php os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request realloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request malloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gozila_cgi stack-based overflow | 9.2 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request manage_request stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg.cgi debug code | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request debug code | 9.6 | 2023-10-11 | Yifan | Link |
Vulnerability
Qualcomm QCN5054 WLAN memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AR8035 Modem memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Netman-204 Firmware File unrestricted upload
CVSSv3
9.9
Release Date
10/3/2023
Products
Netman-204
References
Link
Vulnerability
Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine
CVSSv3
9.8
Release Date
10/3/2023
Products
Dienstleistung
References
Link
Vulnerability
Cisco Emergency Responder hard-coded credentials
CVSSv3
9.4
Release Date
10/4/2023
Products
Cisco
References
Link
Vulnerability
Schneider Electric C-Bus Toolkit path traversal
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
D-Link D-View InstallApplication hard-coded credentials
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
D-Link D-View coreservice_action_script Remote Code Execution
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
Qognify NiceVision hard-coded credentials
CVSSv3
9.7
Release Date
10/6/2023
Products
Qognify
References
Link
Vulnerability
Dell SmartFabric Storage Software input validation
CVSSv3
9.6
Release Date
10/6/2023
Products
Dell
References
Link
Vulnerability
Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Siemens Simcenter Amesim SOAP Endpoint code injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall Header authentication spoofing
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall LogInOut.php os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request realloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request malloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gozila_cgi stack-based overflow
CVSSv3
9.2
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request manage_request stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg.cgi debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| GeoServer OGC Request neutralization of directives | 9.6 | 7/1/2024 | GeoServer | Link | ||
| Gogs Change Preview argument injection | 9.1 | 7/4/2024 | Gogs | Link | ||
| Gogs SSH Connection ssh.go argument injection | 9.1 | 7/4/2024 | Gogs | Link | ||
| Rejetto HTTP File Server Upload Node.js child_process Privilege Escalation | 9.1 | 7/5/2024 | Rejetto | Link | ||
| Apache CloudStack Service Port 9090 code injection | 9.4 | 7/5/2024 | Apache | Link | ||
| ABB ASPECT-Enterprise/NEXUS/MATRIX input validation | 9.8 | 7/5/2024 | ABB | Link | ||
| ifm Smart PLC AC14xx/Smart PLC AC4xxS hard-coded credentials | 9.6 | 7/9/2024 | ifm | Link | ||
| Siemens SINEMA Remote Connect Server Firmware Update temp file | 9 | 7/9/2024 | Siemens | Link | ||
| Pepperl+Fuchs OIT1500-F113-B12-CB Telnet missing authentication | 9.6 | 7/10/2024 | Pepperl+Fuchs | Link | ||
| Palo Alto Networks Expedition missing authentication | 9.4 | 7/10/2024 | Palo | Link | ||
| ServiceNow Now Platform improper validation of specified type of input | 9.4 | 7/10/2024 | ServiceNow | Link | ||
| Supermicro BMC stack-based overflow | 9.8 | 7/12/2024 | Supermicro | Link | ||
| fogproject reportmaker.class.php command injection | 9.6 | 7/12/2024 | fogproject | Link | ||
| Cellopoint Secure Email Gateway SMTP Listener stack-based overflow | 9.8 | 7/15/2024 | Cellopoint | Link | ||
| Broadcom Symantec Privileged Access Management PAM System Remote Code Execution | 9.4 | 7/15/2024 | Broadcom | Link | ||
| Broadcom Symantec Privileged Access Management PAM System unrestricted upload | 9.4 | 7/15/2024 | Broadcom | Link | ||
| Broadcom Symantec Privileged Access Management PAM System Remote Code Execution | 9.8 | 7/15/2024 | Broadcom | Link | ||
| sni Thruk html2pdf.sh code injection | 9.1 | 7/15/2024 | sni | Link | ||
| Oracle WebLogic Server Core Remote Code Execution | 9.6 | 7/17/2024 | Oracle | Link | ||
| Zoho ManageEngine DDI Central Agent hard-coded credentials | 9.3 | 7/17/2024 | Zoho | Link | ||
| SolarWinds Access Rights Manager deserialization | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager path traversal | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager Service improper authentication | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager improper authentication | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager input validation | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager path traversal | 9.5 | 7/17/2024 | SolarWinds | Link | ||
| Cisco Secure Email Content Scanning/Message Filtering absolute path traversal | 9.6 | 7/17/2024 | Cisco | Link | ||
| PruvaSoft Informatics Apinizer Management Console permission assignment | 9.1 | 7/18/2024 | PruvaSoft | Link | ||
| JumpServer path traversal | 9.7 | 7/18/2024 | JumpServer | Link | ||
| JumpServer path traversal | 9.7 | 7/18/2024 | JumpServer | Link |
Vulnerability
GeoServer OGC Request neutralization of directives
CVSSv3
9.6
Release Date
7/1/2024
Products
GeoServer
References
Link
Vulnerability
Gogs Change Preview argument injection
CVSSv3
9.1
Release Date
7/4/2024
Products
Gogs
References
Link
Vulnerability
Gogs SSH Connection ssh.go argument injection
CVSSv3
9.1
Release Date
7/4/2024
Products
Gogs
References
Link
Vulnerability
Rejetto HTTP File Server Upload Node.js child_process Privilege Escalation
CVSSv3
9.1
Release Date
7/5/2024
Products
Rejetto
References
Link
Vulnerability
Apache CloudStack Service Port 9090 code injection
CVSSv3
9.4
Release Date
7/5/2024
Products
Apache
References
Link
Vulnerability
ABB ASPECT-Enterprise/NEXUS/MATRIX input validation
CVSSv3
9.8
Release Date
7/5/2024
Products
ABB
References
Link
Vulnerability
ifm Smart PLC AC14xx/Smart PLC AC4xxS hard-coded credentials
CVSSv3
9.6
Release Date
7/9/2024
Products
ifm
References
Link
Vulnerability
Siemens SINEMA Remote Connect Server Firmware Update temp file
CVSSv3
9
Release Date
7/9/2024
Products
Siemens
References
Link
Vulnerability
Pepperl+Fuchs OIT1500-F113-B12-CB Telnet missing authentication
CVSSv3
9.6
Release Date
7/10/2024
Products
Pepperl+Fuchs
References
Link
Vulnerability
Palo Alto Networks Expedition missing authentication
CVSSv3
9.4
Release Date
7/10/2024
Products
Palo
References
Link
Vulnerability
ServiceNow Now Platform improper validation of specified type of input
CVSSv3
9.4
Release Date
7/10/2024
Products
ServiceNow
References
Link
Vulnerability
Supermicro BMC stack-based overflow
CVSSv3
9.8
Release Date
7/12/2024
Products
Supermicro
References
Link
Vulnerability
fogproject reportmaker.class.php command injection
CVSSv3
9.6
Release Date
7/12/2024
Products
fogproject
References
Link
Vulnerability
Cellopoint Secure Email Gateway SMTP Listener stack-based overflow
CVSSv3
9.8
Release Date
7/15/2024
Products
Cellopoint
References
Link
Vulnerability
Broadcom Symantec Privileged Access Management PAM System Remote Code Execution
CVSSv3
9.4
Release Date
7/15/2024
Products
Broadcom
References
Link
Vulnerability
Broadcom Symantec Privileged Access Management PAM System unrestricted upload
CVSSv3
9.4
Release Date
7/15/2024
Products
Broadcom
References
Link
Vulnerability
Broadcom Symantec Privileged Access Management PAM System Remote Code Execution
CVSSv3
9.8
Release Date
7/15/2024
Products
Broadcom
References
Link
Vulnerability
sni Thruk html2pdf.sh code injection
CVSSv3
9.1
Release Date
7/15/2024
Products
sni
References
Link
Vulnerability
Oracle WebLogic Server Core Remote Code Execution
CVSSv3
9.6
Release Date
7/17/2024
Products
Oracle
References
Link
Vulnerability
Zoho ManageEngine DDI Central Agent hard-coded credentials
CVSSv3
9.3
Release Date
7/17/2024
Products
Zoho
References
Link
Vulnerability
SolarWinds Access Rights Manager deserialization
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager Service improper authentication
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager improper authentication
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager input validation
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9.5
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
Cisco Secure Email Content Scanning/Message Filtering absolute path traversal
CVSSv3
9.6
Release Date
7/17/2024
Products
Cisco
References
Link
Vulnerability
PruvaSoft Informatics Apinizer Management Console permission assignment
CVSSv3
9.1
Release Date
7/18/2024
Products
PruvaSoft
References
Link
Vulnerability
JumpServer path traversal
CVSSv3
9.7
Release Date
7/18/2024
Products
JumpServer
References
Link
Vulnerability
JumpServer path traversal
CVSSv3
9.7
Release Date
7/18/2024
Products
JumpServer
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Sonos Sonos Era 100 SMB2 Message out-of-bounds write | 9.4 | 6/1/2024 | Sonos | Link | ||
| Sonos Sonos Era 100 SMB2 Message use after free | 9.4 | 6/1/2024 | Sonos | Link | ||
| MileSight DeviceHub random values | 9.6 | 6/2/2024 | MileSight | Link | ||
| MileSight DeviceHub authentication bypass | 9.7 | 6/2/2024 | MileSight | Link | ||
| MileSight DeviceHub path traversal | 9.6 | 6/2/2024 | MileSight | Link | ||
| MileSight DeviceHub key management | 9.3 | 6/2/2024 | MileSight | Link | ||
| Qualcomm Snapdragon Auto LTE improper authentication | 9.3 | 6/3/2024 | Qualcomm | Link | ||
| qdrant input validation | 9.6 | 6/3/2024 | qdrant | Link | ||
| Summar Software Mentor Employee Portal deserialization | 9.9 | 6/6/2024 | Summar | Link | ||
| Emerson Ovation missing authentication | 9.4 | 6/6/2024 | Emerson | Link | ||
| lightning-ai pytorch-lightning dynamically-determined object attributes | 9.8 | 6/6/2024 | lightning-ai | Link | ||
| mintplex-labs anything-llm update-env os command injection | 9 | 6/6/2024 | mintplex-labs | Link | ||
| Logsign Unified SecOps Platform command injection | 9.4 | 6/13/2024 | Logsign | Link | ||
| Adobe Framemaker Publishing Server improper authentication | 9.7 | 6/13/2024 | Adobe | Link | ||
| ASUS ZenWiFi XT8 improper authentication | 9.8 | 6/14/2024 | ASUS | Link | ||
| Toshiba Tec e-Studio Multi-Function Peripheral os command injection | 9.8 | 6/14/2024 | Toshiba | Link | ||
| ASUS DSL-AC55 Firmware unrestricted upload | 9.6 | 6/14/2024 | ASUS | Link | ||
| TrendNet TEW-814DAP shadow.sample hard-coded password | 9.5 | 6/14/2024 | TrendNet | Link | ||
| Trellix Intrusion Prevention System Manager deserialization | 9.6 | 6/14/2024 | Trellix | Link | ||
| SECOM WRTR-304GN-304TW-UPSC os command injection | 9.8 | 6/17/2024 | SECOM | Link | ||
| GeoVision GVLX 4 V3 os command injection | 9.8 | 6/17/2024 | GeoVision | Link | ||
| deepjavalibrary djl path traversal | 9.7 | 6/17/2024 | deepjavalibrary | Link | ||
| Emerson Ovation missing authentication | 9.4 | 6/6/2024 | Emerson | Link | ||
| lightning-ai pytorch-lightning dynamically-determined object attributes | 9.8 | 6/6/2024 | lightning-ai | Link | ||
| mintplex-labs anything-llm update-env os command injection | 9 | 6/6/2024 | mintplex-labs | Link | ||
| Logsign Unified SecOps Platform command injection | 9.4 | 6/13/2024 | Logsign | Link | ||
| Adobe Framemaker Publishing Server improper authentication | 9.7 | 6/13/2024 | Adobe | Link | ||
| ASUS ZenWiFi XT8 improper authentication | 9.8 | 6/14/2024 | ASUS | Link | ||
| Toshiba Tec e-Studio Multi-Function Peripheral os command injection | 9.8 | 6/14/2024 | Toshiba | Link | ||
| ASUS DSL-AC55 Firmware unrestricted upload | 9.6 | 6/14/2024 | ASUS | Link |
Vulnerability
Sonos Sonos Era 100 SMB2 Message out-of-bounds write
CVSSv3
9.4
Release Date
6/1/2024
Products
Sonos
References
Link
Vulnerability
Sonos Sonos Era 100 SMB2 Message use after free
CVSSv3
9.4
Release Date
6/1/2024
Products
Sonos
References
Link
Vulnerability
MileSight DeviceHub random values
CVSSv3
9.6
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
MileSight DeviceHub authentication bypass
CVSSv3
9.7
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
MileSight DeviceHub path traversal
CVSSv3
9.6
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
MileSight DeviceHub key management
CVSSv3
9.3
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
Qualcomm Snapdragon Auto LTE improper authentication
CVSSv3
9.3
Release Date
6/3/2024
Products
Qualcomm
References
Link
Vulnerability
qdrant input validation
CVSSv3
9.6
Release Date
6/3/2024
Products
qdrant
References
Link
Vulnerability
Summar Software Mentor Employee Portal deserialization
CVSSv3
9.9
Release Date
6/6/2024
Products
Summar
References
Link
Vulnerability
Emerson Ovation missing authentication
CVSSv3
9.4
Release Date
6/6/2024
Products
Emerson
References
Link
Vulnerability
lightning-ai pytorch-lightning dynamically-determined object attributes
CVSSv3
9.8
Release Date
6/6/2024
Products
lightning-ai
References
Link
Vulnerability
mintplex-labs anything-llm update-env os command injection
CVSSv3
9
Release Date
6/6/2024
Products
mintplex-labs
References
Link
Vulnerability
Logsign Unified SecOps Platform command injection
CVSSv3
9.4
Release Date
6/13/2024
Products
Logsign
References
Link
Vulnerability
Adobe Framemaker Publishing Server improper authentication
CVSSv3
9.7
Release Date
6/13/2024
Products
Adobe
References
Link
Vulnerability
ASUS ZenWiFi XT8 improper authentication
CVSSv3
9.8
Release Date
6/14/2024
Products
ASUS
References
Link
Vulnerability
Toshiba Tec e-Studio Multi-Function Peripheral os command injection
CVSSv3
9.8
Release Date
6/14/2024
Products
Toshiba
References
Link
Vulnerability
ASUS DSL-AC55 Firmware unrestricted upload
CVSSv3
9.6
Release Date
6/14/2024
Products
ASUS
References
Link
Vulnerability
TrendNet TEW-814DAP shadow.sample hard-coded password
CVSSv3
9.5
Release Date
6/14/2024
Products
TrendNet
References
Link
Vulnerability
Trellix Intrusion Prevention System Manager deserialization
CVSSv3
9.6
Release Date
6/14/2024
Products
Trellix
References
Link
Vulnerability
SECOM WRTR-304GN-304TW-UPSC os command injection
CVSSv3
9.8
Release Date
6/17/2024
Products
SECOM
References
Link
Vulnerability
GeoVision GVLX 4 V3 os command injection
CVSSv3
9.8
Release Date
6/17/2024
Products
GeoVision
References
Link
Vulnerability
deepjavalibrary djl path traversal
CVSSv3
9.7
Release Date
6/17/2024
Products
deepjavalibrary
References
Link
Vulnerability
Emerson Ovation missing authentication
CVSSv3
9.4
Release Date
6/6/2024
Products
Emerson
References
Link
Vulnerability
lightning-ai pytorch-lightning dynamically-determined object attributes
CVSSv3
9.8
Release Date
6/6/2024
Products
lightning-ai
References
Link
Vulnerability
mintplex-labs anything-llm update-env os command injection
CVSSv3
9
Release Date
6/6/2024
Products
mintplex-labs
References
Link
Vulnerability
Logsign Unified SecOps Platform command injection
CVSSv3
9.4
Release Date
6/13/2024
Products
Logsign
References
Link
Vulnerability
Adobe Framemaker Publishing Server improper authentication
CVSSv3
9.7
Release Date
6/13/2024
Products
Adobe
References
Link
Vulnerability
ASUS ZenWiFi XT8 improper authentication
CVSSv3
9.8
Release Date
6/14/2024
Products
ASUS
References
Link
Vulnerability
Toshiba Tec e-Studio Multi-Function Peripheral os command injection
CVSSv3
9.8
Release Date
6/14/2024
Products
Toshiba
References
Link
Vulnerability
ASUS DSL-AC55 Firmware unrestricted upload
CVSSv3
9.6
Release Date
6/14/2024
Products
ASUS
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| RIOT-OS gcoap_dns_server_proxy_get buffer overflow | 9.8 | 5/1/2024 | RIOT-OS | Link | ||
| Aruba ArubaOS 8.10.0.11/8.11.2.2/10.4.1.1/10.5.1.1 L2-L3 Management Service buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Aruba ArubaOS Access Point Management Protocol buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Aruba ArubaOS Automatic Reporting Service buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Aruba ArubaOS Local User Authentication Database Service buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Tinyproxy HTTP Connection Header use after free | 9.8 | 5/1/2024 | Tinyproxy | Link | ||
| TP-Link AX1800 hotplugd Firewall Rule race condition | 9.4 | 5/3/2024 | TP-Link | Link | ||
| Triangle MicroWorks SCADA Data Gateway missing authentication | 9.8 | 5/3/2024 | Triangle MicroWorks | Link | ||
| Ignition Automation Ignition ParameterVersionJavaSerializationCodec deserialization | 9.8 | 5/3/2024 | Ignition Automation | Link | ||
| Ignition Automation Ignition JavaSerializationCodec deserialization | 9.8 | 5/3/2024 | Ignition Automation | Link | ||
| Exim AUTH out-of-bounds write | 9.8 | 5/3/2024 | Exim AUTH | Link | ||
| Control Web Panel improper authentication | 9.8 | 5/3/2024 | Control Web Panel | Link | ||
| D-Link D-View InstallApplication hard-coded credentials | 9.5 | 5/3/2024 | D-Link | Link | ||
| D-Link D-View coreservice_action_script Remote Code Execution | 9.5 | 5/3/2024 | D-Link | Link | ||
| Voltronic Power ViewPower Pro improper authentication | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro Remote Code Execution | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| PWAsForFirefox Arbitrary code execution due to improper sanitization of web app properties on Linux and PortableApps.com | 9.7 | 5/3/2024 | PWAsForFirefox | Link | ||
| CyberPower PowerPanel Enterprise PDNU REST API missing authentication | 9.8 | 5/9/2024 | CyberPower | Link | ||
| Use after free in Visuals in Google Chrome prior to 124.0.6367.201 | 9.6 | 5/9/2024 | Google Chrome | Link | ||
| LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection | 9.8 | 5/10/2024 | LearnPress | Link | ||
| `/api/proxy` endpoint ssrf vulnerability in lobe-chat | 9 | 5/10/2024 | lobe-chat | Link | ||
| Veeam Service Provider Console Management Agent deserialization | 9.3 | 5/13/2024 | Veeam | Link |
Vulnerability
RIOT-OS gcoap_dns_server_proxy_get buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
RIOT-OS
References
Link
Vulnerability
Aruba ArubaOS 8.10.0.11/8.11.2.2/10.4.1.1/10.5.1.1 L2-L3 Management Service buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Aruba ArubaOS Access Point Management Protocol buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Aruba ArubaOS Automatic Reporting Service buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Aruba ArubaOS Local User Authentication Database Service buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Tinyproxy HTTP Connection Header use after free
CVSSv3
9.8
Release Date
5/1/2024
Products
Tinyproxy
References
Link
Vulnerability
TP-Link AX1800 hotplugd Firewall Rule race condition
CVSSv3
9.4
Release Date
5/3/2024
Products
TP-Link
References
Link
Vulnerability
Triangle MicroWorks SCADA Data Gateway missing authentication
CVSSv3
9.8
Release Date
5/3/2024
Products
Triangle MicroWorks
References
Link
Vulnerability
Ignition Automation Ignition ParameterVersionJavaSerializationCodec deserialization
CVSSv3
9.8
Release Date
5/3/2024
Products
Ignition Automation
References
Link
Vulnerability
Ignition Automation Ignition JavaSerializationCodec deserialization
CVSSv3
9.8
Release Date
5/3/2024
Products
Ignition Automation
References
Link
Vulnerability
Exim AUTH out-of-bounds write
CVSSv3
9.8
Release Date
5/3/2024
Products
Exim AUTH
References
Link
Vulnerability
Control Web Panel improper authentication
CVSSv3
9.8
Release Date
5/3/2024
Products
Control Web Panel
References
Link
Vulnerability
D-Link D-View InstallApplication hard-coded credentials
CVSSv3
9.5
Release Date
5/3/2024
Products
D-Link
References
Link
Vulnerability
D-Link D-View coreservice_action_script Remote Code Execution
CVSSv3
9.5
Release Date
5/3/2024
Products
D-Link
References
Link
Vulnerability
Voltronic Power ViewPower Pro improper authentication
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro Remote Code Execution
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
PWAsForFirefox Arbitrary code execution due to improper sanitization of web app properties on Linux and PortableApps.com
CVSSv3
9.7
Release Date
5/3/2024
Products
PWAsForFirefox
References
Link
Vulnerability
CyberPower PowerPanel Enterprise PDNU REST API missing authentication
CVSSv3
9.8
Release Date
5/9/2024
Products
CyberPower
References
Link
Vulnerability
Use after free in Visuals in Google Chrome prior to 124.0.6367.201
CVSSv3
9.6
Release Date
5/9/2024
Products
Google Chrome
References
Link
Vulnerability
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection
CVSSv3
9.8
Release Date
5/10/2024
Products
LearnPress
References
Link
Vulnerability
`/api/proxy` endpoint ssrf vulnerability in lobe-chat
CVSSv3
9
Release Date
5/10/2024
Products
lobe-chat
References
Link
Vulnerability
Veeam Service Provider Console Management Agent deserialization
CVSSv3
9.3
Release Date
5/13/2024
Products
Veeam
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm Snapdragon File Name Memory Corruption | 9.6 | 4/1/2024 | Qualcomm Snapdragon | Link | ||
| Progress Flowmon up to 11.1.13/12.3.4 Management Interface os command injection | 9.7 | 4/2/2024 | Progress Flowmon | Link | ||
| D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L up to 20240403 HTTP GET Request /cgi-bin/nas_sharing.cgi user hard-coded credentials | 9.7 | 4/3/2024 | D-Link | Link | ||
| Brocade Fabric OS up to 9.2.0 os command injection | 9.2 | 4/4/2024 | Brocade Fabric OS | Link | ||
| CData API Server Prior 23.4.8844 Embedded Jetty Server path traversal | 9.6 | 4/5/2024 | CData | Link | ||
| CData Connect prior 23.4.8846 Embedded Jetty Server path traversal | 9.6 | 4/5/2024 | CData | Link | ||
| Google Nest Wifi Pro 11 out-of-bounds | 9.9 | 4/5/2024 | Google Nest Wifi Pro | Link | ||
| Google Chromecast 5.0 U-boot Remote Code Execution | 9.9 | 4/5/2024 | Google Chromecast | Link | ||
| Rust up to 1.77.1 on Windows Batch File Command::arg os command injection | 9.7 | 4/9/2024 | Rust | Link | ||
| parisneo lollms-webui up to 9.0 /open_code_folder discussion_id os command injection | 9.6 | 4/10/2024 | parisneo | Link | ||
| aimhubio aim /api/runs/search/run/ run_search_api code injection | 9.8 | 4/10/2024 | aimhubio | Link | ||
| mudler localai up to 2.9.x audioToWav os command injection | 9.1 | 4/10/2024 | mudler localai | Link | ||
| Xiongmai AHB7804R-MH-V2 up to 5.00.R02.00030751.10010.348717.0000000 Sofia Service access control | 9.2 | 4/14/2024 | Xiongmai | Link | ||
| run-llama llama_index up to 10.25 safe_eval command injection | 9.6 | 4/16/2024 | run-llama | Link | ||
| Judge0 up to 1.13.0 symlink | 9.7 | 4/18/2024 | Judge0 | Link | ||
| Judge0 up to 1.13.0 run_script symlink | 9.9 | 4/18/2024 | Judge0 | Link | ||
| Ivanti Avalanche up to 6.4.2 WLAvalancheService heap-based overflow | 9.6 | 4/19/2024 | Ivanti Avalanche | Link | ||
| Wazuh up to 4.7.1 wazuh-analysisd heap-based overflow | 9.6 | 4/19/2024 | Wazuh | Link | ||
| FreeRDP up to 3.5.0 out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x /gfx integer overflow | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| mysql2 up to 3.9.6 readCodeFor timezone code injection | 9.6 | 4/23/2024 | mysql2 | Link | ||
| FreeRDP up to 3.5.0 out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| QNAP QTS/QuTS hero/QuTScloud command injection | 10 | 4/26/2024 | QNAP | Link | ||
| dgtlmoon changedetection.io up to 0.45.20 Template special elements used in a template engine | 10 | 4/26/2024 | dgtlmoon | Link | ||
| Eclipse Target Management up to 4.5.500 os command injection | 9.8 | 4/26/2024 | Eclipse | Link | ||
| Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection | 9.9 | 4/27/2024 | MotoPress | Link | ||
| E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure | 9.8 | 4/29/2024 | FS-EZViewer(Web) | Link |
Vulnerability
Qualcomm Snapdragon File Name Memory Corruption
CVSSv3
9.6
Release Date
4/1/2024
Products
Qualcomm Snapdragon
References
Link
Vulnerability
Progress Flowmon up to 11.1.13/12.3.4 Management Interface os command injection
CVSSv3
9.7
Release Date
4/2/2024
Products
Progress Flowmon
References
Link
Vulnerability
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L up to 20240403 HTTP GET Request /cgi-bin/nas_sharing.cgi user hard-coded credentials
CVSSv3
9.7
Release Date
4/3/2024
Products
D-Link
References
Link
Vulnerability
Brocade Fabric OS up to 9.2.0 os command injection
CVSSv3
9.2
Release Date
4/4/2024
Products
Brocade Fabric OS
References
Link
Vulnerability
CData API Server Prior 23.4.8844 Embedded Jetty Server path traversal
CVSSv3
9.6
Release Date
4/5/2024
Products
CData
References
Link
Vulnerability
CData Connect prior 23.4.8846 Embedded Jetty Server path traversal
CVSSv3
9.6
Release Date
4/5/2024
Products
CData
References
Link
Vulnerability
Google Nest Wifi Pro 11 out-of-bounds
CVSSv3
9.9
Release Date
4/5/2024
Products
Google Nest Wifi Pro
References
Link
Vulnerability
Google Chromecast 5.0 U-boot Remote Code Execution
CVSSv3
9.9
Release Date
4/5/2024
Products
Google Chromecast
References
Link
Vulnerability
Rust up to 1.77.1 on Windows Batch File Command::arg os command injection
CVSSv3
9.7
Release Date
4/9/2024
Products
Rust
References
Link
Vulnerability
parisneo lollms-webui up to 9.0 /open_code_folder discussion_id os command injection
CVSSv3
9.6
Release Date
4/10/2024
Products
parisneo
References
Link
Vulnerability
aimhubio aim /api/runs/search/run/ run_search_api code injection
CVSSv3
9.8
Release Date
4/10/2024
Products
aimhubio
References
Link
Vulnerability
mudler localai up to 2.9.x audioToWav os command injection
CVSSv3
9.1
Release Date
4/10/2024
Products
mudler localai
References
Link
Vulnerability
Xiongmai AHB7804R-MH-V2 up to 5.00.R02.00030751.10010.348717.0000000 Sofia Service access control
CVSSv3
9.2
Release Date
4/14/2024
Products
Xiongmai
References
Link
Vulnerability
run-llama llama_index up to 10.25 safe_eval command injection
CVSSv3
9.6
Release Date
4/16/2024
Products
run-llama
References
Link
Vulnerability
Judge0 up to 1.13.0 symlink
CVSSv3
9.7
Release Date
4/18/2024
Products
Judge0
References
Link
Vulnerability
Judge0 up to 1.13.0 run_script symlink
CVSSv3
9.9
Release Date
4/18/2024
Products
Judge0
References
Link
Vulnerability
Ivanti Avalanche up to 6.4.2 WLAvalancheService heap-based overflow
CVSSv3
9.6
Release Date
4/19/2024
Products
Ivanti Avalanche
References
Link
Vulnerability
Wazuh up to 4.7.1 wazuh-analysisd heap-based overflow
CVSSv3
9.6
Release Date
4/19/2024
Products
Wazuh
References
Link
Vulnerability
FreeRDP up to 3.5.0 out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x /gfx integer overflow
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
mysql2 up to 3.9.6 readCodeFor timezone code injection
CVSSv3
9.6
Release Date
4/23/2024
Products
mysql2
References
Link
Vulnerability
FreeRDP up to 3.5.0 out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
QNAP QTS/QuTS hero/QuTScloud command injection
CVSSv3
10
Release Date
4/26/2024
Products
QNAP
References
Link
Vulnerability
dgtlmoon changedetection.io up to 0.45.20 Template special elements used in a template engine
CVSSv3
10
Release Date
4/26/2024
Products
dgtlmoon
References
Link
Vulnerability
Eclipse Target Management up to 4.5.500 os command injection
CVSSv3
9.8
Release Date
4/26/2024
Products
Eclipse
References
Link
Vulnerability
Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection
CVSSv3
9.9
Release Date
4/27/2024
Products
MotoPress
References
Link
Vulnerability
E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure
CVSSv3
9.8
Release Date
4/29/2024
Products
FS-EZViewer(Web)
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| SolarWinds Security Event Manager Service deserialization | 9.1 | 3/1/2024 | SolarWinds | Link | ||
| Qualcomm Snapdragon MLIE memory corruption | 9.6 | 3/4/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon MBSSID Beacon memory corruption | 9.6 | 3/4/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon DTLS Handshake memory corruption | 9.6 | 3/4/2024 | Qualcomm | Link | ||
| ZKSoftware Biometric Security Solutions UFace 5 authentication bypass | 9.8 | 3/5/2024 | ZKSoftware | Link | ||
| XPodas Octopod authentication bypass | 9.6 | 3/5/2024 | XPodas | Link | ||
| eProsima Fast-DDS DATA_FRAG Submessage use after free | 9 | 3/6/2024 | eProsima | Link | ||
| QNAP QTS/QuTS hero/QuTScloud improper authentication | 9.6 | 3/8/2024 | QNAP | Link | ||
| Canon Color imageCLASS MF740C WSD Probe Request Process out-of-bounds write | 9.8 | 3/11/2024 | Canon | Link | ||
| D-Link DIR-822 Rev B/DIR-822-CA Rev B HNAP stack-based overflow | 9.8 | 3/12/2024 | D-Link | Link | ||
| Siemens SINEMA Remote Connect Server Web Service access control | 9.6 | 3/12/2024 | Siemens | Link | ||
| Siemens Cerberus PRO EN Engineering Tool X.509 Certificate stack-based overflow | 9.7 | 3/12/2024 | Siemens | Link | ||
| Fortinet FortiOS/FortiPAM/FortiProxy HTTP Request out-of-bounds write | 9.6 | 3/12/2024 | Fortinet | Link | ||
| Arcserve Unified Data Protection wizardLogin doLogin improper authentication | 9.8 | 3/13/2024 | Arcserve | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| open-metadata OpenMetadata v1 getUserPrincipal improper authentication | 9.6 | 3/15/2024 | open-metadata | Link | ||
| Amssplus AMSS++ unrestricted upload | 9.3 | 3/18/2024 | Amssplus | Link | ||
| Unitronics Unistream Unilogic improper authentication | 9.7 | 3/18/2024 | Unitronics | Link | ||
| Unitronics Unistream Unilogic path traversal | 9.6 | 3/18/2024 | Unitronics | Link | ||
| jens-maus RaspberryMatic path traversal | 9.7 | 3/19/2024 | jens-maus | Link | ||
| OpenText ArcSight Platform Remote Code Execution | 9.6 | 3/20/2024 | OpenText | Link | ||
| Progress Telerik Report Server deserialization | 9.1 | 3/20/2024 | Progress | Link | ||
| eProsima Fast-DDS DATA Submessage heap-based overflow | 9 | 3/21/2024 | eProsima | Link | ||
| Kiloview NDI hard-coded credentials | 9.6 | 3/21/2024 | Kiloview | Link | ||
| OpenText PVCS Version Manager improper authentication | 9.6 | 3/21/2024 | OpenText | Link | ||
| OpenText PVCS Version Manager improper authentication | 9.6 | 3/21/2024 | OpenText | Link |
Vulnerability
SolarWinds Security Event Manager Service deserialization
CVSSv3
9.1
Release Date
3/1/2024
Products
SolarWinds
References
Link
Vulnerability
Qualcomm Snapdragon MLIE memory corruption
CVSSv3
9.6
Release Date
3/4/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon MBSSID Beacon memory corruption
CVSSv3
9.6
Release Date
3/4/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon DTLS Handshake memory corruption
CVSSv3
9.6
Release Date
3/4/2024
Products
Qualcomm
References
Link
Vulnerability
ZKSoftware Biometric Security Solutions UFace 5 authentication bypass
CVSSv3
9.8
Release Date
3/5/2024
Products
ZKSoftware
References
Link
Vulnerability
XPodas Octopod authentication bypass
CVSSv3
9.6
Release Date
3/5/2024
Products
XPodas
References
Link
Vulnerability
eProsima Fast-DDS DATA_FRAG Submessage use after free
CVSSv3
9
Release Date
3/6/2024
Products
eProsima
References
Link
Vulnerability
QNAP QTS/QuTS hero/QuTScloud improper authentication
CVSSv3
9.6
Release Date
3/8/2024
Products
QNAP
References
Link
Vulnerability
Canon Color imageCLASS MF740C WSD Probe Request Process out-of-bounds write
CVSSv3
9.8
Release Date
3/11/2024
Products
Canon
References
Link
Vulnerability
D-Link DIR-822 Rev B/DIR-822-CA Rev B HNAP stack-based overflow
CVSSv3
9.8
Release Date
3/12/2024
Products
D-Link
References
Link
Vulnerability
Siemens SINEMA Remote Connect Server Web Service access control
CVSSv3
9.6
Release Date
3/12/2024
Products
Siemens
References
Link
Vulnerability
Siemens Cerberus PRO EN Engineering Tool X.509 Certificate stack-based overflow
CVSSv3
9.7
Release Date
3/12/2024
Products
Siemens
References
Link
Vulnerability
Fortinet FortiOS/FortiPAM/FortiProxy HTTP Request out-of-bounds write
CVSSv3
9.6
Release Date
3/12/2024
Products
Fortinet
References
Link
Vulnerability
Arcserve Unified Data Protection wizardLogin doLogin improper authentication
CVSSv3
9.8
Release Date
3/13/2024
Products
Arcserve
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
open-metadata OpenMetadata v1 getUserPrincipal improper authentication
CVSSv3
9.6
Release Date
3/15/2024
Products
open-metadata
References
Link
Vulnerability
Amssplus AMSS++ unrestricted upload
CVSSv3
9.3
Release Date
3/18/2024
Products
Amssplus
References
Link
Vulnerability
Unitronics Unistream Unilogic improper authentication
CVSSv3
9.7
Release Date
3/18/2024
Products
Unitronics
References
Link
Vulnerability
Unitronics Unistream Unilogic path traversal
CVSSv3
9.6
Release Date
3/18/2024
Products
Unitronics
References
Link
Vulnerability
jens-maus RaspberryMatic path traversal
CVSSv3
9.7
Release Date
3/19/2024
Products
jens-maus
References
Link
Vulnerability
OpenText ArcSight Platform Remote Code Execution
CVSSv3
9.6
Release Date
3/20/2024
Products
OpenText
References
Link
Vulnerability
Progress Telerik Report Server deserialization
CVSSv3
9.1
Release Date
3/20/2024
Products
Progress
References
Link
Vulnerability
eProsima Fast-DDS DATA Submessage heap-based overflow
CVSSv3
9
Release Date
3/21/2024
Products
eProsima
References
Link
Vulnerability
Kiloview NDI hard-coded credentials
CVSSv3
9.6
Release Date
3/21/2024
Products
Kiloview
References
Link
Vulnerability
OpenText PVCS Version Manager improper authentication
CVSSv3
9.6
Release Date
3/21/2024
Products
OpenText
References
Link
Vulnerability
OpenText PVCS Version Manager improper authentication
CVSSv3
9.6
Release Date
3/21/2024
Products
OpenText
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| moby buildkit API authorization | 9.6 | 2/1/2024 | moby | Link | ||
| Gessler WEB-MASTER weak credentials | 9.4 | 2/1/2024 | Gessler | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.7 | 2/5/2024 | Fortinet | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.7 | 2/5/2024 | Fortinet | Link | ||
| Canon Satera LBP670C CPCA PCFAX Number Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C SLP Attribute Request Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C CPCA Color LUT Resource Download Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C WSD Probe Request Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C Address Book Password Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C CPCA PDL Resource Download Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C Address Book Username Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| D-Link Go-RT-AC750 hard-coded password | 9.5 | 2/6/2024 | D-Link | Link | ||
| JetBrains TeamCity authentication bypass | 9.6 | 2/6/2024 | JetBrains | Link | ||
| OpenObserve Role-Based Access Control users improper authorization | 9.1 | 2/9/2024 | OpenObserve | Link | ||
| Fortinet FortiOS fgfmd format string | 9.4 | 2/9/2024 | Fortinet | Link | ||
| Fortinet FortiOS SSL-VPN out-of-bounds write | 9.4 | 2/9/2024 | Fortinet | Link | ||
| Steinbeis Allegra SiteConfigAction access control | 9.4 | 2/10/2024 | Steinbeis | Link | ||
| Steinbeis Allegra loadFieldMatch deserialization | 9.4 | 2/10/2024 | Steinbeis | Link | ||
| Steinbeis Allegra renderFieldMatch deserialization | 9.4 | 2/10/2024 | Steinbeis | Link | ||
| Siemens Location Intelligence Perpetual Large hard-coded credentials | 9.6 | 2/13/2024 | Siemens | Link | ||
| Microsoft Exchange Server Remote Code Execution | 9.1 | 2/13/2024 | Microsoft | Link | ||
| Adobe FrameMaker Publishing Server improper authentication | 9.4 | 2/14/2024 | Adobe | Link | ||
| HGiga OAKlouds os command injection | 9.6 | 2/15/2024 | HGiga | Link | ||
| Dell SmartFabric OS10 os command injection | 9.6 | 2/15/2024 | Dell | Link | ||
| Dell Enterprise SONiC OS input validation | 9.8 | 2/15/2024 | Dell | Link | ||
| SolarWinds Access Rights Manager path traversal | 9.2 | 2/15/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager path traversal | 9.2 | 2/15/2024 | SolarWinds | Link | ||
| Loomio os command injection | 9.9 | 2/20/2024 | Loomio | Link | ||
| Torrentpier deserialization | 9.9 | 2/20/2024 | Torrentpier | Link | ||
| CISA Ethercat Zeek Plugin Datagram Analyzer out-of-bounds write | 9.4 | 2/21/2024 | CISA | Link |
Vulnerability
moby buildkit API authorization
CVSSv3
9.6
Release Date
2/1/2024
Products
moby
References
Link
Vulnerability
Gessler WEB-MASTER weak credentials
CVSSv3
9.4
Release Date
2/1/2024
Products
Gessler
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.7
Release Date
2/5/2024
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.7
Release Date
2/5/2024
Products
Fortinet
References
Link
Vulnerability
Canon Satera LBP670C CPCA PCFAX Number Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C SLP Attribute Request Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C CPCA Color LUT Resource Download Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C WSD Probe Request Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C Address Book Password Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C CPCA PDL Resource Download Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C Address Book Username Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
D-Link Go-RT-AC750 hard-coded password
CVSSv3
9.5
Release Date
2/6/2024
Products
D-Link
References
Link
Vulnerability
JetBrains TeamCity authentication bypass
CVSSv3
9.6
Release Date
2/6/2024
Products
JetBrains
References
Link
Vulnerability
OpenObserve Role-Based Access Control users improper authorization
CVSSv3
9.1
Release Date
2/9/2024
Products
OpenObserve
References
Link
Vulnerability
Fortinet FortiOS fgfmd format string
CVSSv3
9.4
Release Date
2/9/2024
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiOS SSL-VPN out-of-bounds write
CVSSv3
9.4
Release Date
2/9/2024
Products
Fortinet
References
Link
Vulnerability
Steinbeis Allegra SiteConfigAction access control
CVSSv3
9.4
Release Date
2/10/2024
Products
Steinbeis
References
Link
Vulnerability
Steinbeis Allegra loadFieldMatch deserialization
CVSSv3
9.4
Release Date
2/10/2024
Products
Steinbeis
References
Link
Vulnerability
Steinbeis Allegra renderFieldMatch deserialization
CVSSv3
9.4
Release Date
2/10/2024
Products
Steinbeis
References
Link
Vulnerability
Siemens Location Intelligence Perpetual Large hard-coded credentials
CVSSv3
9.6
Release Date
2/13/2024
Products
Siemens
References
Link
Vulnerability
Microsoft Exchange Server Remote Code Execution
CVSSv3
9.1
Release Date
2/13/2024
Products
Microsoft
References
Link
Vulnerability
Adobe FrameMaker Publishing Server improper authentication
CVSSv3
9.4
Release Date
2/14/2024
Products
Adobe
References
Link
Vulnerability
HGiga OAKlouds os command injection
CVSSv3
9.6
Release Date
2/15/2024
Products
HGiga
References
Link
Vulnerability
Dell SmartFabric OS10 os command injection
CVSSv3
9.6
Release Date
2/15/2024
Products
Dell
References
Link
Vulnerability
Dell Enterprise SONiC OS input validation
CVSSv3
9.8
Release Date
2/15/2024
Products
Dell
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9.2
Release Date
2/15/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9.2
Release Date
2/15/2024
Products
SolarWinds
References
Link
Vulnerability
Loomio os command injection
CVSSv3
9.9
Release Date
2/20/2024
Products
Loomio
References
Link
Vulnerability
Torrentpier deserialization
CVSSv3
9.9
Release Date
2/20/2024
Products
Torrentpier
References
Link
Vulnerability
CISA Ethercat Zeek Plugin Datagram Analyzer out-of-bounds write
CVSSv3
9.4
Release Date
2/21/2024
Products
CISA
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm 680 4G Mobile Platform Data Modem memory corruption | 9.6 | 1/2/2024 | Qualcomm | Link | ||
| https://www.cve.org/CVERecord?id=CVE-2023-33025 | 9.9 | 1/2/2024 | Link | |||
| Google Pixel Watch DeviceVersionFragment.java checkDebuggingDisallowed privileges management | 9.7 | 1/3/2024 | Link | |||
| Google Wifi Pro missing encryption | 9.9 | 1/3/2024 | Link | |||
| mehah OTCLient SonarCloud Workflow otclient injection | 9.6 | 1/3/2024 | mehah | Link | ||
| Paddle convert_shape_compare os command injection | 9 | 1/3/2024 | Paddle | Link | ||
| Paddle _wget_download os command injection | 9 | 1/3/2024 | Paddle | Link | ||
| Paddle get_online_pass_interval os command injection | 9 | 1/3/2024 | Paddle | Link | ||
| Ivanti Endpoint Manager sql injection | 9 | 1/5/2024 | Ivanti | Link | ||
| DEMON1A Discord-Recon input validation | 9.1 | 1/9/2024 | DEMON1A | Link | ||
| Siemens SIMATIC CN 4100 default credentials | 9.6 | 1/9/2024 | Siemens | Link | ||
| Korenix JetNet signature verification | 9.6 | 1/9/2024 | Korenix | Link | ||
| Siemens SIMATIC IPC1047E/SIMATIC IPC647E/SIMATIC IPC847E maxView Storage Manager input validation | 9.7 | 1/9/2024 | Siemens | Link | ||
| AMI MegaRAC_SPx BMC stack-based overflow | 9 | 1/10/2024 | AMI | Link | ||
| AMI MegaRAC_SPx BMC or stack-based overflow | 9 | 1/10/2024 | AMI | Link | ||
| Apple iOS/iPadOS type confusion | 9.4 | 1/11/2024 | Apple | Link | ||
| Zoho ManageEngine ADSelfService Plus Load Balancer Privilege Escalation | 9.1 | 1/11/2024 | Zoho | Link | ||
| Juniper Junos OS J-Web out-of-bounds write | 9.6 | 1/12/2024 | Juniper | Link | ||
| Intumit SmartRobot Web Framework injection | 9.8 | 1/15/2024 | Intumit | Link | ||
| Atlassian Confluence Data Center/Confluence Server Template injection | 9.7 | 1/16/2024 | Atlassian | Link | ||
| VMware Aria Automation/Cloud Foundation access control | 9.1 | 1/16/2024 | VMware | Link | ||
| Cires21 C21 Live Encoder and Live Mosaic File Extension unrestricted upload | 9.9 | 1/17/2024 | Cires21 | Link | ||
| Cires21 C21 Live Encoder and Live Mosaic Endpoint access control | 9.8 | 1/17/2024 | Cires21 | Link | ||
| ASUS Armoury Crate HTTP Request external reference | 9.8 | 1/19/2024 | ASUS | Link | ||
| sofastack sofa-rpc SOFA Hessian Protocol deserialization | 9.6 | 1/23/2024 | sofastack | Link | ||
| Arris SURFboard SBG6950AC2 missing authentication | 9.2 | 1/26/2024 | Arris | Link | ||
| D-Link DAP-1650 UPnP SUBSCRIBE Message command injection | 9.2 | 1/26/2024 | D-Link | Link | ||
| D-Link DAP-1650 gena.cgi command injection | 9.2 | 1/26/2024 | D-Link | Link | ||
| Symantec Server Management Suite buffer overflow | 9.9 | 1/26/2024 | Symantec | Link | ||
| Symantec Deployment Solution UpdateComputer Token Parser buffer overflow | 9.9 | 1/26/2024 | Symantec | Link |
Vulnerability
Qualcomm 680 4G Mobile Platform Data Modem memory corruption
CVSSv3
9.6
Release Date
1/2/2024
Products
Qualcomm
References
Link
Vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-33025
CVSSv3
9.9
Release Date
1/2/2024
Products
Google
References
Link
Vulnerability
Google Pixel Watch DeviceVersionFragment.java checkDebuggingDisallowed privileges management
CVSSv3
9.7
Release Date
1/3/2024
Products
Google
References
Link
Vulnerability
Google Wifi Pro missing encryption
CVSSv3
9.9
Release Date
1/3/2024
Products
Google
References
Link
Vulnerability
mehah OTCLient SonarCloud Workflow otclient injection
CVSSv3
9.6
Release Date
1/3/2024
Products
mehah
References
Link
Vulnerability
Paddle convert_shape_compare os command injection
CVSSv3
9
Release Date
1/3/2024
Products
Paddle
References
Link
Vulnerability
Paddle _wget_download os command injection
CVSSv3
9
Release Date
1/3/2024
Products
Paddle
References
Link
Vulnerability
Paddle get_online_pass_interval os command injection
CVSSv3
9
Release Date
1/3/2024
Products
Paddle
References
Link
Vulnerability
Ivanti Endpoint Manager sql injection
CVSSv3
9
Release Date
1/5/2024
Products
Ivanti
References
Link
Vulnerability
DEMON1A Discord-Recon input validation
CVSSv3
9.1
Release Date
1/9/2024
Products
DEMON1A
References
Link
Vulnerability
Siemens SIMATIC CN 4100 default credentials
CVSSv3
9.6
Release Date
1/9/2024
Products
Siemens
References
Link
Vulnerability
Korenix JetNet signature verification
CVSSv3
9.6
Release Date
1/9/2024
Products
Korenix
References
Link
Vulnerability
Siemens SIMATIC IPC1047E/SIMATIC IPC647E/SIMATIC IPC847E maxView Storage Manager input validation
CVSSv3
9.7
Release Date
1/9/2024
Products
Siemens
References
Link
Vulnerability
AMI MegaRAC_SPx BMC stack-based overflow
CVSSv3
9
Release Date
1/10/2024
Products
AMI
References
Link
Vulnerability
AMI MegaRAC_SPx BMC or stack-based overflow
CVSSv3
9
Release Date
1/10/2024
Products
AMI
References
Link
Vulnerability
Apple iOS/iPadOS type confusion
CVSSv3
9.4
Release Date
1/11/2024
Products
Apple
References
Link
Vulnerability
Zoho ManageEngine ADSelfService Plus Load Balancer Privilege Escalation
CVSSv3
9.1
Release Date
1/11/2024
Products
Zoho
References
Link
Vulnerability
Juniper Junos OS J-Web out-of-bounds write
CVSSv3
9.6
Release Date
1/12/2024
Products
Juniper
References
Link
Vulnerability
Intumit SmartRobot Web Framework injection
CVSSv3
9.8
Release Date
1/15/2024
Products
Intumit
References
Link
Vulnerability
Atlassian Confluence Data Center/Confluence Server Template injection
CVSSv3
9.7
Release Date
1/16/2024
Products
Atlassian
References
Link
Vulnerability
VMware Aria Automation/Cloud Foundation access control
CVSSv3
9.1
Release Date
1/16/2024
Products
VMware
References
Link
Vulnerability
Cires21 C21 Live Encoder and Live Mosaic File Extension unrestricted upload
CVSSv3
9.9
Release Date
1/17/2024
Products
Cires21
References
Link
Vulnerability
Cires21 C21 Live Encoder and Live Mosaic Endpoint access control
CVSSv3
9.8
Release Date
1/17/2024
Products
Cires21
References
Link
Vulnerability
ASUS Armoury Crate HTTP Request external reference
CVSSv3
9.8
Release Date
1/19/2024
Products
ASUS
References
Link
Vulnerability
sofastack sofa-rpc SOFA Hessian Protocol deserialization
CVSSv3
9.6
Release Date
1/23/2024
Products
sofastack
References
Link
Vulnerability
Arris SURFboard SBG6950AC2 missing authentication
CVSSv3
9.2
Release Date
1/26/2024
Products
Arris
References
Link
Vulnerability
D-Link DAP-1650 UPnP SUBSCRIBE Message command injection
CVSSv3
9.2
Release Date
1/26/2024
Products
D-Link
References
Link
Vulnerability
D-Link DAP-1650 gena.cgi command injection
CVSSv3
9.2
Release Date
1/26/2024
Products
D-Link
References
Link
Vulnerability
Symantec Server Management Suite buffer overflow
CVSSv3
9.9
Release Date
1/26/2024
Products
Symantec
References
Link
Vulnerability
Symantec Deployment Solution UpdateComputer Token Parser buffer overflow
CVSSv3
9.9
Release Date
1/26/2024
Products
Symantec
References
Link
December
November
October
September
August
July
June
May
February
January
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Unitronics Vision Series PLC insecure default initialization of resource | 9.8 | 12/5/2023 | Unitronics | Link | ||
| mlflow special elements used in a template engine | 9.7 | 12/12/2023 | mlflow | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.1 | 12/13/2023 | Fortinet | Link | ||
| Fortinet FortiWAN JWT Token improper authentication | 9.1 | 12/13/2023 | Fortinet | Link | ||
| Repox transforamationfileupload unrestricted upload | 9.9 | 12/13/2023 | Repox | Link | ||
| Dasan Networks W-Web os command injection | 9.6 | 12/13/2023 | Dasan | Link | ||
| Phoenix Contact Automation Worx Software Suite permission assignment | 9.6 | 12/14/2023 | Phoenix | Link | ||
| Phoenix Contact MULTIPROG/ProConOS eCLR permission assignment | 9.6 | 12/14/2023 | Phoenix | Link | ||
| Multisuns EasyLog Web+ code injection | 9.8 | 12/15/2023 | Multisuns | Link | ||
| SmartStar CWS Web-Base unrestricted upload | 9.8 | 12/15/2023 | SmartStar | Link | ||
| ITPison OMICARD EDM SMS unrestricted upload | 9.8 | 12/15/2023 | ITPison | Link | ||
| IDEMIA SIGMA Lite & Lite + Retrofit Validation stack-based overflow | 9.3 | 12/15/2023 | IDEMIA | Link | ||
| Zabbix Session Cookie cookie validation | 9 | 12/18/2023 | Zabbix | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Wavelink Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Wavelink Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Wavelink Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| mlflow path traversal | 9.7 | 12/20/2023 | mlflow | Link | ||
| huggingface transformers deserialization | 9 | 12/20/2023 | huggingface | Link | ||
| Voltronic Power ViewPower Pro deserialization | 9.5 | 12/21/2023 | Voltronic | Link | ||
| Voltronic Power ViewPower Pro getMacAddressByIp command injection | 9.5 | 12/21/2023 | Voltronic | Link |
Vulnerability
Unitronics Vision Series PLC insecure default initialization of resource
CVSSv3
9.8
Release Date
12/5/2023
Products
Unitronics
References
Link
Vulnerability
mlflow special elements used in a template engine
CVSSv3
9.7
Release Date
12/12/2023
Products
mlflow
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.1
Release Date
12/13/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWAN JWT Token improper authentication
CVSSv3
9.1
Release Date
12/13/2023
Products
Fortinet
References
Link
Vulnerability
Repox transforamationfileupload unrestricted upload
CVSSv3
9.9
Release Date
12/13/2023
Products
Repox
References
Link
Vulnerability
Dasan Networks W-Web os command injection
CVSSv3
9.6
Release Date
12/13/2023
Products
Dasan
References
Link
Vulnerability
Phoenix Contact Automation Worx Software Suite permission assignment
CVSSv3
9.6
Release Date
12/14/2023
Products
Phoenix
References
Link
Vulnerability
Phoenix Contact MULTIPROG/ProConOS eCLR permission assignment
CVSSv3
9.6
Release Date
12/14/2023
Products
Phoenix
References
Link
Vulnerability
Multisuns EasyLog Web+ code injection
CVSSv3
9.8
Release Date
12/15/2023
Products
Multisuns
References
Link
Vulnerability
SmartStar CWS Web-Base unrestricted upload
CVSSv3
9.8
Release Date
12/15/2023
Products
SmartStar
References
Link
Vulnerability
ITPison OMICARD EDM SMS unrestricted upload
CVSSv3
9.8
Release Date
12/15/2023
Products
ITPison
References
Link
Vulnerability
IDEMIA SIGMA Lite & Lite + Retrofit Validation stack-based overflow
CVSSv3
9.3
Release Date
12/15/2023
Products
IDEMIA
References
Link
Vulnerability
Zabbix Session Cookie cookie validation
CVSSv3
9
Release Date
12/18/2023
Products
Zabbix
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Wavelink Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Wavelink Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Wavelink Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
mlflow path traversal
CVSSv3
9.7
Release Date
12/20/2023
Products
mlflow
References
Link
Vulnerability
huggingface transformers deserialization
CVSSv3
9
Release Date
12/20/2023
Products
huggingface
References
Link
Vulnerability
Voltronic Power ViewPower Pro deserialization
CVSSv3
9.5
Release Date
12/21/2023
Products
Voltronic
References
Link
Vulnerability
Voltronic Power ViewPower Pro getMacAddressByIp command injection
CVSSv3
9.5
Release Date
12/21/2023
Products
Voltronic
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Zavio CD321 XML Element stack-based overflow | 9.5 | 10/31/2023 | Zavio | Link | ||
| Zavio CD321 XML Element Parser stack-based overflow | 9.5 | 10/31/2023 | Zavio | Link | ||
| Zavio CD321 XML Element stack-based overflow | 9.5 | 10/31/2023 | Zavio | Link | ||
| INEA ME RTU improper authentication | 9.4 | 10/31/2023 | INEA | Link | ||
| GLPI ajax input validation | 9.7 | 11/2/2023 | GLPI | Link | ||
| Weintek EasyBuilder Pro hard-coded credentials | 9.4 | 11/2/2023 | Weintek | Link | ||
| Mitsubishi Electric MELSEC-F/MELSEC iQ-F data authenticity | 9.8 | 11/2/2023 | Mitsubishi | Link | ||
| 1E Platform URL Parameter input validation | 9.1 | 11/6/2023 | 1E | Link | ||
| 1E Platform URL Parameter input validation | 9.3 | 11/6/2023 | 1E | Link | ||
| 1E Platform URL Parameter input validation | 9.1 | 11/6/2023 | 1E | Link | ||
| Johnson Controls Quantum HD Unity debug code | 9.4 | 11/9/2023 | Johnson | Link | ||
| PostgreSQL Array Modification integer overflow | 9.4 | 11/10/2023 | PostgreSQL | Link | ||
| Weston Embedded Cesium NET/uC-HTTP HTTP Server memory corruption | 9.2 | 11/14/2023 | Weston | Link | ||
| Siemens COMOS Cache Validation Service Testing Ptmcast buffer overflow | 9 | 11/14/2023 | Siemens | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.6 | 11/14/2023 | Fortinet | Link | ||
| Intel DCM software protection mechanism | 9.7 | 11/14/2023 | Intel | Link | ||
| HPE ArubaOS CLI Service buffer overflow | 9.6 | 11/15/2023 | HPE | Link | ||
| HPE ArubaOS AirWave Client Service buffer overflow | 9.6 | 11/15/2023 | HPE | Link | ||
| HPE ArubaOS CLI Service buffer overflow | 9.6 | 11/15/2023 | HPE | Link | ||
| ray URL Parameter os command injection | 9.9 | 11/16/2023 | ray | Link | ||
| h2oai h2o-3 POJO Model Import code injection | 9.9 | 11/16/2023 | h2oai | Link | ||
| Red Lion Sixnet RTU UDR Message routine | 9.4 | 11/17/2023 | Red | Link | ||
| Red Lion Sixnet RTU authentication bypass | 9.4 | 11/17/2023 | Red | Link | ||
| WAGO Industrial Managed Switch Web-based Management os command injection | 9.6 | 11/21/2023 | WAGO | Link | ||
| Digital Communications Technologies Syrus4 IoT Telematics Gateway MQTT Server improper authentication | 9.9 | 11/22/2023 | Digital | Link | ||
| Univera Computer System Panorama os command injection | 9.1 | 11/28/2023 | Univera | Link | ||
| Delta Electronics InfraSuite Device Master UDP Packet routine | 9.4 | 11/29/2023 | Delta | Link | ||
| Delta Electronics InfraSuite Device Master deserialization | 9.4 | 11/29/2023 | Delta | Link | ||
| Zyxel NAS326/NAS542 WSGI Server os command injection | 9.8 | 11/30/2023 | Zyxel | Link | ||
| Zyxel NAS326/NAS542 HTTP POST Request show_zysync_server_contents os command injection | 9.8 | 11/30/2023 | Zyxel | Link |
Vulnerability
Zavio CD321 XML Element stack-based overflow
CVSSv3
9.5
Release Date
10/31/2023
Products
Zavio
References
Link
Vulnerability
Zavio CD321 XML Element Parser stack-based overflow
CVSSv3
9.5
Release Date
10/31/2023
Products
Zavio
References
Link
Vulnerability
Zavio CD321 XML Element stack-based overflow
CVSSv3
9.5
Release Date
10/31/2023
Products
Zavio
References
Link
Vulnerability
INEA ME RTU improper authentication
CVSSv3
9.4
Release Date
10/31/2023
Products
INEA
References
Link
Vulnerability
GLPI ajax input validation
CVSSv3
9.7
Release Date
11/2/2023
Products
GLPI
References
Link
Vulnerability
Weintek EasyBuilder Pro hard-coded credentials
CVSSv3
9.4
Release Date
11/2/2023
Products
Weintek
References
Link
Vulnerability
Mitsubishi Electric MELSEC-F/MELSEC iQ-F data authenticity
CVSSv3
9.8
Release Date
11/2/2023
Products
Mitsubishi
References
Link
Vulnerability
1E Platform URL Parameter input validation
CVSSv3
9.1
Release Date
11/6/2023
Products
1E
References
Link
Vulnerability
1E Platform URL Parameter input validation
CVSSv3
9.3
Release Date
11/6/2023
Products
1E
References
Link
Vulnerability
1E Platform URL Parameter input validation
CVSSv3
9.1
Release Date
11/6/2023
Products
1E
References
Link
Vulnerability
Johnson Controls Quantum HD Unity debug code
CVSSv3
9.4
Release Date
11/9/2023
Products
Johnson
References
Link
Vulnerability
PostgreSQL Array Modification integer overflow
CVSSv3
9.4
Release Date
11/10/2023
Products
PostgreSQL
References
Link
Vulnerability
Weston Embedded Cesium NET/uC-HTTP HTTP Server memory corruption
CVSSv3
9.2
Release Date
11/14/2023
Products
Weston
References
Link
Vulnerability
Siemens COMOS Cache Validation Service Testing Ptmcast buffer overflow
CVSSv3
9
Release Date
11/14/2023
Products
Siemens
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.6
Release Date
11/14/2023
Products
Fortinet
References
Link
Vulnerability
Intel DCM software protection mechanism
CVSSv3
9.7
Release Date
11/14/2023
Products
Intel
References
Link
Vulnerability
HPE ArubaOS CLI Service buffer overflow
CVSSv3
9.6
Release Date
11/15/2023
Products
HPE
References
Link
Vulnerability
HPE ArubaOS AirWave Client Service buffer overflow
CVSSv3
9.6
Release Date
11/15/2023
Products
HPE
References
Link
Vulnerability
HPE ArubaOS CLI Service buffer overflow
CVSSv3
9.6
Release Date
11/15/2023
Products
HPE
References
Link
Vulnerability
ray URL Parameter os command injection
CVSSv3
9.9
Release Date
11/16/2023
Products
ray
References
Link
Vulnerability
h2oai h2o-3 POJO Model Import code injection
CVSSv3
9.9
Release Date
11/16/2023
Products
h2oai
References
Link
Vulnerability
Red Lion Sixnet RTU UDR Message routine
CVSSv3
9.4
Release Date
11/17/2023
Products
Red
References
Link
Vulnerability
Red Lion Sixnet RTU authentication bypass
CVSSv3
9.4
Release Date
11/17/2023
Products
Red
References
Link
Vulnerability
WAGO Industrial Managed Switch Web-based Management os command injection
CVSSv3
9.6
Release Date
11/21/2023
Products
WAGO
References
Link
Vulnerability
Digital Communications Technologies Syrus4 IoT Telematics Gateway MQTT Server improper authentication
CVSSv3
9.9
Release Date
11/22/2023
Products
Digital
References
Link
Vulnerability
Univera Computer System Panorama os command injection
CVSSv3
9.1
Release Date
11/28/2023
Products
Univera
References
Link
Vulnerability
Delta Electronics InfraSuite Device Master UDP Packet routine
CVSSv3
9.4
Release Date
11/29/2023
Products
Delta
References
Link
Vulnerability
Delta Electronics InfraSuite Device Master deserialization
CVSSv3
9.4
Release Date
11/29/2023
Products
Delta
References
Link
Vulnerability
Zyxel NAS326/NAS542 WSGI Server os command injection
CVSSv3
9.8
Release Date
11/30/2023
Products
Zyxel
References
Link
Vulnerability
Zyxel NAS326/NAS542 HTTP POST Request show_zysync_server_contents os command injection
CVSSv3
9.8
Release Date
11/30/2023
Products
Zyxel
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm QCN5054 WLAN memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Qualcomm AR8035 Modem memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Netman-204 Firmware File unrestricted upload | 9.9 | 10/3/2023 | Netman-204 | Link | ||
| Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine | 9.8 | 10/3/2023 | Dienstleistung | Link | ||
| Cisco Emergency Responder hard-coded credentials | 9.4 | 10/4/2023 | Cisco | Link | ||
| Schneider Electric C-Bus Toolkit path traversal | 9.6 | 10/5/2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization | 9.6 | 10/5/2023 | Schneider | Link | ||
| D-Link D-View InstallApplication hard-coded credentials | 9.5 | 10/5/2023 | D-Link | Link | ||
| D-Link D-View coreservice_action_script Remote Code Execution | 9.5 | 10/5/2023 | D-Link | Link | ||
| Qognify NiceVision hard-coded credentials | 9.7 | 10/6/2023 | Qognify | Link | ||
| Dell SmartFabric Storage Software input validation | 9.6 | 10/6/2023 | Dell | Link | ||
| Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials | 9.6 | 10/10/2023 | Siemens | Link | ||
| Siemens Simcenter Amesim SOAP Endpoint code injection | 9.6 | 10/10/2023 | Siemens | Link | ||
| Sangfor Next-Gen Application Firewall Header authentication spoofing | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall LogInOut.php os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request realloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request malloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gozila_cgi stack-based overflow | 9.2 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request manage_request stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg.cgi debug code | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request debug code | 9.6 | 2023-10-11 | Yifan | Link |
Vulnerability
Qualcomm QCN5054 WLAN memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AR8035 Modem memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Netman-204 Firmware File unrestricted upload
CVSSv3
9.9
Release Date
10/3/2023
Products
Netman-204
References
Link
Vulnerability
Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine
CVSSv3
9.8
Release Date
10/3/2023
Products
Dienstleistung
References
Link
Vulnerability
Cisco Emergency Responder hard-coded credentials
CVSSv3
9.4
Release Date
10/4/2023
Products
Cisco
References
Link
Vulnerability
Schneider Electric C-Bus Toolkit path traversal
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
D-Link D-View InstallApplication hard-coded credentials
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
D-Link D-View coreservice_action_script Remote Code Execution
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
Qognify NiceVision hard-coded credentials
CVSSv3
9.7
Release Date
10/6/2023
Products
Qognify
References
Link
Vulnerability
Dell SmartFabric Storage Software input validation
CVSSv3
9.6
Release Date
10/6/2023
Products
Dell
References
Link
Vulnerability
Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Siemens Simcenter Amesim SOAP Endpoint code injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall Header authentication spoofing
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall LogInOut.php os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request realloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request malloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gozila_cgi stack-based overflow
CVSSv3
9.2
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request manage_request stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg.cgi debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Linux Kernel Netfilter Subsystem Local Privilege Escalation | 7.5 | 09/01/2023 | Linux | Link | ||
| Acronis Cloud Manager input validation | 8.2 | 09/01/2023 | Acronis | Link | ||
| Acronis Cloud Manager input validation | 8.2 | 09/01/2023 | Acronis | Link | ||
| Moxa MXsecurity small space of random values | 9.6 | 09/02/2023 | Moxa | Link | ||
| vim untrusted search path | 7.6 | 09/03/2023 | vim | Link | ||
| TOTOLINK N200RE V5 Validity_check format string | 8.0 | 09/03/2023 | TOTOLINK | Link | ||
| Tenda AC8 formSetDeviceName stack-based overflow | 8.9 | 09/03/2023 | Tenda | Link | ||
| Proscend Advice ICR hard-coded credentials | 9.9 | 09/04/2023 | Proscend | Link | ||
| ForeScout NAC SecureConnector uncontrolled search path | 7.8 | 09/04/2023 | ForeScout | Link | ||
| LG LED Assistant path traversal | 8.4 | 09/04/2023 | LG | Link | ||
| LG LED Assistant setThumbnailRc path traversal | 8.4 | 09/04/2023 | LG | Link | ||
| Dell Alienware Command Center .NET Remoting Server deserialization | 7.6 | 09/04/2023 | Dell | Link | ||
| Qualcomm APQ8064AU Graphics memory corruption | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm WSA8835 WLAN Firmware memory corruption | 9.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCN5022 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | https://www.cve.org/CVERecord?id=CVE-2023-28573 | |
| Qualcomm QCA9886 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA6694 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | https://www.cve.org/CVERecord?id=CVE-2023-28565 | |
| Qualcomm QCA9987 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9889 WLAN HAL buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCN5164 WLAN Firmware buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm SD855 WLAN array index | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9980 Command Parameter memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9980 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCN5154 WLAN HAL array index | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm AQT1000 WIN stack-based overflow | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm AQT1000 Core buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm WCD9335 Core buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm WSA8835 Audio array index | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9984 WLAN HAL memory corruption | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm AQT1000 ESL memory corruption | 9.6 | 09/05/2023 | Qualcomm | Link |
Vulnerability
Linux Kernel Netfilter Subsystem Local Privilege Escalation
CVSSv3
7.5
Release Date
09/01/2023
Products
Linux
References
Link
Vulnerability
Acronis Cloud Manager input validation
CVSSv3
8.2
Release Date
09/01/2023
Products
Acronis
References
Link
Vulnerability
Acronis Cloud Manager input validation
CVSSv3
8.2
Release Date
09/01/2023
Products
Acronis
References
Link
Vulnerability
Moxa MXsecurity small space of random values
CVSSv3
9.6
Release Date
09/02/2023
Products
Moxa
References
Link
Vulnerability
vim untrusted search path
CVSSv3
7.6
Release Date
09/03/2023
Products
vim
References
Link
Vulnerability
TOTOLINK N200RE V5 Validity_check format string
CVSSv3
8.0
Release Date
09/03/2023
Products
TOTOLINK
References
Link
Vulnerability
Tenda AC8 formSetDeviceName stack-based overflow
CVSSv3
8.9
Release Date
09/03/2023
Products
Tenda
References
Link
Vulnerability
Proscend Advice ICR hard-coded credentials
CVSSv3
9.9
Release Date
09/04/2023
Products
Proscend
References
Link
Vulnerability
ForeScout NAC SecureConnector uncontrolled search path
CVSSv3
7.8
Release Date
09/04/2023
Products
ForeScout
References
Link
Vulnerability
LG LED Assistant path traversal
CVSSv3
8.4
Release Date
09/04/2023
Products
LG
References
Link
Vulnerability
LG LED Assistant setThumbnailRc path traversal
CVSSv3
8.4
Release Date
09/04/2023
Products
LG
References
Link
Vulnerability
Dell Alienware Command Center .NET Remoting Server deserialization
CVSSv3
7.6
Release Date
09/04/2023
Products
Dell
References
Link
Vulnerability
Qualcomm APQ8064AU Graphics memory corruption
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm WSA8835 WLAN Firmware memory corruption
CVSSv3
9.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN5022 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9886 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA6694 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9987 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9889 WLAN HAL buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN5164 WLAN Firmware buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm SD855 WLAN array index
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9980 Command Parameter memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9980 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN5154 WLAN HAL array index
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AQT1000 WIN stack-based overflow
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AQT1000 Core buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm WCD9335 Core buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm WSA8835 Audio array index
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9984 WLAN HAL memory corruption
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AQT1000 ESL memory corruption
CVSSv3
9.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Ajaxmanager File and Database Explorer unrestricted upload | 8.5 | 08/01/2023 | Ajaxmanager | Link | ||
| RaspAP raspap-webgui POST Parameter get_wgkey.php command injection | 8.0 | 08/01/2023 | RaspAP | Link | ||
| Inductive Automation Ignition missing authentication | 7.7 | 08/01/2023 | Inductive | Link | ||
| Eramba Community Edition/Enterprise Edition download-test-pdf code injection | 7.9 | 08/01/2023 | Eramba | Link | ||
| Aruba AOS-CX Command Line Interface command injection | 8.8 | 08/01/2023 | Aruba | Link | ||
| FreeBSD IPv6 Packet integer overflow | 7.5 | 08/02/2023 | FreeBSD | Link | ||
| Brocade Fabric OS Command path traversal | 7.6 | 08/02/2023 | Brocade | Link | ||
| Brocade Fabric OS fosexec Command Local Privilege Escalation | 7.6 | 08/02/2023 | Brocade | Link | ||
| Brocade Fabric OS privileges management | 7.6 | 08/02/2023 | Brocade | Link | ||
| F5 BIG-IP Edge Client Installer signature verification | 7.8 | 08/02/2023 | F5 | Link | ||
| Xiaomi Router External Interface command injection | 8.8 | 08/02/2023 | Xiaomi | Link | ||
| IBM SDK Java Technology Edition Data deserialization | 7.9 | 08/02/2023 | IBM | Link | ||
| CX-One CXONE-AL CXP File use after free | 5.5 | 08/03/2023 | CX-One | Link | ||
| CX-One CXONE-AL CXP File heap-based overflow | 7.5 | 08/03/2023 | CX-One | Link | ||
| CX-One CXONE-AL CXP File out-of-bounds | 7.5 | 08/03/2023 | CX-One | Link | ||
| Axis License Plate Verifier access control | 8.8 | 08/03/2023 | Axis | Link | ||
| Ivanti Endpoint Manager Mobile API improper authentication | 8.5 | 08/03/2023 | Ivanti | Link | ||
| Apple macOS VPN memory corruption | 7.5 | 08/03/2023 | Apple | Link | ||
| CODESYS Control memory corruption | 8.6 | 08/03/2023 | CODESYS | Link | ||
| Fabasoft Cloud Enterprise Client Local Privilege Escalation | 7.5 | 08/03/2023 | Fabasoft | Link | ||
| HCL Unica Platform Group Remote Code Execution | 7.9 | 08/04/2023 | HCL | Link | ||
| Metabase database code injection | 8.5 | 08/04/2023 | Metabase | Link | ||
| Triangle MicroWorks SCADA Data Gateway missing authentication | 9.4 | 08/04/2023 | Triangle | Link | ||
| Extreme Networks AP410C stack-based overflow | 8.4 | 08/04/2023 | Extreme | Link | ||
| omeka omeka-s unrestricted upload | 7.9 | 08/04/2023 | omeka | Link | ||
| CloudExplorer Lite Module Management os command injection | 8.4 | 08/04/2023 | CloudExplorer | Link | ||
| social-media-skeleton sql injection | 8.5 | 08/04/2023 | social-media-skeleton | Link | ||
| Knowage importTemplateFile path traversal | 7.9 | 08/04/2023 | Knowage | Link | ||
| Stormshield SSL VPN Client OpenVPN Local Privilege Escalation | 7.5 | 08/05/2023 | Stormshield | Link | ||
| instantsoft icms2 sql injection | 8.4 | 08/06/2023 | instantsoft | Link |
Vulnerability
Ajaxmanager File and Database Explorer unrestricted upload
CVSSv3
8.5
Release Date
08/01/2023
Products
Ajaxmanager
References
Link
Vulnerability
RaspAP raspap-webgui POST Parameter get_wgkey.php command injection
CVSSv3
8.0
Release Date
08/01/2023
Products
RaspAP
References
Link
Vulnerability
Inductive Automation Ignition missing authentication
CVSSv3
7.7
Release Date
08/01/2023
Products
Inductive
References
Link
Vulnerability
Eramba Community Edition/Enterprise Edition download-test-pdf code injection
CVSSv3
7.9
Release Date
08/01/2023
Products
Eramba
References
Link
Vulnerability
Aruba AOS-CX Command Line Interface command injection
CVSSv3
8.8
Release Date
08/01/2023
Products
Aruba
References
Link
Vulnerability
FreeBSD IPv6 Packet integer overflow
CVSSv3
7.5
Release Date
08/02/2023
Products
FreeBSD
References
Link
Vulnerability
Brocade Fabric OS Command path traversal
CVSSv3
7.6
Release Date
08/02/2023
Products
Brocade
References
Link
Vulnerability
Brocade Fabric OS fosexec Command Local Privilege Escalation
CVSSv3
7.6
Release Date
08/02/2023
Products
Brocade
References
Link
Vulnerability
Brocade Fabric OS privileges management
CVSSv3
7.6
Release Date
08/02/2023
Products
Brocade
References
Link
Vulnerability
F5 BIG-IP Edge Client Installer signature verification
CVSSv3
7.8
Release Date
08/02/2023
Products
F5
References
Link
Vulnerability
Xiaomi Router External Interface command injection
CVSSv3
8.8
Release Date
08/02/2023
Products
Xiaomi
References
Link
Vulnerability
IBM SDK Java Technology Edition Data deserialization
CVSSv3
7.9
Release Date
08/02/2023
Products
IBM
References
Link
Vulnerability
CX-One CXONE-AL CXP File use after free
CVSSv3
5.5
Release Date
08/03/2023
Products
CX-One
References
Link
Vulnerability
CX-One CXONE-AL CXP File heap-based overflow
CVSSv3
7.5
Release Date
08/03/2023
Products
CX-One
References
Link
Vulnerability
CX-One CXONE-AL CXP File out-of-bounds
CVSSv3
7.5
Release Date
08/03/2023
Products
CX-One
References
Link
Vulnerability
Axis License Plate Verifier access control
CVSSv3
8.8
Release Date
08/03/2023
Products
Axis
References
Link
Vulnerability
Ivanti Endpoint Manager Mobile API improper authentication
CVSSv3
8.5
Release Date
08/03/2023
Products
Ivanti
References
Link
Vulnerability
Apple macOS VPN memory corruption
CVSSv3
7.5
Release Date
08/03/2023
Products
Apple
References
Link
Vulnerability
CODESYS Control memory corruption
CVSSv3
8.6
Release Date
08/03/2023
Products
CODESYS
References
Link
Vulnerability
Fabasoft Cloud Enterprise Client Local Privilege Escalation
CVSSv3
7.5
Release Date
08/03/2023
Products
Fabasoft
References
Link
Vulnerability
HCL Unica Platform Group Remote Code Execution
CVSSv3
7.9
Release Date
08/04/2023
Products
HCL
References
Link
Vulnerability
Metabase database code injection
CVSSv3
8.5
Release Date
08/04/2023
Products
Metabase
References
Link
Vulnerability
Triangle MicroWorks SCADA Data Gateway missing authentication
CVSSv3
9.4
Release Date
08/04/2023
Products
Triangle
References
Link
Vulnerability
Extreme Networks AP410C stack-based overflow
CVSSv3
8.4
Release Date
08/04/2023
Products
Extreme
References
Link
Vulnerability
omeka omeka-s unrestricted upload
CVSSv3
7.9
Release Date
08/04/2023
Products
omeka
References
Link
Vulnerability
CloudExplorer Lite Module Management os command injection
CVSSv3
8.4
Release Date
08/04/2023
Products
CloudExplorer
References
Link
Vulnerability
social-media-skeleton sql injection
CVSSv3
8.5
Release Date
08/04/2023
Products
social-media-skeleton
References
Link
Vulnerability
Knowage importTemplateFile path traversal
CVSSv3
7.9
Release Date
08/04/2023
Products
Knowage
References
Link
Vulnerability
Stormshield SSL VPN Client OpenVPN Local Privilege Escalation
CVSSv3
7.5
Release Date
08/05/2023
Products
Stormshield
References
Link
Vulnerability
instantsoft icms2 sql injection
CVSSv3
8.4
Release Date
08/06/2023
Products
instantsoft
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Netgear RAX50 Certificate Validation curl_post certificate validation | 7.7 | 07/01/2023 | Netgear | Link | ||
| D-Link DIR-X3260 prog.cgi SOAPAction command injection | 8.4 | 07/01/2023 | D-Link | Link | ||
| Netgear RAX30 UPnP command injection | 8.4 | 07/01/2023 | Netgear | Link | ||
| Hero Qubo Telnet Service missing authentication | 8.2 | 07/04/2023 | Hero | Link | ||
| NVIDIA Virtual GPU Manager vGPU software improper authorization | 7.8 | 07/04/2023 | NVIDIA | Link | ||
| Qualcomm 315 5G IoT Modem WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCA9898 Data Modem memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm AR8035 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm 315 5G IoT Modem Audio memory corruption | 7.9 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCN9074 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCA9994 VX memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCN9012 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm FastConnect 6700 Audio memory corruption | 7.9 | 07/04/2023 | Qualcomm | Link | ||
| Samsung Smart Phone RILD RmtUimNeedApdu out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD IpcRxUsimPhoneBookCapa out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD BroadcastSmsConfig out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD IpcRxIncomingCBMsg out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD CdmaSmsParser out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Huawei EMUI/Magic UI uinput use after free | 7.8 | 07/06/2023 | Huawei | Link | ||
| PiiGAB M-Bus SoftwarePack 900S hard-coded credentials | 9.4 | 07/06/2023 | PiiGAB | Link | ||
| PiiGAB M-Bus SoftwarePack 900S code injection | 8.4 | 07/06/2023 | PiiGAB | Link | ||
| Mastodon Media File path traversal | 7.9 | 07/06/2023 | Mastodon | Link | ||
| authentik Header interpretation conflict | 7.6 | 07/06/2023 | authentik | Link | ||
| Linux Kernel UDF Filesystem Image super.c udf_put_super use after free | 7.8 | 07/06/2023 | Linux | Link | ||
| openSUSE Tumbleweed hawk2 permission | 7.8 | 07/07/2023 | openSUSE | Link | ||
| MuJS Regexp Source Property denial of service | 7.5 | 07/08/2023 | MuJS | Link | ||
| OpenComputers Metadata Services API Endpoint server-side request forgery | 7.8 | 07/08/2023 | OpenComputers | Link | ||
| OpenComputers server-side request forgery | 7.8 | 07/08/2023 | OpenComputers | Link | ||
| SmartSoft SmartBPM.NET hard-coded credentials | 8.2 | 07/10/2023 | SmartSoft | Link | ||
| SmartSoft SmartBPM.NET hard-coded credentials | 8.5 | 07/10/2023 | SmartSoft | Link |
Vulnerability
Netgear RAX50 Certificate Validation curl_post certificate validation
CVSSv3
7.7
Release Date
07/01/2023
Products
Netgear
References
Link
Vulnerability
D-Link DIR-X3260 prog.cgi SOAPAction command injection
CVSSv3
8.4
Release Date
07/01/2023
Products
D-Link
References
Link
Vulnerability
Netgear RAX30 UPnP command injection
CVSSv3
8.4
Release Date
07/01/2023
Products
Netgear
References
Link
Vulnerability
Hero Qubo Telnet Service missing authentication
CVSSv3
8.2
Release Date
07/04/2023
Products
Hero
References
Link
Vulnerability
NVIDIA Virtual GPU Manager vGPU software improper authorization
CVSSv3
7.8
Release Date
07/04/2023
Products
NVIDIA
References
Link
Vulnerability
Qualcomm 315 5G IoT Modem WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9898 Data Modem memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AR8035 WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm 315 5G IoT Modem Audio memory corruption
CVSSv3
7.9
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN9074 WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9994 VX memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN9012 WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm FastConnect 6700 Audio memory corruption
CVSSv3
7.9
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Samsung Smart Phone RILD RmtUimNeedApdu out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD IpcRxUsimPhoneBookCapa out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD BroadcastSmsConfig out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD IpcRxIncomingCBMsg out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD CdmaSmsParser out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Huawei EMUI/Magic UI uinput use after free
CVSSv3
7.8
Release Date
07/06/2023
Products
Huawei
References
Link
Vulnerability
PiiGAB M-Bus SoftwarePack 900S hard-coded credentials
CVSSv3
9.4
Release Date
07/06/2023
Products
PiiGAB
References
Link
Vulnerability
PiiGAB M-Bus SoftwarePack 900S code injection
CVSSv3
8.4
Release Date
07/06/2023
Products
PiiGAB
References
Link
Vulnerability
Mastodon Media File path traversal
CVSSv3
7.9
Release Date
07/06/2023
Products
Mastodon
References
Link
Vulnerability
authentik Header interpretation conflict
CVSSv3
7.6
Release Date
07/06/2023
Products
authentik
References
Link
Vulnerability
Linux Kernel UDF Filesystem Image super.c udf_put_super use after free
CVSSv3
7.8
Release Date
07/06/2023
Products
Linux
References
Link
Vulnerability
openSUSE Tumbleweed hawk2 permission
CVSSv3
7.8
Release Date
07/07/2023
Products
openSUSE
References
Link
Vulnerability
MuJS Regexp Source Property denial of service
CVSSv3
7.5
Release Date
07/08/2023
Products
MuJS
References
Link
Vulnerability
OpenComputers Metadata Services API Endpoint server-side request forgery
CVSSv3
7.8
Release Date
07/08/2023
Products
OpenComputers
References
Link
Vulnerability
OpenComputers server-side request forgery
CVSSv3
7.8
Release Date
07/08/2023
Products
OpenComputers
References
Link
Vulnerability
SmartSoft SmartBPM.NET hard-coded credentials
CVSSv3
8.2
Release Date
07/10/2023
Products
SmartSoft
References
Link
Vulnerability
SmartSoft SmartBPM.NET hard-coded credentials
CVSSv3
8.5
Release Date
07/10/2023
Products
SmartSoft
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Deno/deno_runtime node:http/node:https privileges management | 7.8 | 06/01/2023 | Deno/deno_runtime | Link | ||
| Linux Kernel xfs_btree.c xfs_btree_lookup_get_block use after free | 7.6 | 06/01/2023 | Linux | Link | ||
| VIPRE Antivirus Plus link following | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus SetPrivateConfig path traversal | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus DeleteHistoryFile path traversal | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus TelFileTransfer link following | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus FPQuarTransfer link following | 7.8 | 06/01/2023 | VIPRE | Link | ||
| Gallagher Controller 6000 Controller Diagnostic Web Interface buffer overflow | 8.0 | 06/01/2023 | Gallagher | Link | ||
| Sprecher SPRECON-E CPU hard-coded credentials | 9.8 | 06/01/2023 | Sprecher | Link | ||
| Hangzhou Hopechart HQT401 MQTT improper authentication | 7.9 | 06/01/2023 | Hangzhou | Link | ||
| SUSE Rancher privileges management | 7.9 | 06/01/2023 | SUSE | Link | ||
| SUSE Rancher Azure AD privileges management | 7.8 | 06/01/2023 | SUSE | Link | ||
| Dell OS Recovery Tool access control | 7.6 | 06/01/2023 | Dell | Link | ||
| Brook tproxy Server os command injection | 8.6 | 06/01/2023 | Brook | Link | ||
| DataEase Datasource deserialization | 8.4 | 06/01/2023 | DataEase | Link | ||
| Erikoglu ErMon sql injection | 9.6 | 06/02/2023 | Erikoglu | Link | ||
| Hitron CODA-5310 System Configuration Interface missing authentication | 8.5 | 06/02/2023 | Hitron | Link | ||
| Hitron CODA-5310 Telnet hard-coded credentials | 9.8 | 06/02/2023 | Hitron | Link | ||
| Wade Graphic Design FANTSY URL Parameter authorization | 9.8 | 06/02/2023 | Wade | Link | ||
| Wade Graphic Design FANTSY unrestricted upload | 7.5 | 06/02/2023 | Wade | Link | ||
| ARM Mali GPU Kernel Driver use after free | 7.5 | 06/02/2023 | ARM | Link | ||
| Furbo Dog Camera Device Log Management command injection | 9.3 | 06/02/2023 | Furbo | Link | ||
| Asus RT-AC86U Web URL os command injection | 8.8 | 06/02/2023 | Asus | Link | ||
| Elite Technology Web Fax Login Page sql injection | 8.5 | 06/02/2023 | Elite | Link | ||
| SGUDA U-Lock API authorization | 7.5 | 06/02/2023 | SGUDA | Link | ||
| SGUDA U-Lock Lock Management authorization | 8.8 | 06/02/2023 | SGUDA | Link | ||
| SailPoint IdentityIQ Java Constructor unknown vulnerability | 7.9 | 06/05/2023 | SailPoint | Link | ||
| ABB ASPECT Enterprise privileges management | 7.6 | 06/05/2023 | ABB | Link | ||
| IBM Aspera Connect/Aspera Cargo buffer overflow | 7.9 | 06/05/2023 | IBM | Link | ||
| Mobatime AMXGT100 improper authentication | 9.5 | 06/05/2023 | Mobatime | Link |
Vulnerability
Deno/deno_runtime node:http/node:https privileges management
CVSSv3
7.8
Release Date
06/01/2023
Products
Deno/deno_runtime
References
Link
Vulnerability
Linux Kernel xfs_btree.c xfs_btree_lookup_get_block use after free
CVSSv3
7.6
Release Date
06/01/2023
Products
Linux
References
Link
Vulnerability
VIPRE Antivirus Plus link following
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus SetPrivateConfig path traversal
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus DeleteHistoryFile path traversal
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus TelFileTransfer link following
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus FPQuarTransfer link following
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
Gallagher Controller 6000 Controller Diagnostic Web Interface buffer overflow
CVSSv3
8.0
Release Date
06/01/2023
Products
Gallagher
References
Link
Vulnerability
Sprecher SPRECON-E CPU hard-coded credentials
CVSSv3
9.8
Release Date
06/01/2023
Products
Sprecher
References
Link
Vulnerability
Hangzhou Hopechart HQT401 MQTT improper authentication
CVSSv3
7.9
Release Date
06/01/2023
Products
Hangzhou
References
Link
Vulnerability
SUSE Rancher privileges management
CVSSv3
7.9
Release Date
06/01/2023
Products
SUSE
References
Link
Vulnerability
SUSE Rancher Azure AD privileges management
CVSSv3
7.8
Release Date
06/01/2023
Products
SUSE
References
Link
Vulnerability
Dell OS Recovery Tool access control
CVSSv3
7.6
Release Date
06/01/2023
Products
Dell
References
Link
Vulnerability
Brook tproxy Server os command injection
CVSSv3
8.6
Release Date
06/01/2023
Products
Brook
References
Link
Vulnerability
DataEase Datasource deserialization
CVSSv3
8.4
Release Date
06/01/2023
Products
DataEase
References
Link
Vulnerability
Erikoglu ErMon sql injection
CVSSv3
9.6
Release Date
06/02/2023
Products
Erikoglu
References
Link
Vulnerability
Hitron CODA-5310 System Configuration Interface missing authentication
CVSSv3
8.5
Release Date
06/02/2023
Products
Hitron
References
Link
Vulnerability
Hitron CODA-5310 Telnet hard-coded credentials
CVSSv3
9.8
Release Date
06/02/2023
Products
Hitron
References
Link
Vulnerability
Wade Graphic Design FANTSY URL Parameter authorization
CVSSv3
9.8
Release Date
06/02/2023
Products
Wade
References
Link
Vulnerability
Wade Graphic Design FANTSY unrestricted upload
CVSSv3
7.5
Release Date
06/02/2023
Products
Wade
References
Link
Vulnerability
ARM Mali GPU Kernel Driver use after free
CVSSv3
7.5
Release Date
06/02/2023
Products
ARM
References
Link
Vulnerability
Furbo Dog Camera Device Log Management command injection
CVSSv3
9.3
Release Date
06/02/2023
Products
Furbo
References
Link
Vulnerability
Asus RT-AC86U Web URL os command injection
CVSSv3
8.8
Release Date
06/02/2023
Products
Asus
References
Link
Vulnerability
Elite Technology Web Fax Login Page sql injection
CVSSv3
8.5
Release Date
06/02/2023
Products
Elite
References
Link
Vulnerability
SGUDA U-Lock API authorization
CVSSv3
7.5
Release Date
06/02/2023
Products
SGUDA
References
Link
Vulnerability
SGUDA U-Lock Lock Management authorization
CVSSv3
8.8
Release Date
06/02/2023
Products
SGUDA
References
Link
Vulnerability
SailPoint IdentityIQ Java Constructor unknown vulnerability
CVSSv3
7.9
Release Date
06/05/2023
Products
SailPoint
References
Link
Vulnerability
ABB ASPECT Enterprise privileges management
CVSSv3
7.6
Release Date
06/05/2023
Products
ABB
References
Link
Vulnerability
IBM Aspera Connect/Aspera Cargo buffer overflow
CVSSv3
7.9
Release Date
06/05/2023
Products
IBM
References
Link
Vulnerability
Mobatime AMXGT100 improper authentication
CVSSv3
9.5
Release Date
06/05/2023
Products
Mobatime
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| CODESYS Development System inadequate encryption | 7.9 | 05/15/2023 | CODESYS | Link | ||
| WAGO Compact Controller CC100 Device Configuration os command injection | 9.6 | 05/15/2023 | WAGO | Link | ||
| SICK FTMg Air Flow Sensor REST Interface resource consumption | 7.5 | 05/15/2023 | SICK | Link | ||
| CODESYS Control CmpTraceMgr out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control CmpTraceMgr out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| vm2 injection | 9.6 | 05/16/2023 | vm2 | Link | ||
| Synology Router Manager os command injection | 8.8 | 05/16/2023 | Synology | Link | ||
| Synology Router Manager os command injection | 9.6 | 05/16/2023 | Synology | Link | ||
| Snap One OvrC Pro Firmware Signature data authenticity | 9.4 | 05/16/2023 | Snap | Link | ||
| posstaticblocks getPosCurrentHook sql injection | 8.5 | 05/17/2023 | posstaticblocks | Link | ||
| ABB Terra AC improper authentication | 8.8 | 05/17/2023 | ABB | Link | ||
| IBM PowerVM Logical Partition access control | 8.5 | 05/17/2023 | IBM | Link | ||
| Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link | ||
| Linux Kernel ksmbd race condition | 9.4 | 05/18/2023 | Linux | Link | ||
| Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link | ||
| Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link | ||
| mlflow path traversal | 8.4 | 05/18/2023 | mlflow | Link | ||
| cdesigner initContent sql injection | 8.4 | 05/18/2023 | cdesigner | Link | ||
| cups-filters Backend Error beh.c os command injection | 8.6 | 05/18/2023 | cups-filters | Link | ||
| Acronis Home Office signature verification | 7.6 | 05/18/2023 | Acronis | Link |
Vulnerability
CODESYS Development System inadequate encryption
CVSSv3
7.9
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
WAGO Compact Controller CC100 Device Configuration os command injection
CVSSv3
9.6
Release Date
05/15/2023
Products
WAGO
References
Link
Vulnerability
SICK FTMg Air Flow Sensor REST Interface resource consumption
CVSSv3
7.5
Release Date
05/15/2023
Products
SICK
References
Link
Vulnerability
CODESYS Control CmpTraceMgr out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control CmpTraceMgr out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
Synology Router Manager os command injection
CVSSv3
8.8
Release Date
05/16/2023
Products
Synology
References
Link
Vulnerability
Synology Router Manager os command injection
CVSSv3
9.6
Release Date
05/16/2023
Products
Synology
References
Link
Vulnerability
Snap One OvrC Pro Firmware Signature data authenticity
CVSSv3
9.4
Release Date
05/16/2023
Products
Snap
References
Link
Vulnerability
posstaticblocks getPosCurrentHook sql injection
CVSSv3
8.5
Release Date
05/17/2023
Products
posstaticblocks
References
Link
Vulnerability
ABB Terra AC improper authentication
CVSSv3
8.8
Release Date
05/17/2023
Products
ABB
References
Link
Vulnerability
IBM PowerVM Logical Partition access control
CVSSv3
8.5
Release Date
05/17/2023
Products
IBM
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
7.7
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
9.4
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
7.7
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
7.7
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
mlflow path traversal
CVSSv3
8.4
Release Date
05/18/2023
Products
mlflow
References
Link
Vulnerability
cdesigner initContent sql injection
CVSSv3
8.4
Release Date
05/18/2023
Products
cdesigner
References
Link
Vulnerability
cups-filters Backend Error beh.c os command injection
CVSSv3
8.6
Release Date
05/18/2023
Products
cups-filters
References
Link
Vulnerability
Acronis Home Office signature verification
CVSSv3
7.6
Release Date
05/18/2023
Products
Acronis
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Linux Kernel io_uring io_prep_async_work use after free | 8.1 | Feb, 01 2023 | Linux | Link | ||
| Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | 7.5 | Feb, 01 2023 | Linux | Link | ||
| fLinux Kernel io_uring io_prep_async_work use after free | 8.4 | Feb, 01 2023 | QNAP | Link | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | 8.0 | Feb, 01 2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Control Expert authentication replay | 8.1 | Feb, 01 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller improper authentication | 9.6 | Feb, 01 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller weak password | 8.4 | Feb, 01 2023 | Schneider | Link | ||
| Motorola MR2600 input validation | 7.5 | Feb, 01 2023 | Motorola | Link | ||
| Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | 7.8 | Feb, 01 2023 | Schneider | Link | ||
| F5 BIG-IP iControl SOAP format string | 8.2 | Feb, 01 2023 | F5 | Link | ||
| F5 BIG-IP Edge Client Installer uncontrolled search path | 8.1 | Feb, 01 2023 | F5 | Link | ||
| Atlassian Jira Service Management Server and Data Center improper authentication | 8.3 | Feb, 01 2023 | Atlassian | Link | ||
| Linux Kernel io_uring io_prep_async_work use after free | 8.1 | Feb, 02 2023 | Linux | Link | ||
| Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | 7.5 | Feb, 02 2023 | Linux | Link | ||
| QNAP QuTS hero/QTS sql injection | 8.4 | Feb, 02 2023 | QNAP | Link | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | 8.0 | Feb, 02 2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Control Expert authentication replay | 8.1 | Feb, 02 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller improper authentication | 9.6 | Feb, 02 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller weak password | 8.4 | Feb, 02 2023 | Schneider | Link | ||
| Motorola MR2600 input validation | 7.5 | Feb, 02 2023 | Motorola | Link | ||
| Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | 7.8 | Feb, 02 2023 | Schneider | Link | ||
| F5 BIG-IP iControl SOAP format string | 8.2 | Feb, 02 2023 | F5 | Link | ||
| F5 BIG-IP Edge Client Installer uncontrolled search path | 8.1 | Feb, 02 2023 | F5 | Link | ||
| Atlassian Jira Service Management Server and Data Center improper authentication | 8.3 | Feb, 02 2023 | Atlassian | Link | ||
| Delta Electronics DIAScreen out-of-bounds write | 8.4 | Feb, 02 2023 | Delta | Link | ||
| Delta Electronics DIAScreen stack-based overflow | 8.4 | Feb, 02 2023 | Delta | Link | ||
| Netgear WNR612v2 Firmware Image unrestricted upload | 7.5 | Feb, 02 2023 | Netgear | Link | ||
| Linux Kernel io_uring io_prep_async_work use after free | 8.1 | Feb, 03 2023 | Linux | Link | ||
| Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | 7.5 | Feb, 03 2023 | Linux | Link | ||
| QNAP QuTS hero/QTS sql injection | 8.4 | Feb, 03 2023 | QNAP | Link |
Vulnerability
Linux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.1
Release Date
Feb, 01 2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free
CVSSv3
7.5
Release Date
Feb, 01 2023
Products
Linux
References
Link
Vulnerability
fLinux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.4
Release Date
Feb, 01 2023
Products
QNAP
References
Link
Vulnerability
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization
CVSSv3
8.0
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Control Expert authentication replay
CVSSv3
8.1
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller improper authentication
CVSSv3
9.6
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller weak password
CVSSv3
8.4
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Motorola MR2600 input validation
CVSSv3
7.5
Release Date
Feb, 01 2023
Products
Motorola
References
Link
Vulnerability
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication
CVSSv3
7.8
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
F5 BIG-IP iControl SOAP format string
CVSSv3
8.2
Release Date
Feb, 01 2023
Products
F5
References
Link
Vulnerability
F5 BIG-IP Edge Client Installer uncontrolled search path
CVSSv3
8.1
Release Date
Feb, 01 2023
Products
F5
References
Link
Vulnerability
Atlassian Jira Service Management Server and Data Center improper authentication
CVSSv3
8.3
Release Date
Feb, 01 2023
Products
Atlassian
References
Link
Vulnerability
Linux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.1
Release Date
Feb, 02 2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free
CVSSv3
7.5
Release Date
Feb, 02 2023
Products
Linux
References
Link
Vulnerability
QNAP QuTS hero/QTS sql injection
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
QNAP
References
Link
Vulnerability
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization
CVSSv3
8.0
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Control Expert authentication replay
CVSSv3
8.1
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller improper authentication
CVSSv3
9.6
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller weak password
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Motorola MR2600 input validation
CVSSv3
7.5
Release Date
Feb, 02 2023
Products
Motorola
References
Link
Vulnerability
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication
CVSSv3
7.8
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
F5 BIG-IP iControl SOAP format string
CVSSv3
8.2
Release Date
Feb, 02 2023
Products
F5
References
Link
Vulnerability
F5 BIG-IP Edge Client Installer uncontrolled search path
CVSSv3
8.1
Release Date
Feb, 02 2023
Products
F5
References
Link
Vulnerability
Atlassian Jira Service Management Server and Data Center improper authentication
CVSSv3
8.3
Release Date
Feb, 02 2023
Products
Atlassian
References
Link
Vulnerability
Delta Electronics DIAScreen out-of-bounds write
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
Delta
References
Link
Vulnerability
Delta Electronics DIAScreen stack-based overflow
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
Delta
References
Link
Vulnerability
Netgear WNR612v2 Firmware Image unrestricted upload
CVSSv3
7.5
Release Date
Feb, 02 2023
Products
Netgear
References
Link
Vulnerability
Linux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.1
Release Date
Feb, 03 2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free
CVSSv3
7.5
Release Date
Feb, 03 2023
Products
Linux
References
Link
Vulnerability
QNAP QuTS hero/QTS sql injection
CVSSv3
8.4
Release Date
Feb, 03 2023
Products
QNAP
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 01 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 01 2023 | vooon | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 02 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 02 2023 | vooon | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 03 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 03 2023 | vooon | Link | ||
| Fortinet FortiTester os command injection | 8.3 | Jan, 03 2023 | Fortinet | Link | ||
| Fortinet FortiADC HTTP Request os command injection | 8.6 | Jan, 03 2023 | Fortinet | Link | ||
| Apache Dubbo Telnet deserialization | 9.6 | Jan, 03 2023 | Apache | Link | ||
| User Post Gallery Plugin command injection | 8.4 | Jan, 03 2023 | User | Link | ||
| User Post Gallery Plugin authorization | 8.4 | Jan, 03 2023 | User | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 04 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 04 2023 | vooon | Link | ||
| Fortinet FortiTester os command injection | 8.3 | Jan, 04 2023 | Fortinet | Link | ||
| Fortinet FortiADC HTTP Request os command injection | 8.6 | Jan, 04 2023 | Fortinet | Link | ||
| Apache Dubbo Telnet deserialization | 9.6 | Jan, 04 2023 | Apache | Link | ||
| User Post Gallery Plugin command injection | 8.4 | Jan, 04 2023 | User | Link | ||
| User Post Gallery Plugin authorization | 8.4 | Jan, 05 2023 | User | Link | ||
| User Post Gallery Plugin authorization | 8.4 | Jan, 04 2023 | User | Link | ||
| KubePi hard-coded credentials | 8.9 | Jan, 04 2023 | KubePi | Link | ||
| Apache DolphinScheduler Script Alert Plugin Parameter input validation | 8.0 | Jan, 04 2023 | Apache | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 05 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 05 2023 | vooon | Link | ||
| Fortinet FortiTester os command injection | 8.3 | Jan, 05 2023 | Fortinet | Link | ||
| Fortinet FortiADC HTTP Request os command injection | 8.6 | Jan, 05 2023 | Fortinet | Link | ||
| Apache Dubbo Telnet deserialization | 9.6 | Jan, 05 2023 | Apache | Link | ||
| User Post Gallery Plugin command injection | 8.4 | Jan, 05 2023 | User | Link | ||
| KubePi hard-coded credentials | 8.9 | Jan, 05 2023 | KubePi | Link | ||
| Apache DolphinScheduler Script Alert Plugin Parameter input validation | 8.0 | Jan, 05 2023 | Apache | Link | ||
| Hitachi Energy UNEM R16A hard-coded key | 8.0 | Jan, 05 2023 | perfSONAR | Link |
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 01 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 01 2023
Products
vooon
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 02 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 02 2023
Products
vooon
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 03 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 03 2023
Products
vooon
References
Link
Vulnerability
Fortinet FortiTester os command injection
CVSSv3
8.3
Release Date
Jan, 03 2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiADC HTTP Request os command injection
CVSSv3
8.6
Release Date
Jan, 03 2023
Products
Fortinet
References
Link
Vulnerability
Apache Dubbo Telnet deserialization
CVSSv3
9.6
Release Date
Jan, 03 2023
Products
Apache
References
Link
Vulnerability
User Post Gallery Plugin command injection
CVSSv3
8.4
Release Date
Jan, 03 2023
Products
User
References
Link
Vulnerability
User Post Gallery Plugin authorization
CVSSv3
8.4
Release Date
Jan, 03 2023
Products
User
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 04 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 04 2023
Products
vooon
References
Link
Vulnerability
Fortinet FortiTester os command injection
CVSSv3
8.3
Release Date
Jan, 04 2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiADC HTTP Request os command injection
CVSSv3
8.6
Release Date
Jan, 04 2023
Products
Fortinet
References
Link
Vulnerability
Apache Dubbo Telnet deserialization
CVSSv3
9.6
Release Date
Jan, 04 2023
Products
Apache
References
Link
Vulnerability
User Post Gallery Plugin command injection
CVSSv3
8.4
Release Date
Jan, 04 2023
Products
User
References
Link
Vulnerability
User Post Gallery Plugin authorization
CVSSv3
8.4
Release Date
Jan, 05 2023
Products
User
References
Link
Vulnerability
User Post Gallery Plugin authorization
CVSSv3
8.4
Release Date
Jan, 04 2023
Products
User
References
Link
Vulnerability
KubePi hard-coded credentials
CVSSv3
8.9
Release Date
Jan, 04 2023
Products
KubePi
References
Link
Vulnerability
Apache DolphinScheduler Script Alert Plugin Parameter input validation
CVSSv3
8.0
Release Date
Jan, 04 2023
Products
Apache
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 05 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 05 2023
Products
vooon
References
Link
Vulnerability
Fortinet FortiTester os command injection
CVSSv3
8.3
Release Date
Jan, 05 2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiADC HTTP Request os command injection
CVSSv3
8.6
Release Date
Jan, 05 2023
Products
Fortinet
References
Link
Vulnerability
Apache Dubbo Telnet deserialization
CVSSv3
9.6
Release Date
Jan, 05 2023
Products
Apache
References
Link
Vulnerability
User Post Gallery Plugin command injection
CVSSv3
8.4
Release Date
Jan, 05 2023
Products
User
References
Link
Vulnerability
KubePi hard-coded credentials
CVSSv3
8.9
Release Date
Jan, 05 2023
Products
KubePi
References
Link
Vulnerability
Apache DolphinScheduler Script Alert Plugin Parameter input validation
CVSSv3
8.0
Release Date
Jan, 05 2023
Products
Apache
References
Link
Vulnerability
Hitachi Energy UNEM R16A hard-coded key
CVSSv3
8.0
Release Date
Jan, 05 2023
Products
perfSONAR
References
Link
December
November
October
September
August
July
June
May
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| oretnom23 Purchase Order Management System unrestricted upload | 9.3 | Dec, 01 2022 | oretnom23 | Link | ||
| AVS Audio Converter buffer overflow | 7.9 | Dec, 01 2022 | AVS | Link | ||
| crewjam saml Assertion Element improper authentication | 8.0 | Dec, 01 2022 | crewjam | Link | ||
| Online Tours & Travels Management System file.php unrestricted upload | 9.3 | Dec, 01 2022 | Online | Link | ||
| Poultry Farm Management System category.php sql injection | 7.5 | Dec, 01 2022 | Poultry | Link | ||
| Acer Notebook HQSwSmiDxe Driver default permission | 7.7 | Dec, 01 2022 | Acer | Link | ||
| School Management System sql injection | 7.7 | Dec, 01 2022 | School | Link | ||
| GPAC unquantize.c Q_IsTypeOn use after free | 7.5 | Dec, 01 2022 | GPAC | Link | ||
| ghost Newsletter access control | 7.8 | Dec, 01 2022 | ghost | Link | ||
| Squirrly SEO Plugin unrestricted upload | 7.9 | Dec, 01 2022 | Squirrly | Link | ||
| Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | 7.7 | Dec, 01 2022 | Russound | Link | ||
| PuneethReddyHC online-shopping-system-advanced product.php sql injection | 7.5 | Dec, 01 2022 | PuneethReddyHC | Link | ||
| Microsoft Edge GPU heap-based overflow | 7.8 | Dec, 01 2022 | Microsoft | Link | ||
| Tribal Systems Zenario CMS Privilege Escalation | 8.0 | Dec, 01 2022 | Tribal | Link | ||
| oretnom23 Simple Inventory Management System login.php sql injection | 7.5 | Dec, 01 2022 | oretnom23 | Link | ||
| SourceCodester Book Store Management System index.php access control | 7.9 | Dec, 01 2022 | SourceCodester | Link | ||
| owncast sql injection | 8.2 | Dec, 01 2022 | owncast | Link | ||
| Book Store Management System Admin Panel hard-coded credentials | 7.9 | Dec, 01 2022 | Book | Link | ||
| Sanitization Management System Admin Panel hard-coded credentials | 7.9 | Dec, 01 2022 | Sanitization | Link | ||
| OP-TEE Trusted OS cleanup_shm_refs array index | 7.8 | Dec, 01 2022 | OP-TEE | Link | ||
| Symantec Endpoint Protection privileges management | 7.6 | Dec, 01 2022 | Symantec | Link | ||
| asith-eranga ISIC Tour Booking controller.php sql injection | 7.9 | Dec, 01 2022 | asith-eranga | Link | ||
| Asus NAS-M25 Cookie os command injection | 9.8 | Dec, 01 2022 | Asus | Link | ||
| Rocket TRUfusion Enterprise JSP File unrestricted upload | 7.9 | Dec, 01 2022 | Rocket | Link | ||
| Festo VTEM-S1 insufficient technical documentation | 9.6 | Dec, 01 2022 | Festo | Link | ||
| SnakeYAML Constructor deserialization | 8.1 | Dec, 01 2022 | SnakeYAML | Link | ||
| ff4j Privilege Escalation | 8.0 | Dec, 01 2022 | ff4j | Link | ||
| discourse-bbcode CSS injection | 8.2 | Dec, 01 2022 | discourse-bbcode | Link | ||
| Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization | 8.3 | Dec, 01 2022 | Xiongmai | Link | ||
| oretnom23 Purchase Order Management System unrestricted upload | 9.3 | Dec, 02 2022 | oretnom23 | Link |
Vulnerability
oretnom23 Purchase Order Management System unrestricted upload
CVSSv3
9.3
Release Date
Dec, 01 2022
Products
oretnom23
References
Link
Vulnerability
AVS Audio Converter buffer overflow
CVSSv3
7.9
Release Date
Dec, 01 2022
Products
AVS
References
Link
Vulnerability
crewjam saml Assertion Element improper authentication
CVSSv3
8.0
Release Date
Dec, 01 2022
Products
crewjam
References
Link
Vulnerability
Online Tours & Travels Management System file.php unrestricted upload
CVSSv3
9.3
Release Date
Dec, 01 2022
Products
Online
References
Link
Vulnerability
Poultry Farm Management System category.php sql injection
CVSSv3
7.5
Release Date
Dec, 01 2022
Products
Poultry
References
Link
Vulnerability
Acer Notebook HQSwSmiDxe Driver default permission
CVSSv3
7.7
Release Date
Dec, 01 2022
Products
Acer
References
Link
Vulnerability
School Management System sql injection
CVSSv3
7.7
Release Date
Dec, 01 2022
Products
School
References
Link
Vulnerability
GPAC unquantize.c Q_IsTypeOn use after free
CVSSv3
7.5
Release Date
Dec, 01 2022
Products
GPAC
References
Link
Vulnerability
ghost Newsletter access control
CVSSv3
7.8
Release Date
Dec, 01 2022
Products
ghost
References
Link
Vulnerability
Squirrly SEO Plugin unrestricted upload
CVSSv3
7.9
Release Date
Dec, 01 2022
Products
Squirrly
References
Link
Vulnerability
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation
CVSSv3
7.7
Release Date
Dec, 01 2022
Products
Russound
References
Link
Vulnerability
PuneethReddyHC online-shopping-system-advanced product.php sql injection
CVSSv3
7.5
Release Date
Dec, 01 2022
Products
PuneethReddyHC
References
Link
Vulnerability
Microsoft Edge GPU heap-based overflow
CVSSv3
7.8
Release Date
Dec, 01 2022
Products
Microsoft
References
Link
Vulnerability
Tribal Systems Zenario CMS Privilege Escalation
CVSSv3
8.0
Release Date
Dec, 01 2022
Products
Tribal
References
Link
Vulnerability
oretnom23 Simple Inventory Management System login.php sql injection
CVSSv3
7.5
Release Date
Dec, 01 2022
Products
oretnom23
References
Link
Vulnerability
SourceCodester Book Store Management System index.php access control
CVSSv3
7.9
Release Date
Dec, 01 2022
Products
SourceCodester
References
Link
Vulnerability
owncast sql injection
CVSSv3
8.2
Release Date
Dec, 01 2022
Products
owncast
References
Link
Vulnerability
Book Store Management System Admin Panel hard-coded credentials
CVSSv3
7.9
Release Date
Dec, 01 2022
Products
Book
References
Link
Vulnerability
Sanitization Management System Admin Panel hard-coded credentials
CVSSv3
7.9
Release Date
Dec, 01 2022
Products
Sanitization
References
Link
Vulnerability
OP-TEE Trusted OS cleanup_shm_refs array index
CVSSv3
7.8
Release Date
Dec, 01 2022
Products
OP-TEE
References
Link
Vulnerability
Symantec Endpoint Protection privileges management
CVSSv3
7.6
Release Date
Dec, 01 2022
Products
Symantec
References
Link
Vulnerability
asith-eranga ISIC Tour Booking controller.php sql injection
CVSSv3
7.9
Release Date
Dec, 01 2022
Products
asith-eranga
References
Link
Vulnerability
Asus NAS-M25 Cookie os command injection
CVSSv3
9.8
Release Date
Dec, 01 2022
Products
Asus
References
Link
Vulnerability
Rocket TRUfusion Enterprise JSP File unrestricted upload
CVSSv3
7.9
Release Date
Dec, 01 2022
Products
Rocket
References
Link
Vulnerability
Festo VTEM-S1 insufficient technical documentation
CVSSv3
9.6
Release Date
Dec, 01 2022
Products
Festo
References
Link
Vulnerability
SnakeYAML Constructor deserialization
CVSSv3
8.1
Release Date
Dec, 01 2022
Products
SnakeYAML
References
Link
Vulnerability
ff4j Privilege Escalation
CVSSv3
8.0
Release Date
Dec, 01 2022
Products
ff4j
References
Link
Vulnerability
discourse-bbcode CSS injection
CVSSv3
8.2
Release Date
Dec, 01 2022
Products
discourse-bbcode
References
Link
Vulnerability
Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization
CVSSv3
8.3
Release Date
Dec, 01 2022
Products
Xiongmai
References
Link
Vulnerability
oretnom23 Purchase Order Management System unrestricted upload
CVSSv3
9.3
Release Date
Dec, 02 2022
Products
oretnom23
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Silicon Labs Bootloader GBL Parser memory corruption | 8.7 | Nov, 02 2022 | Silicon | Link | ||
| Frauscher Sensortechnik FDS102 Configuration unrestricted upload | 9.6 | Nov, 02 2022 | Frauscher | Link | ||
| Discourse Email Address improper authorization | 7.7 | Nov, 02 2022 | Discourse | Link | ||
| xmldom improper validation of consistency within input | 8.7 | Nov, 02 2022 | xmldom | Link | ||
| Silicon Labs Bootloader GBL Parser memory corruption | 8.7 | Nov, 03 2022 | Silicon | Link | ||
| Frauscher Sensortechnik FDS102 Configuration unrestricted upload | 9.6 | Nov, 03 2022 | Frauscher | Link | ||
| Discourse Email Address improper authorization | 7.7 | Nov, 03 2022 | Discourse | Link | ||
| xmldom improper validation of consistency within input | 8.7 | Nov, 03 2022 | xmldom | Link | ||
| Tenda AC23 formSetFirewallCfg stack-based overflow | 9.3 | Nov, 03 2022 | Tenda | Link | ||
| Tenda AC23 setSmartPowerManagement stack-based overflow | 9.3 | Nov, 03 2022 | Tenda | Link | ||
| Tenda AC23 setSchedWifi stack-based overflow | 8.9 | Nov, 03 2022 | Tenda | Link | ||
| Tenda AC23 fromSetWifiGusetBasic stack-based overflow | 9.3 | Nov, 03 2022 | Tenda | Link | ||
| Tenda AC23 fromSetWirelessRepeat stack-based overflow | 8.9 | Nov, 03 2022 | Tenda | Link | ||
| Tenda AC23 Parameter formSetQosBand out-of-bounds write | 9.3 | Nov, 03 2022 | Tenda | Link | ||
| Tenda AC23 fromSetSysTime out-of-bounds write | 9.3 | Nov, 03 2022 | Tenda | Link | ||
| Tenda AC23 formSetDeviceName out-of-bounds write | 8.2 | Nov, 03 2022 | Tenda | Link | ||
| Keystone Environment Variable injection | 8.4 | Nov, 03 2022 | Keystone | Link | ||
| D-Link DIR-823G Packet SetNetworkTomographySettings command injection | 7.6 | Nov, 03 2022 | D-Link | Link | ||
| GLPI API REST sql injection | 7.5 | Nov, 03 2022 | GLPI | Link | ||
| Silicon Labs Bootloader GBL Parser memory corruption | 8.7 | Nov, 04 2022 | Silicon | Link | ||
| Frauscher Sensortechnik FDS102 Configuration unrestricted upload | 9.6 | Nov, 04 2022 | Frauscher | Link | ||
| Discourse Email Address improper authorization | 7.7 | Nov, 04 2022 | Discourse | Link | ||
| xmldom improper validation of consistency within input | 8.7 | Nov, 04 2022 | xmldom | Link | ||
| Tenda AC23 formSetFirewallCfg stack-based overflow | 9.3 | Nov, 04 2022 | Tenda | Link | ||
| Tenda AC23 formSetFirewallCfg stack-based overflow | 9.3 | Nov, 04 2022 | Tenda | Link | ||
| Tenda AC23 setSchedWifi stack-based overflow | 8.9 | Nov, 04 2022 | Tenda | Link | ||
| Tenda AC23 fromSetWifiGusetBasic stack-based overflow | 9.3 | Nov, 04 2022 | Tenda | Link | ||
| Tenda AC23 fromSetWirelessRepeat stack-based overflow | 8.9 | Nov, 04 2022 | Tenda | Link | ||
| Tenda AC23 Parameter formSetQosBand out-of-bounds write | 9.3 | Nov, 04 2022 | Tenda | Link | ||
| Tenda AC23 fromSetSysTime out-of-bounds write | 9.3 | Nov, 04 2022 | Tenda | Link |
Vulnerability
Silicon Labs Bootloader GBL Parser memory corruption
CVSSv3
8.7
Release Date
Nov, 02 2022
Products
Silicon
References
Link
Vulnerability
Frauscher Sensortechnik FDS102 Configuration unrestricted upload
CVSSv3
9.6
Release Date
Nov, 02 2022
Products
Frauscher
References
Link
Vulnerability
Discourse Email Address improper authorization
CVSSv3
7.7
Release Date
Nov, 02 2022
Products
Discourse
References
Link
Vulnerability
xmldom improper validation of consistency within input
CVSSv3
8.7
Release Date
Nov, 02 2022
Products
xmldom
References
Link
Vulnerability
Silicon Labs Bootloader GBL Parser memory corruption
CVSSv3
8.7
Release Date
Nov, 03 2022
Products
Silicon
References
Link
Vulnerability
Frauscher Sensortechnik FDS102 Configuration unrestricted upload
CVSSv3
9.6
Release Date
Nov, 03 2022
Products
Frauscher
References
Link
Vulnerability
Discourse Email Address improper authorization
CVSSv3
7.7
Release Date
Nov, 03 2022
Products
Discourse
References
Link
Vulnerability
xmldom improper validation of consistency within input
CVSSv3
8.7
Release Date
Nov, 03 2022
Products
xmldom
References
Link
Vulnerability
Tenda AC23 formSetFirewallCfg stack-based overflow
CVSSv3
9.3
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 setSmartPowerManagement stack-based overflow
CVSSv3
9.3
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 setSchedWifi stack-based overflow
CVSSv3
8.9
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 fromSetWifiGusetBasic stack-based overflow
CVSSv3
9.3
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 fromSetWirelessRepeat stack-based overflow
CVSSv3
8.9
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 Parameter formSetQosBand out-of-bounds write
CVSSv3
9.3
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 fromSetSysTime out-of-bounds write
CVSSv3
9.3
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 formSetDeviceName out-of-bounds write
CVSSv3
8.2
Release Date
Nov, 03 2022
Products
Tenda
References
Link
Vulnerability
Keystone Environment Variable injection
CVSSv3
8.4
Release Date
Nov, 03 2022
Products
Keystone
References
Link
Vulnerability
D-Link DIR-823G Packet SetNetworkTomographySettings command injection
CVSSv3
7.6
Release Date
Nov, 03 2022
Products
D-Link
References
Link
Vulnerability
GLPI API REST sql injection
CVSSv3
7.5
Release Date
Nov, 03 2022
Products
GLPI
References
Link
Vulnerability
Silicon Labs Bootloader GBL Parser memory corruption
CVSSv3
8.7
Release Date
Nov, 04 2022
Products
Silicon
References
Link
Vulnerability
Frauscher Sensortechnik FDS102 Configuration unrestricted upload
CVSSv3
9.6
Release Date
Nov, 04 2022
Products
Frauscher
References
Link
Vulnerability
Discourse Email Address improper authorization
CVSSv3
7.7
Release Date
Nov, 04 2022
Products
Discourse
References
Link
Vulnerability
xmldom improper validation of consistency within input
CVSSv3
8.7
Release Date
Nov, 04 2022
Products
xmldom
References
Link
Vulnerability
Tenda AC23 formSetFirewallCfg stack-based overflow
CVSSv3
9.3
Release Date
Nov, 04 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 formSetFirewallCfg stack-based overflow
CVSSv3
9.3
Release Date
Nov, 04 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 setSchedWifi stack-based overflow
CVSSv3
8.9
Release Date
Nov, 04 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 fromSetWifiGusetBasic stack-based overflow
CVSSv3
9.3
Release Date
Nov, 04 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 fromSetWirelessRepeat stack-based overflow
CVSSv3
8.9
Release Date
Nov, 04 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 Parameter formSetQosBand out-of-bounds write
CVSSv3
9.3
Release Date
Nov, 04 2022
Products
Tenda
References
Link
Vulnerability
Tenda AC23 fromSetSysTime out-of-bounds write
CVSSv3
9.3
Release Date
Nov, 04 2022
Products
Tenda
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Cisco SD-WAN CLI path traversal | 8.1 | Oct 1, 2022 | Cisco SD-WAN CLI | Link | ||
| Cisco SD-WAN CLI path traversal | 8.1 | Oct 1, 2022 | Cisco SD-WAN CLI | Link | ||
| Veritas NetBackup NBFSMCLIENT Service sql injection | 8.1 | Oct 3, 2022 | Veritas NetBackup | Link | ||
| Axiomatic Bento4 mp4mux ReadBit out-of-bounds write | 7.5 | Oct 3, 2022 | Axiomatic Bento4 | Link | ||
| Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow | 9.4 | Oct 5, 2022 | Aruba InstantOS | Link | ||
| BD Totalys MultiProcessor hard-coded credentials | 7.7 | Oct 5, 2022 | BD Totalys | Link | ||
| Cisco TelePresence CE Version Control unknown vulnerability | 8.4 | Oct 6, 2022 | Cisco Telepresence | Link | ||
| Generex CS141 Web Interface gxserve-update.sh run_update Privilege Escalation | 8.0 | Oct 6, 2022 | Generex CS141 | Link | ||
| Fortinet FortiOS/FortiProxy Administrative Interface improper authorization | 9.4 | Oct 7, 2022 | Fortinet FotiOS | Link | ||
| ToolJet Invite privileges management | 8.4 | Oct 7, 2022 | ToolJet | Link | ||
| Panini Everest Engine Everest.exe untrusted search path | 8.5 | Oct 8, 2022 | Panini Everest | Link | ||
| Trend Micro Apex One Security Agent certificate validation | 8.4 | Oct 8, 2022 | Trend Micro | Link | ||
| puppetlabs-apt os command injection | 7.6 | Oct 8, 2022 | Puppetlabs-apt | Link | ||
| puppetlabs-mysql os command injection | 7.6 | Oct 8, 2022 | Puppetlabs-mysql | Link | ||
| Fortinet FortiOS CLI Command os command injection | 8.9 | Oct 10, 2022 | Fortinet FotiOS | Link | ||
| Dell Container Storage Modules goiscsi/gobrick os command injection | 9.8 | Oct 11, 2022 | Dell Container | Link | ||
| Dell Container Storage Modules goiscsi/gobrick os command injection | 8.8 | Oct 11, 2022 | Dell Container | Link | ||
| Microsoft Windows Local Security Authority Privilege Escalation | 8.2 | Oct 11, 2022 | Microsoft Windows Local Security | Link | ||
| Microsoft Windows ODBC Driver Remote Code Execution | 7.7 | Oct 11, 2022 | Microsoft Windows ODBC | Link | ||
| Microsoft Windows Server Service Privilege Escalation | 7.7 | Oct 11, 2022 | Microsoft Windows Server | Link | ||
| Array Networks ArrayOS command injection | 8.4 | Oct 13, 2022 | Array Networks | Link | ||
| Dell GeoDrive unquoted search path | 7.6 | Oct 13, 2022 | Dell GeoDrive | Link | ||
| PerFact OpenVPN Client Config Command unknown vulnerability | 8.6 | Oct 14, 2022 | Perfect Openvpn | Link | ||
| Huawei HarmonyOS MPTCP Module out-of-bounds write | 7.8 | Oct 14, 2022 | Huawei HarmonyOS | Link | ||
| Google Android HTBLogKM out-of-bounds write | 7.5 | Oct 14, 2022 | Google Android | Link | ||
| Adobe ColdFusion stack-based overflow | 8.4 | Oct 15, 2022 | Adobe | Link | ||
| Adobe ColdFusion heap-based overflow | 8.4 | Oct 15, 2022 | Adobe | Link | ||
| OpenHarmony Startup Subsystem improper authentication | 8.1 | Oct 15, 2022 | OpenHarmony | Link | ||
| Fortinet FortiTester Telnet Login os command injection | 9.8 | Oct 18, 2022 | Fortinet FortiTester | Link | ||
| Fortinet FortiTester SSH Login os command injection | 9.8 | Oct 18, 2022 | Fortinet | Link |
Vulnerability
Cisco SD-WAN CLI path traversal
CVSSv3
8.1
Release Date
Oct 1, 2022
Products
Cisco SD-WAN CLI
References
Link
Vulnerability
Cisco SD-WAN CLI path traversal
CVSSv3
8.1
Release Date
Oct 1, 2022
Products
Cisco SD-WAN CLI
References
Link
Vulnerability
Veritas NetBackup NBFSMCLIENT Service sql injection
CVSSv3
8.1
Release Date
Oct 3, 2022
Products
Veritas NetBackup
References
Link
Vulnerability
Axiomatic Bento4 mp4mux ReadBit out-of-bounds write
CVSSv3
7.5
Release Date
Oct 3, 2022
Products
Axiomatic Bento4
References
Link
Vulnerability
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow
CVSSv3
9.4
Release Date
Oct 5, 2022
Products
Aruba InstantOS
References
Link
Vulnerability
BD Totalys MultiProcessor hard-coded credentials
CVSSv3
7.7
Release Date
Oct 5, 2022
Products
BD Totalys
References
Link
Vulnerability
Cisco TelePresence CE Version Control unknown vulnerability
CVSSv3
8.4
Release Date
Oct 6, 2022
Products
Cisco Telepresence
References
Link
Vulnerability
Generex CS141 Web Interface gxserve-update.sh run_update Privilege Escalation
CVSSv3
8.0
Release Date
Oct 6, 2022
Products
Generex CS141
References
Link
Vulnerability
Fortinet FortiOS/FortiProxy Administrative Interface improper authorization
CVSSv3
9.4
Release Date
Oct 7, 2022
Products
Fortinet FotiOS
References
Link
Vulnerability
ToolJet Invite privileges management
CVSSv3
8.4
Release Date
Oct 7, 2022
Products
ToolJet
References
Link
Vulnerability
Panini Everest Engine Everest.exe untrusted search path
CVSSv3
8.5
Release Date
Oct 8, 2022
Products
Panini Everest
References
Link
Vulnerability
Trend Micro Apex One Security Agent certificate validation
CVSSv3
8.4
Release Date
Oct 8, 2022
Products
Trend Micro
References
Link
Vulnerability
puppetlabs-apt os command injection
CVSSv3
7.6
Release Date
Oct 8, 2022
Products
Puppetlabs-apt
References
Link
Vulnerability
puppetlabs-mysql os command injection
CVSSv3
7.6
Release Date
Oct 8, 2022
Products
Puppetlabs-mysql
References
Link
Vulnerability
Fortinet FortiOS CLI Command os command injection
CVSSv3
8.9
Release Date
Oct 10, 2022
Products
Fortinet FotiOS
References
Link
Vulnerability
Dell Container Storage Modules goiscsi/gobrick os command injection
CVSSv3
9.8
Release Date
Oct 11, 2022
Products
Dell Container
References
Link
Vulnerability
Dell Container Storage Modules goiscsi/gobrick os command injection
CVSSv3
8.8
Release Date
Oct 11, 2022
Products
Dell Container
References
Link
Vulnerability
Microsoft Windows Local Security Authority Privilege Escalation
CVSSv3
8.2
Release Date
Oct 11, 2022
Products
Microsoft Windows Local Security
References
Link
Vulnerability
Microsoft Windows ODBC Driver Remote Code Execution
CVSSv3
7.7
Release Date
Oct 11, 2022
Products
Microsoft Windows ODBC
References
Link
Vulnerability
Microsoft Windows Server Service Privilege Escalation
CVSSv3
7.7
Release Date
Oct 11, 2022
Products
Microsoft Windows Server
References
Link
Vulnerability
Array Networks ArrayOS command injection
CVSSv3
8.4
Release Date
Oct 13, 2022
Products
Array Networks
References
Link
Vulnerability
Dell GeoDrive unquoted search path
CVSSv3
7.6
Release Date
Oct 13, 2022
Products
Dell GeoDrive
References
Link
Vulnerability
PerFact OpenVPN Client Config Command unknown vulnerability
CVSSv3
8.6
Release Date
Oct 14, 2022
Products
Perfect Openvpn
References
Link
Vulnerability
Huawei HarmonyOS MPTCP Module out-of-bounds write
CVSSv3
7.8
Release Date
Oct 14, 2022
Products
Huawei HarmonyOS
References
Link
Vulnerability
Google Android HTBLogKM out-of-bounds write
CVSSv3
7.5
Release Date
Oct 14, 2022
Products
Google Android
References
Link
Vulnerability
Adobe ColdFusion stack-based overflow
CVSSv3
8.4
Release Date
Oct 15, 2022
Products
Adobe
References
Link
Vulnerability
Adobe ColdFusion heap-based overflow
CVSSv3
8.4
Release Date
Oct 15, 2022
Products
Adobe
References
Link
Vulnerability
OpenHarmony Startup Subsystem improper authentication
CVSSv3
8.1
Release Date
Oct 15, 2022
Products
OpenHarmony
References
Link
Vulnerability
Fortinet FortiTester Telnet Login os command injection
CVSSv3
9.8
Release Date
Oct 18, 2022
Products
Fortinet FortiTester
References
Link
Vulnerability
Fortinet FortiTester SSH Login os command injection
CVSSv3
9.8
Release Date
Oct 18, 2022
Products
Fortinet
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| AutomationDirect DirectLOGIC Installation uncontrolled search path | 8.1 | Sep 1, 2022 | AutomationDirect | Link | ||
| Contiki-NG IPv6 Packet uipbuf.c uipbuf_get_next_header buffer overflow | 7.7 | Sep 1, 2022 | Contiki-NG | Link | ||
| Qualcomm Snapdragon Connectivity/Snapdragon Mobile Bluetooth Host stack-based overflow | 8.4 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto IO Space xPUs permission | 8.2 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Multimedia memory corruption | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto DSP Service out-of-bounds write | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Connectivity ELF Header memory corruption | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Video File Parser out-of-bounds | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto PCM Routing Process memory corruption | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Consumer IOT Graphic Driver use after free | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Multimedia Driver memory corruption | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Multimedia memory corruption | 7.9 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto RPMB cryptographic issues | 7.6 | Sep 2, 2022 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto APR Routing Table memory corruption | 7.6 | Sep 2, 2022 | Qualcomm | Link | ||
| SFTPGo Two-factor Authentication improper authentication | 7.6 | Sep 2, 2022 | SFTPGo | Link | ||
| ZyXEL NAS326/NAS540/NAS542 UDP Packet format string | 9.6 | Sep 6, 2022 | ZyXEL | Link | ||
| BitDefender GravityZone Console On-Premise Message deserialization | 8.6 | Sep 6, 2022 | BitDefender | Link | ||
| Indy Node pool-upgrade Request improper authentication | 7.9 | Sep 6, 2022 | Indy | Link | ||
| Outbyte PC Repair Installation File iertutil.dll uncontrolled search path | 8.5 | Sep 7, 2022 | Outbyte PC Repair | Link | ||
| ActivityWatch authentication spoofing | 7.9 | Sep 7, 2022 | ActivityWatch | Link | ||
| phpfusion unverified password change | 7.8 | Sep 7, 2022 | Phpfusion | Link | ||
| QNAP QTS Photo Station external reference | 9.7 | Sep 8, 2022 | QNAP QTS | Link | ||
| ikus060 rdiffweb improper restriction of rendered ui layers | 8.0 | Sep 9, 2022 | ikus060 | Link | ||
| Wiki UI Main Wiki code injection | 7.9 | Sep 9, 2022 | Wiki Ul Main | Link | ||
| XWiki Platform Applications Tag code injection | 7.9 | Sep 9, 2022 | XWiki | Link | ||
| cruddl Schema special elements in data query logic | 7.9 | Sep 9, 2022 | Cruddl | Link | ||
| Fortinet FortiSOAR HTTP GET Request os command injection | 7.8 | Sep 9, 2022 | Fortinet | Link | ||
| XWiki Platform Web Templates Email Verification authentication bypass | 7.7 | Sep 9, 2022 | XWiki | Link | ||
| MZ Automation libIEC61850 memcpy stack-based overflow | 9.4 | Sep 10, 2022 | Automation libIEC61850 | Link | ||
| MZ Automation libIEC61850 stack-based overflow | 9.4 | Sep 10, 2022 | Automation libIEC61850 | Link |
Vulnerability
AutomationDirect DirectLOGIC Installation uncontrolled search path
CVSSv3
8.1
Release Date
Sep 1, 2022
Products
AutomationDirect
References
Link
Vulnerability
Contiki-NG IPv6 Packet uipbuf.c uipbuf_get_next_header buffer overflow
CVSSv3
7.7
Release Date
Sep 1, 2022
Products
Contiki-NG
References
Link
Vulnerability
Qualcomm Snapdragon Connectivity/Snapdragon Mobile Bluetooth Host stack-based overflow
CVSSv3
8.4
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto IO Space xPUs permission
CVSSv3
8.2
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Multimedia memory corruption
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto DSP Service out-of-bounds write
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Connectivity ELF Header memory corruption
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Video File Parser out-of-bounds
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto PCM Routing Process memory corruption
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Consumer IOT Graphic Driver use after free
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Multimedia Driver memory corruption
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Multimedia memory corruption
CVSSv3
7.9
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto RPMB cryptographic issues
CVSSv3
7.6
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto APR Routing Table memory corruption
CVSSv3
7.6
Release Date
Sep 2, 2022
Products
Qualcomm
References
Link
Vulnerability
SFTPGo Two-factor Authentication improper authentication
CVSSv3
7.6
Release Date
Sep 2, 2022
Products
SFTPGo
References
Link
Vulnerability
ZyXEL NAS326/NAS540/NAS542 UDP Packet format string
CVSSv3
9.6
Release Date
Sep 6, 2022
Products
ZyXEL
References
Link
Vulnerability
BitDefender GravityZone Console On-Premise Message deserialization
CVSSv3
8.6
Release Date
Sep 6, 2022
Products
BitDefender
References
Link
Vulnerability
Indy Node pool-upgrade Request improper authentication
CVSSv3
7.9
Release Date
Sep 6, 2022
Products
Indy
References
Link
Vulnerability
Outbyte PC Repair Installation File iertutil.dll uncontrolled search path
CVSSv3
8.5
Release Date
Sep 7, 2022
Products
Outbyte PC Repair
References
Link
Vulnerability
ActivityWatch authentication spoofing
CVSSv3
7.9
Release Date
Sep 7, 2022
Products
ActivityWatch
References
Link
Vulnerability
phpfusion unverified password change
CVSSv3
7.8
Release Date
Sep 7, 2022
Products
Phpfusion
References
Link
Vulnerability
QNAP QTS Photo Station external reference
CVSSv3
9.7
Release Date
Sep 8, 2022
Products
QNAP QTS
References
Link
Vulnerability
ikus060 rdiffweb improper restriction of rendered ui layers
CVSSv3
8.0
Release Date
Sep 9, 2022
Products
ikus060
References
Link
Vulnerability
Wiki UI Main Wiki code injection
CVSSv3
7.9
Release Date
Sep 9, 2022
Products
Wiki Ul Main
References
Link
Vulnerability
XWiki Platform Applications Tag code injection
CVSSv3
7.9
Release Date
Sep 9, 2022
Products
XWiki
References
Link
Vulnerability
cruddl Schema special elements in data query logic
CVSSv3
7.9
Release Date
Sep 9, 2022
Products
Cruddl
References
Link
Vulnerability
Fortinet FortiSOAR HTTP GET Request os command injection
CVSSv3
7.8
Release Date
Sep 9, 2022
Products
Fortinet
References
Link
Vulnerability
XWiki Platform Web Templates Email Verification authentication bypass
CVSSv3
7.7
Release Date
Sep 9, 2022
Products
XWiki
References
Link
Vulnerability
MZ Automation libIEC61850 memcpy stack-based overflow
CVSSv3
9.4
Release Date
Sep 10, 2022
Products
Automation libIEC61850
References
Link
Vulnerability
MZ Automation libIEC61850 stack-based overflow
CVSSv3
9.4
Release Date
Sep 10, 2022
Products
Automation libIEC61850
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| kromitgmbh titra improper authorization | 8.4 | Aug 1, 2022 | Kromitgmbh titra | Link | ||
| Shescape Regular Expression escapeAll injection | 8.4 | Aug 2, 2022 | Shescape | Link | ||
| fs2 certificate validation | 8.0 | Aug 2, 2022 | fs2 certificate | Link | ||
| CVAT server-side request forgery | 7.8 | Aug 2, 2022 | CVAT | Link | ||
| VMware Workspace ONE Access improper authentication | 9.4 | Aug 3, 2022 | VMware Workspace | Link | ||
| monorepo-build Remote Code Execution | 8.4 | Aug 3, 2022 | Monorepo | Link | ||
| image-tiler Remote Code Execution | 8.4 | Aug 3, 2022 | İmage-tiler | Link | ||
| tooljet access control | 8.4 | Aug 3, 2022 | Tooljet | Link | ||
| gitblame gitblame.js injection | 8.2 | Aug 3, 2022 | Gitblame | Link | ||
| heroku-env get.js injection | 8.2 | Aug 3, 2022 | Heroku | Link | ||
| npos-tesseract ocr.js injection | 8.2 | Aug 3, 2022 | npos-tesseract | Link | ||
| NHI Card Network Packet stack-based overflow | 7.7 | Aug 3, 2022 | NHI Card Network | Link | ||
| OMICARD EDM hard-coded credentials | 9.6 | Aug 4, 2022 | OMICARD | Link | ||
| DevExpress SafeBinaryFormatter deserialization | 8.6 | Aug 4, 2022 | DevExpress | Link | ||
| Vinchin Backup and Recovery hard-coded credentials | 8.5 | Aug 4, 2022 | Vinchin | Link | ||
| Sante PACS Server sql injection | 8.4 | Aug 4, 2022 | Sante PACS | Link | ||
| OMICARD EDM API Function sql injection | 8.4 | Aug 4, 2022 | OMICARD EDM API | Link | ||
| Sante DICOM Viewer Pro J2K File Parser out-of-bounds write | 8.3 | Aug 4, 2022 | Sante DICOM | Link | ||
| KVM use after free | 7.8 | Aug 5, 2022 | KVM | Link | ||
| Samsung Baseband heap-based overflow | 7.8 | Aug 5, 2022 | Samsung | Link | ||
| Ethermint exposure of resource | 7.6 | Aug 5, 2022 | Ethermint | Link | ||
| TCL LinkHub Mesh Wi-Fi MS1G Configuration logserver GetValue buffer overflow | 9.2 | Aug 6, 2022 | TCL LinkHub | Link | ||
| TCL LinkHub Mesh Wi-Fi MS1G Network ucloud_del_node access control | 9.2 | Aug 6, 2022 | TCL LinkHub | Link | ||
| TCL LinkHub Mesh Wi-Fi MS1G Network Packet addTimeGroup stack-based overflow | 8.8 | Aug 6, 2022 | TCL LinkHub | Link | ||
| TCL LinkHub Mesh Wi-Fi MS1G Network confctl_set_guest_wlan denial of service | 8.8 | Aug 6, 2022 | TCL LinkHub | Link | ||
| Microsoft Windows SMB Remote Code Execution | 7.7 | Aug 9, 2022 | Microsoft Wİndows | Link | ||
| KUKA V-KSS Robot Configuration missing authentication | 9.6 | Aug 10, 2022 | KUKA V-KSS | Link | ||
| Cisco Small Business RV345 buffer overflow | 9.4 | Aug 10, 2022 | Cisco Small | Link | ||
| Siemens SCALANCE XR-500 injection | 8.4 | Aug 10, 2022 | Siemens | Link | ||
| Cisco Small Business RV345 buffer overflow | 8.3 | Aug 10, 2022 | Cisco Small | Link |
Vulnerability
kromitgmbh titra improper authorization
CVSSv3
8.4
Release Date
Aug 1, 2022
Products
Kromitgmbh titra
References
Link
Vulnerability
Shescape Regular Expression escapeAll injection
CVSSv3
8.4
Release Date
Aug 2, 2022
Products
Shescape
References
Link
Vulnerability
fs2 certificate validation
CVSSv3
8.0
Release Date
Aug 2, 2022
Products
fs2 certificate
References
Link
Vulnerability
CVAT server-side request forgery
CVSSv3
7.8
Release Date
Aug 2, 2022
Products
CVAT
References
Link
Vulnerability
VMware Workspace ONE Access improper authentication
CVSSv3
9.4
Release Date
Aug 3, 2022
Products
VMware Workspace
References
Link
Vulnerability
monorepo-build Remote Code Execution
CVSSv3
8.4
Release Date
Aug 3, 2022
Products
Monorepo
References
Link
Vulnerability
image-tiler Remote Code Execution
CVSSv3
8.4
Release Date
Aug 3, 2022
Products
İmage-tiler
References
Link
Vulnerability
tooljet access control
CVSSv3
8.4
Release Date
Aug 3, 2022
Products
Tooljet
References
Link
Vulnerability
gitblame gitblame.js injection
CVSSv3
8.2
Release Date
Aug 3, 2022
Products
Gitblame
References
Link
Vulnerability
heroku-env get.js injection
CVSSv3
8.2
Release Date
Aug 3, 2022
Products
Heroku
References
Link
Vulnerability
npos-tesseract ocr.js injection
CVSSv3
8.2
Release Date
Aug 3, 2022
Products
npos-tesseract
References
Link
Vulnerability
NHI Card Network Packet stack-based overflow
CVSSv3
7.7
Release Date
Aug 3, 2022
Products
NHI Card Network
References
Link
Vulnerability
OMICARD EDM hard-coded credentials
CVSSv3
9.6
Release Date
Aug 4, 2022
Products
OMICARD
References
Link
Vulnerability
DevExpress SafeBinaryFormatter deserialization
CVSSv3
8.6
Release Date
Aug 4, 2022
Products
DevExpress
References
Link
Vulnerability
Vinchin Backup and Recovery hard-coded credentials
CVSSv3
8.5
Release Date
Aug 4, 2022
Products
Vinchin
References
Link
Vulnerability
Sante PACS Server sql injection
CVSSv3
8.4
Release Date
Aug 4, 2022
Products
Sante PACS
References
Link
Vulnerability
OMICARD EDM API Function sql injection
CVSSv3
8.4
Release Date
Aug 4, 2022
Products
OMICARD EDM API
References
Link
Vulnerability
Sante DICOM Viewer Pro J2K File Parser out-of-bounds write
CVSSv3
8.3
Release Date
Aug 4, 2022
Products
Sante DICOM
References
Link
Vulnerability
Samsung Baseband heap-based overflow
CVSSv3
7.8
Release Date
Aug 5, 2022
Products
Samsung
References
Link
Vulnerability
Ethermint exposure of resource
CVSSv3
7.6
Release Date
Aug 5, 2022
Products
Ethermint
References
Link
Vulnerability
TCL LinkHub Mesh Wi-Fi MS1G Configuration logserver GetValue buffer overflow
CVSSv3
9.2
Release Date
Aug 6, 2022
Products
TCL LinkHub
References
Link
Vulnerability
TCL LinkHub Mesh Wi-Fi MS1G Network ucloud_del_node access control
CVSSv3
9.2
Release Date
Aug 6, 2022
Products
TCL LinkHub
References
Link
Vulnerability
TCL LinkHub Mesh Wi-Fi MS1G Network Packet addTimeGroup stack-based overflow
CVSSv3
8.8
Release Date
Aug 6, 2022
Products
TCL LinkHub
References
Link
Vulnerability
TCL LinkHub Mesh Wi-Fi MS1G Network confctl_set_guest_wlan denial of service
CVSSv3
8.8
Release Date
Aug 6, 2022
Products
TCL LinkHub
References
Link
Vulnerability
Microsoft Windows SMB Remote Code Execution
CVSSv3
7.7
Release Date
Aug 9, 2022
Products
Microsoft Wİndows
References
Link
Vulnerability
KUKA V-KSS Robot Configuration missing authentication
CVSSv3
9.6
Release Date
Aug 10, 2022
Products
KUKA V-KSS
References
Link
Vulnerability
Cisco Small Business RV345 buffer overflow
CVSSv3
9.4
Release Date
Aug 10, 2022
Products
Cisco Small
References
Link
Vulnerability
Siemens SCALANCE XR-500 injection
CVSSv3
8.4
Release Date
Aug 10, 2022
Products
Siemens
References
Link
Vulnerability
Cisco Small Business RV345 buffer overflow
CVSSv3
8.3
Release Date
Aug 10, 2022
Products
Cisco Small
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| OpenSSL RSA Private Key rsaz_exp_x2.c ossl_rsaz_mod_exp_avx512_x2 memory corruption | 9.4 | July 1, 2022 | OpenSSL | Link | ||
| SaltStack Salt improper authorization | 8.0 | July 1, 2022 | SaltStack | Link | ||
| Distributed Data Systems WebHMI os command injection | 8.0 | July 2, 2022 | Distrubuted Data System | Link | ||
| Nokia DGX A100 BiosCfgTool memory corruption | 8.0 | July 2, 2022 | Nokia | Link | ||
| GitLab Project Import Privilege Escalation | 7.9 | July 2, 2022 | GitLab | Link | ||
| git-clone command injection | 7.6 | July 2, 2022 | git-clone | Link | ||
| Home Spot Cube2 DHCP Server Reply os command injection | 8.5 | July 3, 2022 | Home Spot Cube2 | Link | ||
| Linux Kernel User Namespace nf_tables_api.c nft_set_elem_init type confusion | 8.4 | July 5, 2022 | Linux Kernel | Link | ||
| IOBit Advanced System Care/Action Download Center Asc.exe permission | 8.5 | July 6, 2022 | IOBit | Link | ||
| MediaTek MT8797 Modem out-of-bounds write | 8.4 | July 6, 2022 | MediaTek | Link | ||
| IOBit Advanced System Care/Driver Booster Update Procedure data authenticity | 7.8 | July 6, 2022 | IOBit | Link | ||
| MediaTek MT8797 Modem 2G RR out-of-bounds write | 7.7 | July 6, 2022 | MediaTek | Link | ||
| CWP command injection | 7.7 | July 7, 2022 | CWP | Link | ||
| Dell EMC Storage Cloud Mobility Remote Code Execution | 8.9 | July 8, 2022 | Dell EMC | Link | ||
| atoms183 CMS product_admin.php sql injection | 8.0 | July 8, 2022 | Atoms183 CMS | Link | ||
| HPE IceWall SSO sql injection | 7.9 | July 8, 2022 | HPE | Link | ||
| Dell EMC PowerProtect Cyber Recovery access control | 7.6 | July 8, 2022 | Dell EMC | Link | ||
| Keycloak authorization | 7.6 | July 8, 2022 | Keycloak | Link | ||
| Hap-WI Roxy-WI options.py subprocess_execute os command injection | 9.4 | July 9, 2022 | Hap-WI Roxy-WI | Link | ||
| rpc.py HTTP Header deserialization | 8.2 | July 9, 2022 | Rpc | Link | ||
| Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification missing critical step in authentication | 9.6 | July 11, 2022 | Lenze cabinet | Link | ||
| Microsoft Azure Site Recovery VMWare to Azure Remote Code Execution | 8.1 | July 12, 2022 | Microsoft Azure | Link | ||
| Microsoft Windows Shell Privilege Escalation | 7.8 | July 12, 2022 | Microsoft Windows Shell | Link | ||
| Kubernetes aws-iam-authenticator access control | 7.7 | July 12, 2022 | Kubernetes | Link | ||
| Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation | 7.6 | July 12, 2022 | Microsoft AZure | Link | ||
| Pyramid EtherNet-IP Adapter Development Kit Packet out-of-bounds write | 9.1 | July 13, 2022 | Pyramid EtherNet-IP | Link | ||
| Verizon 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtcmode.sh enable_ssh os command injection | 8.5 | July 14, 2022 | Verizon 5G Home | Link | ||
| 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtc.lua crtcreadpartition os command injection | 8.5 | July 14, 2022 | 5G Home | Link | ||
| Verizon 5G Home LVSKIHP OutDoorUnit crtcrpc JSON Listener rpc.lua crtcswitchsimprofile os command injection | 8.5 | July 14, 2022 | Verizon 5G Home | Link | ||
| Verizon 5G Home LVSKIHP OutDoorUnit RPC Endpoint wnc_crtc_fw.sh crtc_fw_upgrade Privilege Escalation | 8.0 | July 14, 2022 | Verizon 5G Home | Link |
Vulnerability
OpenSSL RSA Private Key rsaz_exp_x2.c ossl_rsaz_mod_exp_avx512_x2 memory corruption
CVSSv3
9.4
Release Date
July 1, 2022
Products
OpenSSL
References
Link
Vulnerability
SaltStack Salt improper authorization
CVSSv3
8.0
Release Date
July 1, 2022
Products
SaltStack
References
Link
Vulnerability
Distributed Data Systems WebHMI os command injection
CVSSv3
8.0
Release Date
July 2, 2022
Products
Distrubuted Data System
References
Link
Vulnerability
Nokia DGX A100 BiosCfgTool memory corruption
CVSSv3
8.0
Release Date
July 2, 2022
Products
Nokia
References
Link
Vulnerability
GitLab Project Import Privilege Escalation
CVSSv3
7.9
Release Date
July 2, 2022
Products
GitLab
References
Link
Vulnerability
git-clone command injection
CVSSv3
7.6
Release Date
July 2, 2022
Products
git-clone
References
Link
Vulnerability
Home Spot Cube2 DHCP Server Reply os command injection
CVSSv3
8.5
Release Date
July 3, 2022
Products
Home Spot Cube2
References
Link
Vulnerability
Linux Kernel User Namespace nf_tables_api.c nft_set_elem_init type confusion
CVSSv3
8.4
Release Date
July 5, 2022
Products
Linux Kernel
References
Link
Vulnerability
IOBit Advanced System Care/Action Download Center Asc.exe permission
CVSSv3
8.5
Release Date
July 6, 2022
Products
IOBit
References
Link
Vulnerability
MediaTek MT8797 Modem out-of-bounds write
CVSSv3
8.4
Release Date
July 6, 2022
Products
MediaTek
References
Link
Vulnerability
IOBit Advanced System Care/Driver Booster Update Procedure data authenticity
CVSSv3
7.8
Release Date
July 6, 2022
Products
IOBit
References
Link
Vulnerability
MediaTek MT8797 Modem 2G RR out-of-bounds write
CVSSv3
7.7
Release Date
July 6, 2022
Products
MediaTek
References
Link
Vulnerability
CWP command injection
CVSSv3
7.7
Release Date
July 7, 2022
Products
CWP
References
Link
Vulnerability
Dell EMC Storage Cloud Mobility Remote Code Execution
CVSSv3
8.9
Release Date
July 8, 2022
Products
Dell EMC
References
Link
Vulnerability
atoms183 CMS product_admin.php sql injection
CVSSv3
8.0
Release Date
July 8, 2022
Products
Atoms183 CMS
References
Link
Vulnerability
HPE IceWall SSO sql injection
CVSSv3
7.9
Release Date
July 8, 2022
Products
HPE
References
Link
Vulnerability
Dell EMC PowerProtect Cyber Recovery access control
CVSSv3
7.6
Release Date
July 8, 2022
Products
Dell EMC
References
Link
Vulnerability
Keycloak authorization
CVSSv3
7.6
Release Date
July 8, 2022
Products
Keycloak
References
Link
Vulnerability
Hap-WI Roxy-WI options.py subprocess_execute os command injection
CVSSv3
9.4
Release Date
July 9, 2022
Products
Hap-WI Roxy-WI
References
Link
Vulnerability
rpc.py HTTP Header deserialization
CVSSv3
8.2
Release Date
July 9, 2022
Products
Rpc
References
Link
Vulnerability
Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification missing critical step in authentication
CVSSv3
9.6
Release Date
July 11, 2022
Products
Lenze cabinet
References
Link
Vulnerability
Microsoft Azure Site Recovery VMWare to Azure Remote Code Execution
CVSSv3
8.1
Release Date
July 12, 2022
Products
Microsoft Azure
References
Link
Vulnerability
Microsoft Windows Shell Privilege Escalation
CVSSv3
7.8
Release Date
July 12, 2022
Products
Microsoft Windows Shell
References
Link
Vulnerability
Kubernetes aws-iam-authenticator access control
CVSSv3
7.7
Release Date
July 12, 2022
Products
Kubernetes
References
Link
Vulnerability
Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation
CVSSv3
7.6
Release Date
July 12, 2022
Products
Microsoft AZure
References
Link
Vulnerability
Pyramid EtherNet-IP Adapter Development Kit Packet out-of-bounds write
CVSSv3
9.1
Release Date
July 13, 2022
Products
Pyramid EtherNet-IP
References
Link
Vulnerability
Verizon 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtcmode.sh enable_ssh os command injection
CVSSv3
8.5
Release Date
July 14, 2022
Products
Verizon 5G Home
References
Link
Vulnerability
5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtc.lua crtcreadpartition os command injection
CVSSv3
8.5
Release Date
July 14, 2022
Products
5G Home
References
Link
Vulnerability
Verizon 5G Home LVSKIHP OutDoorUnit crtcrpc JSON Listener rpc.lua crtcswitchsimprofile os command injection
CVSSv3
8.5
Release Date
July 14, 2022
Products
Verizon 5G Home
References
Link
Vulnerability
Verizon 5G Home LVSKIHP OutDoorUnit RPC Endpoint wnc_crtc_fw.sh crtc_fw_upgrade Privilege Escalation
CVSSv3
8.0
Release Date
July 14, 2022
Products
Verizon 5G Home
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Sofia-SIP SDP Message Parser heap-based overflow | 8.0 | June 1, 2022 | Sofia-SIP | Link | ||
| ramank775 Chat Server Access Token Validator this.authProvider.verifyAccessKey improper authentication | 8.0 | June 1, 2022 | Ramank775 | Link | ||
| Schneider Electric Wiser Smart missing encryption | 7.7 | June 3, 2022 | Schneider Electric | Link | ||
| eG Agent permission | 7.6 | June 3, 2022 | eG Agent | Link | ||
| Atlassian Confluence Server/Data Center OGNL injection | 9.4 | June 4, 2022 | Atlassian Confluence Server | Link | ||
| Dominion Democracy Suite Voting System ImageCast X certificate validation | 8.1 | June 5, 2022 | Dominion Democracy Suite Voting System | Link | ||
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow | 9.7 | June 6, 2022 | HID Mercury | Link | ||
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Hostname protection mechanism | 9.5 | June 6, 2022 | HID Mercury | Link | ||
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Route edit_route.cgi os command injection | 8.6 | June 6, 2022 | HID Mercury | Link | ||
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Firmware Binary direct request | 8.5 | June 6, 2022 | HID Mercury | Link | ||
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 path traversal | 8.0 | June 6, 2022 | HID Mercury | Link | ||
| 3CX Phone System PhoneSystem Terminal improper authentication | 8.8 | June 7, 2022 | 3CX Phone System | Link | ||
| emicklei go-restful authorization | 8.1 | June 8, 2022 | Emicklei | Link | ||
| ToaruOS Kernel access control | 7.7 | June 8, 2022 | ToaruOS | Link | ||
| ITarian SAAS/On-Premise procedures security check for standard | 9.1 | June 9, 2022 | ITarian | Link | ||
| Linux Kernel File System Notification copy_event_to_user use after free | 8.4 | June 9, 2022 | Linux Kernel File System | Link | ||
| PJSIP STUN buffer overflow | 8.4 | June 9, 2022 | PJSIP | Link | ||
| ITarian Endpoint Manage Communication Client OpenSSL Configuration openssl.conf permission | 8.1 | June 9, 2022 | ITarian | Link | ||
| Firejail User Namespace join.c access control | 7.9 | June 9, 2022 | Firejail | Link | ||
| gogs os command injection | 8.5 | June 10, 2022 | gogs | Link | ||
| gogs path traversal | 8.5 | June 10, 2022 | gogs | Link | ||
| jgraph drawio code injection | 8.3 | June 10, 2022 | jgraph | Link | ||
| ToolJet Remote Code Execution | 7.6 | June 10, 2022 | ToolJet | Link | ||
| RealVNC VNC Server Installer Repair access control | 8.4 | June 11, 2022 | RealVNC | Link | ||
| Dell SupportAssist Client Consumer uncontrolled search path | 8.3 | June 11, 2022 | Dell Sport Asssist | Link | ||
| Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow | 7.6 | June 11, 2022 | Linux Kernel | Link | ||
| Festo Controller CECC-X-M1 POST Request os command injection | 9.6 | June 13, 2022 | Festo Controller | Link | ||
| NAVER Cloud Explorer privileges management | 8.8 | June 13, 2022 | NAVER Cloud | Link | ||
| Microsoft Windows Network File System Remote Code Execution | 8.9 | June 14, 2022 | Microsoft Windows | Link | ||
| Microsoft Windows LDAP Remote Code Execution | 8.1 | June 14, 2022 | Microsoft Windows | Link |
Vulnerability
Sofia-SIP SDP Message Parser heap-based overflow
CVSSv3
8.0
Release Date
June 1, 2022
Products
Sofia-SIP
References
Link
Vulnerability
ramank775 Chat Server Access Token Validator this.authProvider.verifyAccessKey improper authentication
CVSSv3
8.0
Release Date
June 1, 2022
Products
Ramank775
References
Link
Vulnerability
Schneider Electric Wiser Smart missing encryption
CVSSv3
7.7
Release Date
June 3, 2022
Products
Schneider Electric
References
Link
Vulnerability
eG Agent permission
CVSSv3
7.6
Release Date
June 3, 2022
Products
eG Agent
References
Link
Vulnerability
Atlassian Confluence Server/Data Center OGNL injection
CVSSv3
9.4
Release Date
June 4, 2022
Products
Atlassian Confluence Server
References
Link
Vulnerability
Dominion Democracy Suite Voting System ImageCast X certificate validation
CVSSv3
8.1
Release Date
June 5, 2022
Products
Dominion Democracy Suite Voting System
References
Link
Vulnerability
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow
CVSSv3
9.7
Release Date
June 6, 2022
Products
HID Mercury
References
Link
Vulnerability
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Hostname protection mechanism
CVSSv3
9.5
Release Date
June 6, 2022
Products
HID Mercury
References
Link
Vulnerability
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Route edit_route.cgi os command injection
CVSSv3
8.6
Release Date
June 6, 2022
Products
HID Mercury
References
Link
Vulnerability
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Firmware Binary direct request
CVSSv3
8.5
Release Date
June 6, 2022
Products
HID Mercury
References
Link
Vulnerability
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 path traversal
CVSSv3
8.0
Release Date
June 6, 2022
Products
HID Mercury
References
Link
Vulnerability
3CX Phone System PhoneSystem Terminal improper authentication
CVSSv3
8.8
Release Date
June 7, 2022
Products
3CX Phone System
References
Link
Vulnerability
emicklei go-restful authorization
CVSSv3
8.1
Release Date
June 8, 2022
Products
Emicklei
References
Link
Vulnerability
ToaruOS Kernel access control
CVSSv3
7.7
Release Date
June 8, 2022
Products
ToaruOS
References
Link
Vulnerability
ITarian SAAS/On-Premise procedures security check for standard
CVSSv3
9.1
Release Date
June 9, 2022
Products
ITarian
References
Link
Vulnerability
Linux Kernel File System Notification copy_event_to_user use after free
CVSSv3
8.4
Release Date
June 9, 2022
Products
Linux Kernel File System
References
Link
Vulnerability
PJSIP STUN buffer overflow
CVSSv3
8.4
Release Date
June 9, 2022
Products
PJSIP
References
Link
Vulnerability
ITarian Endpoint Manage Communication Client OpenSSL Configuration openssl.conf permission
CVSSv3
8.1
Release Date
June 9, 2022
Products
ITarian
References
Link
Vulnerability
Firejail User Namespace join.c access control
CVSSv3
7.9
Release Date
June 9, 2022
Products
Firejail
References
Link
Vulnerability
gogs os command injection
CVSSv3
8.5
Release Date
June 10, 2022
Products
gogs
References
Link
Vulnerability
gogs path traversal
CVSSv3
8.5
Release Date
June 10, 2022
Products
gogs
References
Link
Vulnerability
jgraph drawio code injection
CVSSv3
8.3
Release Date
June 10, 2022
Products
jgraph
References
Link
Vulnerability
ToolJet Remote Code Execution
CVSSv3
7.6
Release Date
June 10, 2022
Products
ToolJet
References
Link
Vulnerability
RealVNC VNC Server Installer Repair access control
CVSSv3
8.4
Release Date
June 11, 2022
Products
RealVNC
References
Link
Vulnerability
Dell SupportAssist Client Consumer uncontrolled search path
CVSSv3
8.3
Release Date
June 11, 2022
Products
Dell Sport Asssist
References
Link
Vulnerability
Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow
CVSSv3
7.6
Release Date
June 11, 2022
Products
Linux Kernel
References
Link
Vulnerability
Festo Controller CECC-X-M1 POST Request os command injection
CVSSv3
9.6
Release Date
June 13, 2022
Products
Festo Controller
References
Link
Vulnerability
NAVER Cloud Explorer privileges management
CVSSv3
8.8
Release Date
June 13, 2022
Products
NAVER Cloud
References
Link
Vulnerability
Microsoft Windows Network File System Remote Code Execution
CVSSv3
8.9
Release Date
June 14, 2022
Products
Microsoft Windows
References
Link
Vulnerability
Microsoft Windows LDAP Remote Code Execution
CVSSv3
8.1
Release Date
June 14, 2022
Products
Microsoft Windows
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Bender CC612 SSH hard-coded password (CVE-2021-34601) | 9.8 | Apr 28, 2022 | Bender CC612 | Link | ||
| Bender CC612/CC613/ICC15xx/ICC16xx ifplugd unnecessary privileges (CVE-2021-34591) | 7.6 | Apr 28, 2022 | Bender CC612/CC613/ICC15xx/ICC16xx | Link | ||
| cifs-utils mount.cifs stack-based overflow (CVE-2022-27239) | 7.5 | Apr 28, 2022 | cifs-utils | Link | ||
| Bender CC612/CC613/ICC15xx/ICC16xx Web Interface os command injection (CVE-2021-34602) | 8.6 | Apr 28, 2022 | Bender CC612/CC613/ICC15xx/ICC16xx | Link | ||
| FreeRDP NTLM Authentication improper authentication ( CVE-2022-24882) | 9.3 | Apr 26, 2022 | FreeRDP up to 2.6.x | Link | ||
| Solana rBPF sdiv Instruction calculation (CVE-2022-23066) | 9.3 | May 9, 2022 | SOLANA RBPF | Link | ||
| Tecson Tankspion Endpoint improper authentication (CVE-2019-12254) | 8.4 | May 7, 2022 | TECSON TANKSPION ENDPOINT | Link | ||
| Splunk Enterprise Search Parameter injection (CVE-2022-26889) | 7.9 | May 7, 2022 | Splunk Enterprise | Link | ||
| QNAP QVR command injection (CVE-2022-27588) | 9.6 | May 6, 2022 | QNAP QVR PRIOR 5.1.6 | Link | ||
| ecdsautils CLI Command ecdsa_verify_list_legacy signature verification (CVE-2022-24884) | 8.5 | May 6, 2022 | ECDSAUTILS | Link | ||
| Flux/kustomize-controller kustomization.yaml path traversal (CVE-2022-24887) | 7.9 | May 6, 2022 | FLUX/KUSTOMIZE-CONTROLLER | Link | ||
| python-libnmap Remote Code Execution (CVE-2022-30284) | 8.5 | May 5, 2022 | Python | Link | ||
| clinical-genomics scout server-side request forgery (CVE-2022-1592) | 8.2 | May 5, 2022 | CLINICAL-GENOMICS SCOUT | Link | ||
| YetiForce CRM unrestricted upload (CVE-2022-1411) | 7.5 | May 5, 2022 | YETIFORCE CRM | Link | ||
| TIBCO Managed File Transfer Command Center DOM XML Parser/SAX XML Parser xml external entity reference (CVE-2022-22774) | 7.9 | May 10, 2022 | TIBCO | Link | ||
| D-Link DIR-882 Blink command injection (CVE-2022-28901) | 8.0 | May 10, 2022 | D-Link | Link | ||
| D-Link DIR-882 SubnetMask command injection (CVE-2022-28896) | 8.0 | May 10, 2022 | D-Link | Link | ||
| D-Link DIR-882 IPAddress command injection (CVE-2022-28895) | 7.7 | May 10, 2022 | D-Link | Link | ||
| alextselegidis easyappointments API privileges management (CVE-2022-1397) | 8.6 | May 10, 2022 | alextselegidis | Link | ||
| InHand InRouter302 Console Factory stack-based overflow (CVE-2022-26002) | 8.1 | May 12, 2022 | InHand | Link | ||
| InHand InRouter302 httpd libnvram.so nvram_import input validation (CVE-2022-26782) | 9.3 | May 12, 2022 | InHand | Link | ||
| InHand InRouter302 Network Request infactory_net os command injection (CVE-2022-26518) | 9.3 | May 12, 2022 | InHand | Link | ||
| InHand InRouter302 Console infactory_port os command injection (CVE-2022-26420) | 9.3 | May 12, 2022 | InHand | Link | ||
| InHand InRouter302 Console infactory_wlan os command injection (CVE-2022-26075) | 9.3 | May 12, 2022 | InHand | Link | ||
| Weintek cMT code injection (CVE-2021-27446) | 9.7 | May 17, 2022 | Weintek | Link | ||
| Trend Micro Password Manager link following (CVE-2022-30523) | 8.8 | May 17, 2022 | Trend Micro | Link | ||
| Weintek cMT access control (CVE-2021-27444) | 8.4 | May 17, 2022 | Weintek | Link | ||
| Linux Kernel sched Privilege Escalation (CVE-2022-29581) | 8.1 | May 17, 2022 | Linux kernel | Link | ||
| Linux Kernel io_uring integer overflow (CVE-2022-1116) | 8.1 | May 17, 2022 | Linux kernel | Link | ||
| Fidelis Network and Deception Web Interface os command injection (CVE-) | 8.6 | May 18, 2022 | Fidelis | Link |
Vulnerability
Bender CC612 SSH hard-coded password (CVE-2021-34601)
CVSSv3
9.8
Release Date
Apr 28, 2022
Products
Bender CC612
References
Link
Vulnerability
Bender CC612/CC613/ICC15xx/ICC16xx ifplugd unnecessary privileges (CVE-2021-34591)
CVSSv3
7.6
Release Date
Apr 28, 2022
Products
Bender CC612/CC613/ICC15xx/ICC16xx
References
Link
Vulnerability
cifs-utils mount.cifs stack-based overflow (CVE-2022-27239)
CVSSv3
7.5
Release Date
Apr 28, 2022
Products
cifs-utils
References
Link
Vulnerability
Bender CC612/CC613/ICC15xx/ICC16xx Web Interface os command injection (CVE-2021-34602)
CVSSv3
8.6
Release Date
Apr 28, 2022
Products
Bender CC612/CC613/ICC15xx/ICC16xx
References
Link
Vulnerability
FreeRDP NTLM Authentication improper authentication ( CVE-2022-24882)
CVSSv3
9.3
Release Date
Apr 26, 2022
Products
FreeRDP up to 2.6.x
References
Link
Vulnerability
Solana rBPF sdiv Instruction calculation (CVE-2022-23066)
CVSSv3
9.3
Release Date
May 9, 2022
Products
SOLANA RBPF
References
Link
Vulnerability
Tecson Tankspion Endpoint improper authentication (CVE-2019-12254)
CVSSv3
8.4
Release Date
May 7, 2022
Products
TECSON TANKSPION ENDPOINT
References
Link
Vulnerability
Splunk Enterprise Search Parameter injection (CVE-2022-26889)
CVSSv3
7.9
Release Date
May 7, 2022
Products
Splunk Enterprise
References
Link
Vulnerability
QNAP QVR command injection (CVE-2022-27588)
CVSSv3
9.6
Release Date
May 6, 2022
Products
QNAP QVR PRIOR 5.1.6
References
Link
Vulnerability
ecdsautils CLI Command ecdsa_verify_list_legacy signature verification (CVE-2022-24884)
CVSSv3
8.5
Release Date
May 6, 2022
Products
ECDSAUTILS
References
Link
Vulnerability
Flux/kustomize-controller kustomization.yaml path traversal (CVE-2022-24887)
CVSSv3
7.9
Release Date
May 6, 2022
Products
FLUX/KUSTOMIZE-CONTROLLER
References
Link
Vulnerability
python-libnmap Remote Code Execution (CVE-2022-30284)
CVSSv3
8.5
Release Date
May 5, 2022
Products
Python
References
Link
Vulnerability
clinical-genomics scout server-side request forgery (CVE-2022-1592)
CVSSv3
8.2
Release Date
May 5, 2022
Products
CLINICAL-GENOMICS SCOUT
References
Link
Vulnerability
YetiForce CRM unrestricted upload (CVE-2022-1411)
CVSSv3
7.5
Release Date
May 5, 2022
Products
YETIFORCE CRM
References
Link
Vulnerability
TIBCO Managed File Transfer Command Center DOM XML Parser/SAX XML Parser xml external entity reference (CVE-2022-22774)
CVSSv3
7.9
Release Date
May 10, 2022
Products
TIBCO
References
Link
Vulnerability
D-Link DIR-882 Blink command injection (CVE-2022-28901)
CVSSv3
8.0
Release Date
May 10, 2022
Products
D-Link
References
Link
Vulnerability
D-Link DIR-882 SubnetMask command injection (CVE-2022-28896)
CVSSv3
8.0
Release Date
May 10, 2022
Products
D-Link
References
Link
Vulnerability
D-Link DIR-882 IPAddress command injection (CVE-2022-28895)
CVSSv3
7.7
Release Date
May 10, 2022
Products
D-Link
References
Link
Vulnerability
alextselegidis easyappointments API privileges management (CVE-2022-1397)
CVSSv3
8.6
Release Date
May 10, 2022
Products
alextselegidis
References
Link
Vulnerability
InHand InRouter302 Console Factory stack-based overflow (CVE-2022-26002)
CVSSv3
8.1
Release Date
May 12, 2022
Products
InHand
References
Link
Vulnerability
InHand InRouter302 httpd libnvram.so nvram_import input validation (CVE-2022-26782)
CVSSv3
9.3
Release Date
May 12, 2022
Products
InHand
References
Link
Vulnerability
InHand InRouter302 Network Request infactory_net os command injection (CVE-2022-26518)
CVSSv3
9.3
Release Date
May 12, 2022
Products
InHand
References
Link
Vulnerability
InHand InRouter302 Console infactory_port os command injection (CVE-2022-26420)
CVSSv3
9.3
Release Date
May 12, 2022
Products
InHand
References
Link
Vulnerability
InHand InRouter302 Console infactory_wlan os command injection (CVE-2022-26075)
CVSSv3
9.3
Release Date
May 12, 2022
Products
InHand
References
Link
Vulnerability
Weintek cMT code injection (CVE-2021-27446)
CVSSv3
9.7
Release Date
May 17, 2022
Products
Weintek
References
Link
Vulnerability
Trend Micro Password Manager link following (CVE-2022-30523)
CVSSv3
8.8
Release Date
May 17, 2022
Products
Trend Micro
References
Link
Vulnerability
Weintek cMT access control (CVE-2021-27444)
CVSSv3
8.4
Release Date
May 17, 2022
Products
Weintek
References
Link
Vulnerability
Linux Kernel sched Privilege Escalation (CVE-2022-29581)
CVSSv3
8.1
Release Date
May 17, 2022
Products
Linux kernel
References
Link
Vulnerability
Linux Kernel io_uring integer overflow (CVE-2022-1116)
CVSSv3
8.1
Release Date
May 17, 2022
Products
Linux kernel
References
Link
Vulnerability
Fidelis Network and Deception Web Interface os command injection (CVE-)
CVSSv3
8.6
Release Date
May 18, 2022
Products
Fidelis
References
Link
November
October
September
August
July
June
May
April
March
February
January
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Zero-Day Remote code Execution Vulnerability in Palo Alto Firewalls Utilising the GlobalProtect VPN Component CVE-2021-3064 | Unknown | 9.8 | Nov 10, 2021 | Palo Alto Firewall Operating System PAN-OS 8.1 prior to 8.1.17 | Link | |
| Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability discovered by MSTIC CVE-2021-42321 | Exploited in the Tianfu Cup | 8.8 | Nov 9, 2021 | Microsoft Exchange Server | Link | |
| Microsoft Excel Security Feature Bypass Vulnerability discovered by MSTIC CVE-2021-42292 | In-the-wild | 7.8 | Nov 9, 2021 | Microsoft Office | Link | |
| Critical Citrix Unauthenticated Denial of Service (DDoS) Bug Shuting Down Network, Cloud App Access CVE-2021-22955 | Ongoing exploitation | N/A | Nov 9, 2021 | Citrix ADC | Citrix Gateway | Link | |
| Critical Remote Code Execution (RCE) in the Transparent Inter Process Communication (TIPC) Module of the Linux Kernel CVE-2021-43267 | Unknown | 9.8 | Nov 2, 2021 | Linux Kernel Versions between 5.10 and 5.15 | Link | |
| Google Android Zero-Day Use-After-Free (UAF) Bug Leading to a Local Escalation of Privilege in the Kernel CVE-2021-1048 | In-the-wild | 7.8 | Nov 1, 2021 | Android Kernel | Link | |
| ‘Trojan Source’ Bugs of Unicode Bidirectional Algorithm (BiDi) CVE-2021-42574 | CVE-2021-42694 | POC Exploit Code Available | 9.8 | Nov 1, 2021 | Unicode Bidirectional Algorithm (BiDi) through Version 14.0 | Link |
Vulnerability
Zero-Day Remote code Execution Vulnerability in Palo Alto Firewalls Utilising the GlobalProtect VPN Component CVE-2021-3064
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Nov 10, 2021
Products
Palo Alto Firewall Operating System PAN-OS 8.1 prior to 8.1.17
References
Link
Vulnerability
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability discovered by MSTIC CVE-2021-42321
Exploitation Status
Exploited in the Tianfu Cup
CVSSv3
8.8
Release Date
Nov 9, 2021
Products
Microsoft Exchange Server
References
Link
Vulnerability
Microsoft Excel Security Feature Bypass Vulnerability discovered by MSTIC CVE-2021-42292
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Nov 9, 2021
Products
Microsoft Office
References
Link
Vulnerability
Critical Citrix Unauthenticated Denial of Service (DDoS) Bug Shuting Down Network, Cloud App Access CVE-2021-22955
Exploitation Status
Ongoing exploitation
CVSSv3
N/A
Release Date
Nov 9, 2021
Products
Citrix ADC | Citrix Gateway
References
Link
Vulnerability
Critical Remote Code Execution (RCE) in the Transparent Inter Process Communication (TIPC) Module of the Linux Kernel CVE-2021-43267
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Nov 2, 2021
Products
Linux Kernel Versions between 5.10 and 5.15
References
Link
Vulnerability
Google Android Zero-Day Use-After-Free (UAF) Bug Leading to a Local Escalation of Privilege in the Kernel CVE-2021-1048
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Nov 1, 2021
Products
Android Kernel
References
Link
Vulnerability
‘Trojan Source’ Bugs of Unicode Bidirectional Algorithm (BiDi) CVE-2021-42574 | CVE-2021-42694
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Nov 1, 2021
Products
Unicode Bidirectional Algorithm (BiDi) through Version 14.0
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Cisco SD-WAN High-Severity Privilege Escalation Vulnerability Leading to Arbitrary Code Execution in the IOS IE Operating System CVE-2021-1529 | Unknown | 7.8 | Oct 20, 2021 | Cisco IOS XE Software | Cisco IOS XE SD-WAN Software | Link | |
| RCE Vulnerability in The Trial Version of WinRAR CVE-2021-35052 | Unknown | N/A | Oct 20, 2021 | WinRAR Version 5.70 | Link | |
| Google Chrome Critical Heap-Buffer-Overflow and Use-After-Free (UAF) Vulnerabilities CVE-2021-37981 | CVE-2021-37984 | CVE-2021-37982 | CVE-2021-37983 | CVE-2021-37985 | Unknown | N/A | Oct 19, 2021 | Google Chrome | Link | |
| Microsoft Exchange Server Remote Code (RCE) Vulnerability found by NSA CVE-2021-26427 | Unknown | 9.0 | Oct 12, 2021 | Microsoft Exchange Server | Link | |
| Windows Win32k Elevation of Privilege Zero-Day Vulnerability Used By MysterySnail RAT CVE-2021-40449 | In-the-wild | 7.8 | Oct 12, 2021 | All Supported Versions of Windows | Link | |
| RCE Vulnerabilities on Microsoft SharePoint and Windows DNS Servers CVE-2021-40487 | CVE-2021-40469 | Unknown | 8.1 | Oct 12, 2021 | Microsoft SharePoint Versions | Windows DNS Server Versions | Link | Link |
| Apple iOS Remote Code Execution (RCE) Zero-Day Bug CVE-2021-30883 | In-the-wild | N/A | Oct 11, 2021 | iOS 15.0.2 and iPadOS 15.0.2 | Link | |
| Path Traversal Zero Day and File Disclosure Vulnerability in Apache HTTP Server CVE-2021-41773 | CVE-2021-42013 | In-the-wild | 7.5 | Oct 4, 2021 | Apache HTTP Server 2.4.49 | Link |
Vulnerability
Cisco SD-WAN High-Severity Privilege Escalation Vulnerability Leading to Arbitrary Code Execution in the IOS IE Operating System CVE-2021-1529
Exploitation Status
Unknown
CVSSv3
7.8
Release Date
Oct 20, 2021
Products
Cisco IOS XE Software | Cisco IOS XE SD-WAN Software
References
Link
Vulnerability
RCE Vulnerability in The Trial Version of WinRAR CVE-2021-35052
Exploitation Status
Unknown
CVSSv3
N/A
Release Date
Oct 20, 2021
Products
WinRAR Version 5.70
References
Link
Vulnerability
Google Chrome Critical Heap-Buffer-Overflow and Use-After-Free (UAF) Vulnerabilities CVE-2021-37981 | CVE-2021-37984 | CVE-2021-37982 | CVE-2021-37983 | CVE-2021-37985
Exploitation Status
Unknown
CVSSv3
N/A
Release Date
Oct 19, 2021
Products
Google Chrome
References
Link
Vulnerability
Microsoft Exchange Server Remote Code (RCE) Vulnerability found by NSA CVE-2021-26427
Exploitation Status
Unknown
CVSSv3
9.0
Release Date
Oct 12, 2021
Products
Microsoft Exchange Server
References
Link
Vulnerability
Windows Win32k Elevation of Privilege Zero-Day Vulnerability Used By MysterySnail RAT CVE-2021-40449
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Oct 12, 2021
Products
All Supported Versions of Windows
References
Link
Vulnerability
RCE Vulnerabilities on Microsoft SharePoint and Windows DNS Servers CVE-2021-40487 | CVE-2021-40469
Exploitation Status
Unknown
CVSSv3
8.1
Release Date
Oct 12, 2021
Products
Microsoft SharePoint Versions | Windows DNS Server Versions
References
Link
Vulnerability
Apple iOS Remote Code Execution (RCE) Zero-Day Bug CVE-2021-30883
Exploitation Status
In-the-wild
CVSSv3
N/A
Release Date
Oct 11, 2021
Products
iOS 15.0.2 and iPadOS 15.0.2
References
Link
Vulnerability
Path Traversal Zero Day and File Disclosure Vulnerability in Apache HTTP Server CVE-2021-41773 | CVE-2021-42013
Exploitation Status
In-the-wild
CVSSv3
7.5
Release Date
Oct 4, 2021
Products
Apache HTTP Server 2.4.49
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Second Pair of Google Chrome Use-after-free Zero Day Bugs in September CVE-2021-37975 | CVE-2021-37976 | In-the-wild | N/A | Sep 30, 2021 | Google Chrome | Link | |
| Unpatched Stored XSS Zero-Day Vulnerability in Apple AirTag N/A | Unknown | N/A | Sep 29, 2021 | Apple AirTag | Link | |
| Cisco Unauthenticated Remote-code-execution (RCE) and Denial-of-service (DoS) Vulnerability CVE-2021-34770 | Unknown | 10 | Sep 22, 2021 | Cisco Catalyst 9000 Family of Wireless Controllers | Link | |
| Critical Software-buffer-overflow and Authentication-bypass Bugs in Cisco CVE-2021-34727 | CVE-2021-1619 | Unknown | 9.8 | Sep 22, 2021 | Cisco SD-WAN Software | Cisco IOS XE Software | Link | |
| VMware Ransomware-Friendly Arbitrary File Upload Bug in vCenter Server CVE-2021-22005 | POC exploit code available | 9.8 | Sep 21, 2021 | VMware vCenter Server | Link | |
| Zero-day Security Vulnerability in Apple’s macOS Finder System No CVE assigned | Unknown | N/A | Sep 21, 2021 | macOS Big Sur and Prior | Link | |
| Netgear SOHO Security Bug allowing RCE via A Man-in-the-middle (MiTM) Attack CVE-2021-40847 | POC exploit code available | 8.1 | Sep 20, 2021 | Netgear Small Office/Home Office (SOHO) Routers | Link | |
| Adobe Arbitrary Code Execution Vulnerability Affecting Its Core Products CVE-2021-39863 | Unknown | 8.8 | Sep 14, 2021 | Adobe Reader DC | Adobe Acrobat Reader DC | Link | |
| OMIGOD Microsoft Zero-day RCE Vulnerability in the Azure Cloud Platform CVE-2021-38647 | POC exploit code available | 9.8 | Sep 14, 2021 | Microsoft Azure Cloud | Link | |
| ForcedEntry Apple Zero-day Bugs Exploited by NSO Group CVE-2021-30858 | CVE-2021-30860 | Zero-click exploit available | 8.8 | Sep 13, 2021 | iPhone | iPad | Mac | Apple Watch | Link | |
| Google Chrome Use-After-Free (UAF) Zero-Day Bugs CVE-2021-30632 | CVE-2021-30633 | In-the-wild | N/A | Sep 13, 2021 | Google Chrome | Link | |
| Zero-Day RCE Vulnerability in Microsoft MSHTML CVE-2021-40444 | Ongoing exploitation | 8.8 | Sep 7, 2021 | Microsoft Windows | Link | |
| An Authentication Bypass Bug in the ManageEngine ADSelfService Plus Platform CVE-2021-40539 | Ongoing exploitation | N/A | Sep 7, 2021 | Zoho ManageEngine ADSelfService Plus | Link | |
| Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability CVE-2021-34746 | POC exploit code available | 9.8 | Sep 1, 2021 | Cisco Enterprise NFVIS | Link |
Vulnerability
Second Pair of Google Chrome Use-after-free Zero Day Bugs in September CVE-2021-37975 | CVE-2021-37976
Exploitation Status
In-the-wild
CVSSv3
N/A
Release Date
Sep 30, 2021
Products
Google Chrome
References
Link
Vulnerability
Unpatched Stored XSS Zero-Day Vulnerability in Apple AirTag N/A
Exploitation Status
Unknown
CVSSv3
N/A
Release Date
Sep 29, 2021
Products
Apple AirTag
References
Link
Vulnerability
Cisco Unauthenticated Remote-code-execution (RCE) and Denial-of-service (DoS) Vulnerability CVE-2021-34770
Exploitation Status
Unknown
CVSSv3
10
Release Date
Sep 22, 2021
Products
Cisco Catalyst 9000 Family of Wireless Controllers
References
Link
Vulnerability
Critical Software-buffer-overflow and Authentication-bypass Bugs in Cisco CVE-2021-34727 | CVE-2021-1619
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Sep 22, 2021
Products
Cisco SD-WAN Software | Cisco IOS XE Software
References
Link
Vulnerability
VMware Ransomware-Friendly Arbitrary File Upload Bug in vCenter Server CVE-2021-22005
Exploitation Status
POC exploit code available
CVSSv3
9.8
Release Date
Sep 21, 2021
Products
VMware vCenter Server
References
Link
Vulnerability
Zero-day Security Vulnerability in Apple’s macOS Finder System No CVE assigned
Exploitation Status
Unknown
CVSSv3
N/A
Release Date
Sep 21, 2021
Products
macOS Big Sur and Prior
References
Link
Vulnerability
Netgear SOHO Security Bug allowing RCE via A Man-in-the-middle (MiTM) Attack CVE-2021-40847
Exploitation Status
POC exploit code available
CVSSv3
8.1
Release Date
Sep 20, 2021
Products
Netgear Small Office/Home Office (SOHO) Routers
References
Link
Vulnerability
Adobe Arbitrary Code Execution Vulnerability Affecting Its Core Products CVE-2021-39863
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Sep 14, 2021
Products
Adobe Reader DC | Adobe Acrobat Reader DC
References
Link
Vulnerability
OMIGOD Microsoft Zero-day RCE Vulnerability in the Azure Cloud Platform CVE-2021-38647
Exploitation Status
POC exploit code available
CVSSv3
9.8
Release Date
Sep 14, 2021
Products
Microsoft Azure Cloud
References
Link
Vulnerability
ForcedEntry Apple Zero-day Bugs Exploited by NSO Group CVE-2021-30858 | CVE-2021-30860
Exploitation Status
Zero-click exploit available
CVSSv3
8.8
Release Date
Sep 13, 2021
Products
iPhone | iPad | Mac | Apple Watch
References
Link
Vulnerability
Google Chrome Use-After-Free (UAF) Zero-Day Bugs CVE-2021-30632 | CVE-2021-30633
Exploitation Status
In-the-wild
CVSSv3
N/A
Release Date
Sep 13, 2021
Products
Google Chrome
References
Link
Vulnerability
Zero-Day RCE Vulnerability in Microsoft MSHTML CVE-2021-40444
Exploitation Status
Ongoing exploitation
CVSSv3
8.8
Release Date
Sep 7, 2021
Products
Microsoft Windows
References
Link
Vulnerability
An Authentication Bypass Bug in the ManageEngine ADSelfService Plus Platform CVE-2021-40539
Exploitation Status
Ongoing exploitation
CVSSv3
N/A
Release Date
Sep 7, 2021
Products
Zoho ManageEngine ADSelfService Plus
References
Link
Vulnerability
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability CVE-2021-34746
Exploitation Status
POC exploit code available
CVSSv3
9.8
Release Date
Sep 1, 2021
Products
Cisco Enterprise NFVIS
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Critical Microsoft Azure Cosmos DB Bug No CVE assigned | Unknown | N/A | Aug 26, 2021 | Microsoft Azure Cosmos DB | Jupyter Notebook | Link | |
| Critical Vulnerability in the Atlassian Confluence Server Platform CVE-2021-26084 | Ongoing exploitation | 9.8 | Aug 25, 2021 | Atlassian Confluence Server and Data Center | Link | |
| Sudo Bug Privilege Escalation Vulnerability for HPE Aruba CVE-2021-3156 | POC exploit code available | 7.8 | Aug 25, 2021 | HPE Aruba AirWave Management Platform | Link | |
| Parallels Desktop Privilege Escalation Bug CVE-2021-34864 | Unknown | 8.8 | Aug 25, 2021 | Parallels Desktop | Link | |
| A Consensus Vulnerability in Go-Ethereum (Geth) EVM Causing a Node to Reject the Canonical Chain CVE-2021-39137 | In-the-wild | 7.5 | Aug 24, 2021 | All Geth Versions Supporting the London Hard Fork | Link | |
| OpenSSL Bug in the Implementation of the SM2 Decryption Code Leading to a Buffer Overflow when Calling the API Function to Decrypt SM2 Encrypted Data CVE-2021-3711 | Unknown | 9.8 | Aug 24, 2021 | OpenSSL versions 1.1.1k and earlier 1.1.1x | Link | |
| ThroughTek Critical Bug Allowing Remote Compromise, Control of Millions of IoT devices CVE-2021-28372 | Unknown | 8.3 | Aug 17, 2021 | ThroughTek’s Kalay Platform 2.0 | Link | |
| Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-36958 | Unknown | 7.8 | Aug 11, 2021 | Windows Server | Link | |
| Realtek Jungle SDK Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability CVE-2021-35395 | Ongoing exploitation | 9.8 | Aug 11, 2021 | Realtek SDK | Realtek “Jungle” SDK | Realtek “Luna” SDK | Link | |
| Pulse Connect Secure Vulnerability Allowing an Authenticated Administrator to Perform a File Write via a Maliciously Crafted Archive Uploaded in the Administrator Web Interface CVE-2021-22937 | Unknown | 9.1 | Aug 5, 2021 | Pulse Connect Secure before 9.1R12 | Link |
Vulnerability
Critical Microsoft Azure Cosmos DB Bug No CVE assigned
Exploitation Status
Unknown
CVSSv3
N/A
Release Date
Aug 26, 2021
Products
Microsoft Azure Cosmos DB | Jupyter Notebook
References
Link
Vulnerability
Critical Vulnerability in the Atlassian Confluence Server Platform CVE-2021-26084
Exploitation Status
Ongoing exploitation
CVSSv3
9.8
Release Date
Aug 25, 2021
Products
Atlassian Confluence Server and Data Center
References
Link
Vulnerability
Sudo Bug Privilege Escalation Vulnerability for HPE Aruba CVE-2021-3156
Exploitation Status
POC exploit code available
CVSSv3
7.8
Release Date
Aug 25, 2021
Products
HPE Aruba AirWave Management Platform
References
Link
Vulnerability
Parallels Desktop Privilege Escalation Bug CVE-2021-34864
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Aug 25, 2021
Products
Parallels Desktop
References
Link
Vulnerability
A Consensus Vulnerability in Go-Ethereum (Geth) EVM Causing a Node to Reject the Canonical Chain CVE-2021-39137
Exploitation Status
In-the-wild
CVSSv3
7.5
Release Date
Aug 24, 2021
Products
All Geth Versions Supporting the London Hard Fork
References
Link
Vulnerability
OpenSSL Bug in the Implementation of the SM2 Decryption Code Leading to a Buffer Overflow when Calling the API Function to Decrypt SM2 Encrypted Data CVE-2021-3711
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Aug 24, 2021
Products
OpenSSL versions 1.1.1k and earlier 1.1.1x
References
Link
Vulnerability
ThroughTek Critical Bug Allowing Remote Compromise, Control of Millions of IoT devices CVE-2021-28372
Exploitation Status
Unknown
CVSSv3
8.3
Release Date
Aug 17, 2021
Products
ThroughTek’s Kalay Platform 2.0
References
Link
Vulnerability
Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-36958
Exploitation Status
Unknown
CVSSv3
7.8
Release Date
Aug 11, 2021
Products
Windows Server
References
Link
Vulnerability
Realtek Jungle SDK Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability CVE-2021-35395
Exploitation Status
Ongoing exploitation
CVSSv3
9.8
Release Date
Aug 11, 2021
Products
Realtek SDK | Realtek “Jungle” SDK | Realtek “Luna” SDK
References
Link
Vulnerability
Pulse Connect Secure Vulnerability Allowing an Authenticated Administrator to Perform a File Write via a Maliciously Crafted Archive Uploaded in the Administrator Web Interface CVE-2021-22937
Exploitation Status
Unknown
CVSSv3
9.1
Release Date
Aug 5, 2021
Products
Pulse Connect Secure before 9.1R12
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Apple Zero-Day Local Privilege Escalation Vulnerability in the IOMobileFrameBuffer CVE-2021-30807 | In-the-wild | 7.8 | Jul 26, 2021 | iOS 14.7.1 | iPadOS 14.7.1 | macOS Big Sur 11.5.1 | watchOS 7.6.1 | Link | |
| Jira Remote Code Execution (RCE) Missing Authentication Bug in Atlassian CVE-2020-36239 | Unknown | 9.8 | Jul 21, 2021 | Jira Data Center | Jira Service Management Data Center | Link | |
| Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34481 | Unknown | 8.8 | Jul 15, 2021 | Windows Server | Link | |
| Type Confusion Bug in V8 in Google Chrome CVE-2021-30563 | In-the-wild | 8.8 | Jul 15, 2021 | Google Chrome prior to 91.0.4472.164 | Link | |
| Remote Code Execution (RCE) Vulnerability in the SolarWinds Serv-U Product CVE-2021-35211 | Zero-Day Exploit | 10.0 | Jul 13, 2021 | SolarWinds Serv-U Managed File Transfer | Serv-U Secure FTP for Windows before 15.2.3 HF2 | Link | |
| Microsoft Exchange Information Disclosure Vulnerability CVE-2021-33766 | Unknown | 7.5 | Jul 13, 2021 | Microsoft Exchange Server | Link | |
| Linux Kernel Netfilter Heap Out-Of-Bounds Write Denial-of-Service (DoS) Bug CVE-2021-22555 | POC Exploit Code Available | 8.3 | Jul 7, 2021 | Linux since v2.6.19-rc1 | Link | |
| Microsoft Exchange Server Remote Code Execution ProxyShell Vulnerability CVE-2021-34473 | Unknown | 9.1 | Jul 2, 2021 | Microsoft Exchange Server | Link | |
| Windows Print Spooler Remote Code Execution PrintNightmare Vulnerability Leading System Privileges and Running Commands on PCs CVE-2021-34527 | POC Exploit Code Available | 8.8 | Jul 1, 2021 | Windows Server | Link |
Vulnerability
Apple Zero-Day Local Privilege Escalation Vulnerability in the IOMobileFrameBuffer CVE-2021-30807
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Jul 26, 2021
Products
iOS 14.7.1 | iPadOS 14.7.1 | macOS Big Sur 11.5.1 | watchOS 7.6.1
References
Link
Vulnerability
Jira Remote Code Execution (RCE) Missing Authentication Bug in Atlassian CVE-2020-36239
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Jul 21, 2021
Products
Jira Data Center | Jira Service Management Data Center
References
Link
Vulnerability
Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34481
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Jul 15, 2021
Products
Windows Server
References
Link
Vulnerability
Type Confusion Bug in V8 in Google Chrome CVE-2021-30563
Exploitation Status
In-the-wild
CVSSv3
8.8
Release Date
Jul 15, 2021
Products
Google Chrome prior to 91.0.4472.164
References
Link
Vulnerability
Remote Code Execution (RCE) Vulnerability in the SolarWinds Serv-U Product CVE-2021-35211
Exploitation Status
Zero-Day Exploit
CVSSv3
10.0
Release Date
Jul 13, 2021
Products
SolarWinds Serv-U Managed File Transfer | Serv-U Secure FTP for Windows before 15.2.3 HF2
References
Link
Vulnerability
Microsoft Exchange Information Disclosure Vulnerability CVE-2021-33766
Exploitation Status
Unknown
CVSSv3
7.5
Release Date
Jul 13, 2021
Products
Microsoft Exchange Server
References
Link
Vulnerability
Linux Kernel Netfilter Heap Out-Of-Bounds Write Denial-of-Service (DoS) Bug CVE-2021-22555
Exploitation Status
POC Exploit Code Available
CVSSv3
8.3
Release Date
Jul 7, 2021
Products
Linux since v2.6.19-rc1
References
Link
Vulnerability
Microsoft Exchange Server Remote Code Execution ProxyShell Vulnerability CVE-2021-34473
Exploitation Status
Unknown
CVSSv3
9.1
Release Date
Jul 2, 2021
Products
Microsoft Exchange Server
References
Link
Vulnerability
Windows Print Spooler Remote Code Execution PrintNightmare Vulnerability Leading System Privileges and Running Commands on PCs CVE-2021-34527
Exploitation Status
POC Exploit Code Available
CVSSv3
8.8
Release Date
Jul 1, 2021
Products
Windows Server
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| ForgeRock AM Pre-Auth Remote Code Execution (RCE) Vulnerability via the Java Deserialization in the Jato Framework CVE-2021-35464 | POC Exploit Code Available | 9.8 | Jun 29, 2021 | ForgeRock AM server before 7.0 | Link | |
| NVIDIA Trusty Driver Buffer Overflow Vulnerability CVE‑2021‑34372 | Unknown | 8.2 | Jun 22, 2021 | NVIDIA Jetson | Link | |
| Google Chrome Use After Free Bug in BFCache CVE-2021-30544 | Unknown | 9.8 | Jun 9, 2021 | Google Chrome prior to 91.0.4472.101 | Link | |
| Windows NTFS Elevation of Privilege Vulnerability CVE-2021-31956 | In-the-wild | 7.8 | Jun 8, 2021 | Windows Server | Link | |
| Windows MSHTML Platform Remote Code Execution (RCE) Vulnerability CVE-2021-33742 | In-the-wild | 8.8 | Jun 8, 2021 | Windows Server | Link | |
| Local Privilege Escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d) CVE-2021-24489 | Unknown | 8.8 | Jun 8, 2021 | Intel Core Processors | Intel Pentium Processors | Intel Celeron Processors | Intel Atom Processors | Link | |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-33739 | In-the-wild | 8.4 | Jun 8, 2021 | Windows 10 | Link | |
| Windows NTLM Elevation of Privilege Vulnerability CVE-2021-31958 | Unknown | 8.8 | Jun 8, 2021 | Windows Server | Link | |
| Android System Out of Bounds Read and Write due to a Use After Free Elevation-of-Privilege (EoP) Bug CVE-2021-0516 | Unknown | 9.8 | Jun 2, 2021 | AOSP versions 8.1, 9, 10, 11 | Link | |
| Windows Print Spooler Remote Code Execution (RCE) Vulnerability CVE-2021-1675 | Unknown | 8.8 | Jun 1, 2021 | Windows Server | Link |
Vulnerability
ForgeRock AM Pre-Auth Remote Code Execution (RCE) Vulnerability via the Java Deserialization in the Jato Framework CVE-2021-35464
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Jun 29, 2021
Products
ForgeRock AM server before 7.0
References
Link
Vulnerability
NVIDIA Trusty Driver Buffer Overflow Vulnerability CVE‑2021‑34372
Exploitation Status
Unknown
CVSSv3
8.2
Release Date
Jun 22, 2021
Products
NVIDIA Jetson
References
Link
Vulnerability
Google Chrome Use After Free Bug in BFCache CVE-2021-30544
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Jun 9, 2021
Products
Google Chrome prior to 91.0.4472.101
References
Link
Vulnerability
Windows NTFS Elevation of Privilege Vulnerability CVE-2021-31956
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Jun 8, 2021
Products
Windows Server
References
Link
Vulnerability
Windows MSHTML Platform Remote Code Execution (RCE) Vulnerability CVE-2021-33742
Exploitation Status
In-the-wild
CVSSv3
8.8
Release Date
Jun 8, 2021
Products
Windows Server
References
Link
Vulnerability
Local Privilege Escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d) CVE-2021-24489
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Jun 8, 2021
Products
Intel Core Processors | Intel Pentium Processors | Intel Celeron Processors | Intel Atom Processors
References
Link
Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-33739
Exploitation Status
In-the-wild
CVSSv3
8.4
Release Date
Jun 8, 2021
Products
Windows 10
References
Link
Vulnerability
Windows NTLM Elevation of Privilege Vulnerability CVE-2021-31958
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Jun 8, 2021
Products
Windows Server
References
Link
Vulnerability
Android System Out of Bounds Read and Write due to a Use After Free Elevation-of-Privilege (EoP) Bug CVE-2021-0516
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Jun 2, 2021
Products
AOSP versions 8.1, 9, 10, 11
References
Link
Vulnerability
Windows Print Spooler Remote Code Execution (RCE) Vulnerability CVE-2021-1675
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Jun 1, 2021
Products
Windows Server
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Apache Dubbo Pre-Auth Remote Code Execution (RCE) Bug via Java Deserialization in the Generic filter CVE-2021-30179 | POC Exploit Code Available | 9.8 | May 31, 2021 | Dubbo all 2.5.x, 2.6.x and 2.7.x versions | Link | |
| Privilege Escalation Vulnerability in Dell DBUtil Driver CVE-2021-21551 | In-the-wild | 7.8 | May 31, 2021 | DBUtil: 2.3 | Link | |
| VMware vCenter Server Remote Code Execution and Authentication Vulnerabilities in vSphere Client (HTML5) CVE-2021-21985 | CVE-2021-21986 | POC Exploit Code Available | 9.8 | May 26, 2021 | VMware vCenter Server | VMware Cloud Foundation | Link | |
| Apple Multiple Memory Corruption Vulnerability CVE-2021-30734 | POC Exploit Code Available | 8.8 | May 24, 2021 | iOS 14.6 | iPadOS 14.6 | macOS Big Sur 11.5.1 | Safari 14.1.1 | Link | |
| Pulse Connect Secure Buffer Overflow Arbitrary Code Execution (ACE) Bug in Windows File Resource Profiles in 9.X CVE-2021-22908 | Unknown | 8.8 | May 24, 2021 | Pulse Connect Secure versions 9.0Rx and 9.1Rx | Link | |
| McAfee Arbitrary Process Execution Privilege Escalation Bugs CVE-2021-23873 | CVE-2021-23874 | CVE-2021-23875 | CVE-2021-23876 | POC Exploit Code Available | 7.8 | May 24, 2021 | McAfee Total Protection Prior to 16.0.30 | Link | |
| Microsoft Critical Hyper-V Remote Code Execution Vulnerability CVE-2021-28476 | Unknown | 9.9 | May 11, 2021 | Windows Server | Link | |
| Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2021-31166 | Unknown | 9.8 | May 11, 2021 | Windows 10 | Link | |
| Adobe Critical Use After Free Arbitrary code execution Vulnerabilities CVE-2021-28562 | CVE-2021-28550 | CVE-2021-28553 | In-the-wild | 8.8 | May 11, 2021 | Acrobat Reader DC | Link | |
| Privilege Escalation Vulnerability in Linux kernel CVE-2021-3490 | POC Exploit Code Available | 7.8 | May 10, 2021 | Linux kernel Operating System | Link | |
| Critical Authentication Bypass Vulnerability on Python CVE-2021-29921 | Unknown | 9.8 | May 6, 2021 | Python 3.10 | Python 3.9 | Python 3.8 | Link |
Vulnerability
Apache Dubbo Pre-Auth Remote Code Execution (RCE) Bug via Java Deserialization in the Generic filter CVE-2021-30179
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
May 31, 2021
Products
Dubbo all 2.5.x, 2.6.x and 2.7.x versions
References
Link
Vulnerability
Privilege Escalation Vulnerability in Dell DBUtil Driver CVE-2021-21551
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
May 31, 2021
Products
DBUtil: 2.3
References
Link
Vulnerability
VMware vCenter Server Remote Code Execution and Authentication Vulnerabilities in vSphere Client (HTML5) CVE-2021-21985 | CVE-2021-21986
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
May 26, 2021
Products
VMware vCenter Server | VMware Cloud Foundation
References
Link
Vulnerability
Apple Multiple Memory Corruption Vulnerability CVE-2021-30734
Exploitation Status
POC Exploit Code Available
CVSSv3
8.8
Release Date
May 24, 2021
Products
iOS 14.6 | iPadOS 14.6 | macOS Big Sur 11.5.1 | Safari 14.1.1
References
Link
Vulnerability
Pulse Connect Secure Buffer Overflow Arbitrary Code Execution (ACE) Bug in Windows File Resource Profiles in 9.X CVE-2021-22908
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
May 24, 2021
Products
Pulse Connect Secure versions 9.0Rx and 9.1Rx
References
Link
Vulnerability
McAfee Arbitrary Process Execution Privilege Escalation Bugs CVE-2021-23873 | CVE-2021-23874 | CVE-2021-23875 | CVE-2021-23876
Exploitation Status
POC Exploit Code Available
CVSSv3
7.8
Release Date
May 24, 2021
Products
McAfee Total Protection Prior to 16.0.30
References
Link
Vulnerability
Microsoft Critical Hyper-V Remote Code Execution Vulnerability CVE-2021-28476
Exploitation Status
Unknown
CVSSv3
9.9
Release Date
May 11, 2021
Products
Windows Server
References
Link
Vulnerability
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2021-31166
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
May 11, 2021
Products
Windows 10
References
Link
Vulnerability
Adobe Critical Use After Free Arbitrary code execution Vulnerabilities CVE-2021-28562 | CVE-2021-28550 | CVE-2021-28553
Exploitation Status
In-the-wild
CVSSv3
8.8
Release Date
May 11, 2021
Products
Acrobat Reader DC
References
Link
Vulnerability
Privilege Escalation Vulnerability in Linux kernel CVE-2021-3490
Exploitation Status
POC Exploit Code Available
CVSSv3
7.8
Release Date
May 10, 2021
Products
Linux kernel Operating System
References
Link
Vulnerability
Critical Authentication Bypass Vulnerability on Python CVE-2021-29921
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
May 6, 2021
Products
Python 3.10 | Python 3.9 | Python 3.8
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Buffalo Path Traversal Vulnerability in the Web Interfaces Leading to Bypass Authentication CVE-2021-20090 | In-the-wild | 9.8 | Apr 29, 2021 | Buffalo WSR-2533DHPL2 firmware version <= 1.02 | WSR-2533DHP3 firmware version <= 1.24 | Link | |
| Unauthenticated Arbitrary Remote Code Execution Use After Free Bug via License Services in Pulse Connect Secure CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 | In-the-wild | 10.0 | Apr 23, 2021 | Pulse Connect Secure before 9.1R11.4 | Link | |
| Google Out of Bounds Memory Access Vulnerability Allowing a Remote Attacker to Exploit Heap Corruption via a Crafted HTML Page CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 | Unknown | 8.8 | Apr 22, 2021 | V8 in Google Chrome prior to 90.0.4430.85 | Link | |
| Critical Unauthenticated Remote Code Execution (RCE) Bug in Apache Tapestry Bypass of the Fix for CVE-2019-0195 CVE-2021-27850 | POC Exploit Code Available | 9.8 | Apr 15, 2021 | Apache Tapestry versions 5.4.5, 5.5.0, 5.6.2 and 5.7.0 | Link | |
| Denial of Service (DoS) Arbitrary Code Execution (ACE) Bugs in Ubuntu Linux Kernels CVE-2021-3492 | CVE-2021-3493 | Unknown | 7.8 | Apr 15, 2021 | Linux | Link | |
| Multiple Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-28480 | CVE-2021-28481 | CVE-2021-28482 | CVE-2021-28483 | POC Exploit Code Available | 9.8 | Apr 13, 2021 | Microsoft Exchange Server | Link | |
| Windows Zero-Day Win32k Elevation of Privilege Vulnerability in Desktop Window Manager CVE-2021-28310 | In-the-wild | 7.8 | Apr 13, 2021 | Windows 10 | Link | |
| Windows Installer Elevation of Privilege Vulnerability CVE-2021-26415 | POC Exploit Code Available | 7.8 | Apr 13, 2021 | Windows Server | Link | |
| Arbitrary File Write Vulnerability in vRealize Operations Manager API CVE-2021-21975 | POC Exploit Code Available | 7.5 | Apr 13, 2021 | VMware vRealize Operations | Link | |
| WhatsApp Cache Configuration Vulnerability CVE-2021-24027 | POC Exploit Code Available | 7.5 | Apr 6, 2021 | WhatsApp for Android v2.21.4.18 | WhatsApp Business for Android v2.21.4.18 | Link |
Vulnerability
Buffalo Path Traversal Vulnerability in the Web Interfaces Leading to Bypass Authentication CVE-2021-20090
Exploitation Status
In-the-wild
CVSSv3
9.8
Release Date
Apr 29, 2021
Products
Buffalo WSR-2533DHPL2 firmware version <= 1.02 | WSR-2533DHP3 firmware version <= 1.24
References
Link
Vulnerability
Unauthenticated Arbitrary Remote Code Execution Use After Free Bug via License Services in Pulse Connect Secure CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900
Exploitation Status
In-the-wild
CVSSv3
10.0
Release Date
Apr 23, 2021
Products
Pulse Connect Secure before 9.1R11.4
References
Link
Vulnerability
Google Out of Bounds Memory Access Vulnerability Allowing a Remote Attacker to Exploit Heap Corruption via a Crafted HTML Page CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Apr 22, 2021
Products
V8 in Google Chrome prior to 90.0.4430.85
References
Link
Vulnerability
Critical Unauthenticated Remote Code Execution (RCE) Bug in Apache Tapestry Bypass of the Fix for CVE-2019-0195 CVE-2021-27850
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Apr 15, 2021
Products
Apache Tapestry versions 5.4.5, 5.5.0, 5.6.2 and 5.7.0
References
Link
Vulnerability
Denial of Service (DoS) Arbitrary Code Execution (ACE) Bugs in Ubuntu Linux Kernels CVE-2021-3492 | CVE-2021-3493
Exploitation Status
Unknown
CVSSv3
7.8
Release Date
Apr 15, 2021
Products
Linux
References
Link
Vulnerability
Multiple Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-28480 | CVE-2021-28481 | CVE-2021-28482 | CVE-2021-28483
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Apr 13, 2021
Products
Microsoft Exchange Server
References
Link
Vulnerability
Windows Zero-Day Win32k Elevation of Privilege Vulnerability in Desktop Window Manager CVE-2021-28310
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Apr 13, 2021
Products
Windows 10
References
Link
Vulnerability
Windows Installer Elevation of Privilege Vulnerability CVE-2021-26415
Exploitation Status
POC Exploit Code Available
CVSSv3
7.8
Release Date
Apr 13, 2021
Products
Windows Server
References
Link
Vulnerability
Arbitrary File Write Vulnerability in vRealize Operations Manager API CVE-2021-21975
Exploitation Status
POC Exploit Code Available
CVSSv3
7.5
Release Date
Apr 13, 2021
Products
VMware vRealize Operations
References
Link
Vulnerability
WhatsApp Cache Configuration Vulnerability CVE-2021-24027
Exploitation Status
POC Exploit Code Available
CVSSv3
7.5
Release Date
Apr 6, 2021
Products
WhatsApp for Android v2.21.4.18 | WhatsApp Business for Android v2.21.4.18
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Remote Code Execution Vulnerability in Apache OFBiz via Java Deserialization CVE-2021-26295 | POC Exploit Code Available | 9.8 | Mar 22, 2021 | Apache OFBiz | Link | |
| Google Chrome Use After Free and Heap Buffer Overflow Bugs in WebRTC and in Blink CVE-2021-21191 | CVE-2021-21192 | CVE-2021-21193 | In-the-wild | 8.8 | Mar 12, 2021 | Google Chrome prior to 89.0.4389.90 | Link | |
| Windows Graphics Component Elevation of Privilege Vulnerability CVE-2021-26868 | Unknown | 7.8 | Mar 9, 2021 | Windows 10 | Link | |
| Internet Explorer Memory Corruption Vulnerability CVE-2021-26411 | In-the-wild | 8.8 | Mar 9, 2021 | Internet Explorer | Microsoft Edge | Link | |
| Microsoft ProxyLogon Exchange Server Remote Code Execution Vulnerabilities CVE-2021-26855 | CVE-2021-26857 | CVE-2021-26858 | CVE-2021-27065 | In-the-wild | 9.8 | Mar 2, 2021 | Microsoft Exchange Server | Link | |
| VMware Remote Code Execution (RCE) Vulnerability Leading to Arbitrary File Upload in Logupload Web Application CVE-2021-22987 | Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link | |
| BIG-IP Appliance Mode TMUI Authenticated Remote Command Execution Bug CVE-2021-22987 | Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link |
Vulnerability
Remote Code Execution Vulnerability in Apache OFBiz via Java Deserialization CVE-2021-26295
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Mar 22, 2021
Products
Apache OFBiz
References
Link
Vulnerability
Google Chrome Use After Free and Heap Buffer Overflow Bugs in WebRTC and in Blink CVE-2021-21191 | CVE-2021-21192 | CVE-2021-21193
Exploitation Status
In-the-wild
CVSSv3
8.8
Release Date
Mar 12, 2021
Products
Google Chrome prior to 89.0.4389.90
References
Link
Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability CVE-2021-26868
Exploitation Status
Unknown
CVSSv3
7.8
Release Date
Mar 9, 2021
Products
Windows 10
References
Link
Vulnerability
Internet Explorer Memory Corruption Vulnerability CVE-2021-26411
Exploitation Status
In-the-wild
CVSSv3
8.8
Release Date
Mar 9, 2021
Products
Internet Explorer | Microsoft Edge
References
Link
Vulnerability
Microsoft ProxyLogon Exchange Server Remote Code Execution Vulnerabilities CVE-2021-26855 | CVE-2021-26857 | CVE-2021-26858 | CVE-2021-27065
Exploitation Status
In-the-wild
CVSSv3
9.8
Release Date
Mar 2, 2021
Products
Microsoft Exchange Server
References
Link
Vulnerability
VMware Remote Code Execution (RCE) Vulnerability Leading to Arbitrary File Upload in Logupload Web Application CVE-2021-22987
Exploitation Status
Unknown
CVSSv3
9.9
Release Date
Mar 2, 2021
Products
BIG-IP
References
Link
Vulnerability
BIG-IP Appliance Mode TMUI Authenticated Remote Command Execution Bug CVE-2021-22987
Exploitation Status
Unknown
CVSSv3
9.9
Release Date
Mar 2, 2021
Products
BIG-IP
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Windows TCP/IP Denial of Service (DoS) Vulnerability CVE-2021-24086 | POC Exploit Code Available | 7.5 | Feb 29, 2021 | Windows 10 | Link | |
| Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability CVE-2021- 1361 | Unknown | 9.1 | Feb 24, 2021 | Cisco NX-OS Software 9.3(5) and 9.3(6) | Link | |
| Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities CVE-2021-21972 | CVE-2021-21973 | CVE-2021-21974 | POC Exploit Code Available | 9.8 | Feb 23, 2021 | VMware ESXi | VMware vCenter Server | VMware Cloud Foundation | Link | |
| Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities CVE-2021-27101 | CVE-2021-27102 | CVE-2021-27103 | CVE-2021-27104 | Unknown | 9.8 | Feb 16, 2021 | Accellion FTA 9_12_370 and earlier | Link | |
| Adobe Heap-Based Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability CVE-2021-21017 | In-the-wild | 8.8 | Feb 11, 2021 | Acrobat Reader DC | Link | |
| VMware Post-Authentication OS Command Injection Remote Code execution (RCE) Bug CVE-2021-21976 | Unknown | 7.2 | Feb 11, 2021 | vSphere Replication | Link | |
| Windows TCP/IP Remote Code Execution Vulnerability CVE-2021-24074 | CVE-2021-24094 | POC Exploit Code Available | 9.8 | Feb 9, 2021 | Windows 10 | Link | |
| Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 | In-the-wild | 7.8 | Feb 9, 2021 | Windows 10 | Link | |
| Google Chrome Heap Buffer Overflow Remote Code execution (RCE) Vulnerability CVE-2021-21148 | In-the-wild | 8.8 | Feb 9, 2021 | Google Chrome prior to 88.0.4324.150 | Link | |
| Remote Code Execution (RCE) Bug in SAP Commerce CVE-2021-21477 | Unknown | 9.9 | Feb 9, 2021 | SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 | Link |
Vulnerability
Windows TCP/IP Denial of Service (DoS) Vulnerability CVE-2021-24086
Exploitation Status
POC Exploit Code Available
CVSSv3
7.5
Release Date
Feb 29, 2021
Products
Windows 10
References
Link
Vulnerability
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability CVE-2021- 1361
Exploitation Status
Unknown
CVSSv3
9.1
Release Date
Feb 24, 2021
Products
Cisco NX-OS Software 9.3(5) and 9.3(6)
References
Link
Vulnerability
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities CVE-2021-21972 | CVE-2021-21973 | CVE-2021-21974
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Feb 23, 2021
Products
VMware ESXi | VMware vCenter Server | VMware Cloud Foundation
References
Link
Vulnerability
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities CVE-2021-27101 | CVE-2021-27102 | CVE-2021-27103 | CVE-2021-27104
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Feb 16, 2021
Products
Accellion FTA 9_12_370 and earlier
References
Link
Vulnerability
Adobe Heap-Based Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability CVE-2021-21017
Exploitation Status
In-the-wild
CVSSv3
8.8
Release Date
Feb 11, 2021
Products
Acrobat Reader DC
References
Link
Vulnerability
VMware Post-Authentication OS Command Injection Remote Code execution (RCE) Bug CVE-2021-21976
Exploitation Status
Unknown
CVSSv3
7.2
Release Date
Feb 11, 2021
Products
vSphere Replication
References
Link
Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability CVE-2021-24074 | CVE-2021-24094
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Feb 9, 2021
Products
Windows 10
References
Link
Vulnerability
Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Feb 9, 2021
Products
Windows 10
References
Link
Vulnerability
Google Chrome Heap Buffer Overflow Remote Code execution (RCE) Vulnerability CVE-2021-21148
Exploitation Status
In-the-wild
CVSSv3
8.8
Release Date
Feb 9, 2021
Products
Google Chrome prior to 88.0.4324.150
References
Link
Vulnerability
Remote Code Execution (RCE) Bug in SAP Commerce CVE-2021-21477
Exploitation Status
Unknown
CVSSv3
9.9
Release Date
Feb 9, 2021
Products
SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011
References
Link
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References | |
|---|---|---|---|---|---|---|
| Sudo Off-by-One Heap-Based Buffer Overflow Privilege Escalation Bug CVE-2021-3156 | In-the-wild | 7.8 | Jan 29, 2021 | Sudo before 1.9.5p2 | Link | |
| Apache Druid Arbitrary User-Provided JavaScript Code Execution Bug CVE-2021-25646 | POC Exploit Code Available | 8.8 | Jan 29, 2021 | Apache Druid | Link | |
| Oracle Fusion Middleware Easily Exploitable Bug Leading Network Access via HTTP to Compromise Oracle WebLogic Server CVE-2021-2109 | POC Exploit Code Available | 7.2 | Jan 20, 2021 | Oracle WebLogic Server | Link | |
| Python 3 Heap Buffer Overflow Remote Code execution (RCE) Bug CVE-2021-3177 | Unknown | 8.8 | Jan 19, 2021 | Python 3.10, 3.9, 3.8, 3.7, 3.6 | Link | |
| Cisco Connected Mobile Experiences (CMX) Privilege Escalation Vulnerability CVE-2021-1144 | Unknown | 8.8 | Jan 13, 2021 | Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2 | Link | |
| Microsoft Defender Remote Code Execution Vulnerability CVE-2021-1647 | In-the-wild | 7.8 | Jan 12, 2021 | Windows Defender | Link | |
| Lavarel Ignition Unauthenticated Arbitrary Remote Code Execution Vulnerability CVE-2021-3129 | POC Exploit Code Available | 9.8 | Jan 12, 2021 | Laravel before 8.4.2 | Link | |
| Android Out of Bounds Write Remote Code Execution Vulnerability CVE-2021-3007 | Unknown | 9.8 | Jan 4, 2021 | AOSP 8.0, 8.1, 9, 10, 11 | Link |
Vulnerability
Sudo Off-by-One Heap-Based Buffer Overflow Privilege Escalation Bug CVE-2021-3156
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Jan 29, 2021
Products
Sudo before 1.9.5p2
References
Link
Vulnerability
Apache Druid Arbitrary User-Provided JavaScript Code Execution Bug CVE-2021-25646
Exploitation Status
POC Exploit Code Available
CVSSv3
8.8
Release Date
Jan 29, 2021
Products
Apache Druid
References
Link
Vulnerability
Oracle Fusion Middleware Easily Exploitable Bug Leading Network Access via HTTP to Compromise Oracle WebLogic Server CVE-2021-2109
Exploitation Status
POC Exploit Code Available
CVSSv3
7.2
Release Date
Jan 20, 2021
Products
Oracle WebLogic Server
References
Link
Vulnerability
Python 3 Heap Buffer Overflow Remote Code execution (RCE) Bug CVE-2021-3177
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Jan 19, 2021
Products
Python 3.10, 3.9, 3.8, 3.7, 3.6
References
Link
Vulnerability
Cisco Connected Mobile Experiences (CMX) Privilege Escalation Vulnerability CVE-2021-1144
Exploitation Status
Unknown
CVSSv3
8.8
Release Date
Jan 13, 2021
Products
Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2
References
Link
Vulnerability
Microsoft Defender Remote Code Execution Vulnerability CVE-2021-1647
Exploitation Status
In-the-wild
CVSSv3
7.8
Release Date
Jan 12, 2021
Products
Windows Defender
References
Link
Vulnerability
Lavarel Ignition Unauthenticated Arbitrary Remote Code Execution Vulnerability CVE-2021-3129
Exploitation Status
POC Exploit Code Available
CVSSv3
9.8
Release Date
Jan 12, 2021
Products
Laravel before 8.4.2
References
Link
Vulnerability
Android Out of Bounds Write Remote Code Execution Vulnerability CVE-2021-3007
Exploitation Status
Unknown
CVSSv3
9.8
Release Date
Jan 4, 2021
Products
AOSP 8.0, 8.1, 9, 10, 11
References
Link
