We use cookies to ensure you get the best experience. See our platform Terms and Privacy Policy.
SOCRadar, the Extended Cyber Threat Intelligence (XTI) platform, provides vulnerability intelligence for the security operations team, who can search for recent critical vulnerabilities exploited in the wild by the threat actors. SOCRadar also provides an External Attack Surface Management suite that helps cybersecurity teams to identify vulnerable assets in their internet-facing network. We select and display critical vulnerabilities below that are popular in the hacker community.
Get free access to SOCRadar XTI to start using vulnerability intelligence now.
Vulnerability | CVSSv3 | Release Date | Products | References |
Netgear RAX50 Certificate Validation curl_post certificate validation | 7.7 | 07/01/2023 | Netgear | Link |
D-Link DIR-X3260 prog.cgi SOAPAction command injection | 8.4 | 07/01/2023 | D-Link | Link |
Netgear RAX30 UPnP command injection | 8.4 | 07/01/2023 | Netgear | Link |
Hero Qubo Telnet Service missing authentication | 8.2 | 07/04/2023 | Hero | Link |
NVIDIA Virtual GPU Manager vGPU software improper authorization | 7.8 | 07/04/2023 | NVIDIA | Link |
Qualcomm 315 5G IoT Modem WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link |
Qualcomm QCA9898 Data Modem memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link |
Qualcomm AR8035 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link |
Qualcomm 315 5G IoT Modem Audio memory corruption | 7.9 | 07/04/2023 | Qualcomm | Link |
Qualcomm QCN9074 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link |
Qualcomm QCA9994 VX memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link |
Qualcomm QCN9012 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link |
Qualcomm FastConnect 6700 Audio memory corruption | 7.9 | 07/04/2023 | Qualcomm | Link |
Samsung Smart Phone RILD RmtUimNeedApdu out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link |
Samsung Smart Phone RILD IpcRxUsimPhoneBookCapa out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link |
Samsung Smart Phone RILD BroadcastSmsConfig out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link |
Samsung Smart Phone RILD IpcRxIncomingCBMsg out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link |
Samsung Smart Phone RILD CdmaSmsParser out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link |
Huawei EMUI/Magic UI uinput use after free | 7.8 | 07/06/2023 | Huawei | Link |
PiiGAB M-Bus SoftwarePack 900S hard-coded credentials | 9.4 | 07/06/2023 | PiiGAB | Link |
PiiGAB M-Bus SoftwarePack 900S code injection | 8.4 | 07/06/2023 | PiiGAB | Link |
Mastodon Media File path traversal | 7.9 | 07/06/2023 | Mastodon | Link |
authentik Header interpretation conflict | 7.6 | 07/06/2023 | authentik | Link |
Linux Kernel UDF Filesystem Image super.c udf_put_super use after free | 7.8 | 07/06/2023 | Linux | Link |
openSUSE Tumbleweed hawk2 permission | 7.8 | 07/07/2023 | openSUSE | Link |
MuJS Regexp Source Property denial of service | 7.5 | 07/08/2023 | MuJS | Link |
OpenComputers Metadata Services API Endpoint server-side request forgery | 7.8 | 07/08/2023 | OpenComputers | Link |
OpenComputers server-side request forgery | 7.8 | 07/08/2023 | OpenComputers | Link |
SmartSoft SmartBPM.NET hard-coded credentials | 8.2 | 07/10/2023 | SmartSoft | Link |
SmartSoft SmartBPM.NET hard-coded credentials | 8.5 | 07/10/2023 | SmartSoft | Link |
IBM DB2 Executable File unquoted search path | 7.9 | 07/10/2023 | IBM | Link |
IBM DB2 db2set memory corruption | 8.9 | 07/10/2023 | IBM | Link |
SICK ICR890-4 Setting access control | 7.5 | 07/10/2023 | SICK | Link |
OSNEXUS QuantaStor privileges management | 7.5 | 07/10/2023 | OSNEXUS | Link |
OSNEXUS QuantaStor Alerts Management Dialog command injection | 8.0 | 07/10/2023 | OSNEXUS | Link |
OSNEXUS QuantaStor API os command injection | 8.1 | 07/10/2023 | OSNEXUS | Link |
Tise Parking Web Report sql injection | 8.4 | 07/10/2023 | Tise | Link |
Softmed SelfPatron sql injection | 8.4 | 07/10/2023 | Softmed | Link |
Yontem Vehicle Tracking System sql injection | 8.4 | 07/10/2023 | Yontem | Link |
SAP Web Dispatcher memory corruption | 7.7 | 07/11/2023 | SAP | Link |
SAP NetWeaver ABAP Function Module os command injection | 8.0 | 07/11/2023 | SAP | Link |
BlueMark Innovations DroneScout ds230 Remote ID Receiver ODID Message information loss or omission | 9.0 | 07/11/2023 | BlueMark | Link |
BlueMark Innovations DroneScout ds230 Remote ID Receiver Firmware improper authentication | 8.1 | 07/11/2023 | BlueMark | Link |
Siemens Tecnomatix Plant Simulation STP File type confusion | 7.6 | 07/11/2023 | Siemens | Link |
Siemens Tecnomatix Plant Simulation SPP File stack-based overflow | 7.6 | 07/11/2023 | Siemens | Link |
Siemens Tecnomatix Plant Simulation STP File stack-based overflow | 7.6 | 07/11/2023 | Siemens | Link |
Siemens Tecnomatix Plant Simulation PAR File out-of-bounds write | 7.6 | 07/11/2023 | Siemens | Link |
Siemens Tecnomatix Plant Simulation PAR File heap-based overflow | 7.6 | 07/11/2023 | Siemens | Link |
Siemens Tecnomatix Plant Simulation PRT File heap-based overflow | 7.6 | 07/11/2023 | Siemens | Link |
Siemens SIMATIC allocation of resources | 7.9 | 07/11/2023 | Siemens | Link |
Siemens SIMATIC CN 4100 Configuration File access control | 9.1 | 07/11/2023 | Siemens | Link |
Siemens RUGGEDCOM ROX SCEP CA Certificate Name the command injection | 8.0 | 07/11/2023 | Siemens | Link |
Siemens RUGGEDCOM ROX SCEP Server Configuration command injection | 8.0 | 07/11/2023 | Siemens | Link |
Siemens RUGGEDCOM ROX Web Interface command injection | 8.0 | 07/11/2023 | Siemens | Link |
Siemens RUGGEDCOM ROX URL Parameter upgrade-app command injection | 8.0 | 07/11/2023 | Siemens | Link |
Siemens RUGGEDCOM ROX URL Parameter command injection | 8.0 | 07/11/2023 | Siemens | Link |
Siemens RUGGEDCOM ROX URL Parameter command injection | 8.0 | 07/11/2023 | Siemens | Link |
Technicolor TG670 hard-coded credentials | 7.9 | 07/11/2023 | Technicolor | Link |
Panasonic Control FPWIN Pro memory corruption | 7.5 | 07/11/2023 | Panasonic | Link |
Panasonic Control FPWIN Pro type confusion | 7.5 | 07/11/2023 | Panasonic | Link |
Panasonic Control FPWIN Pro stack-based overflow | 7.5 | 07/11/2023 | Panasonic | Link |
Decidim Query Parameter deserialization | 7.8 | 07/11/2023 | Decidim | Link |
Zoom Rooms untrusted search path | 7.8 | 07/11/2023 | Zoom | Link |
Microsoft Windows Routing/Remote Access Service Remote Code Execution | 8.5 | 07/11/2023 | Microsoft | Link |
Microsoft Windows Routing/Remote Access Service Remote Code Execution | 8.5 | 07/11/2023 | Microsoft | Link |
Microsoft Windows Routing/Remote Access Service Remote Code Execution | 8.5 | 07/11/2023 | Microsoft | Link |
Microsoft Windows Kernel Local Privilege Escalation | 7.7 | 07/11/2023 | Microsoft | Link |
Citrix Secure Access Client Local Privilege Escalation | 7.5 | 07/11/2023 | Citrix | Link |
Rockwell Automation 1756-EN4 CIP Message denial of service | 7.5 | 07/12/2023 | Rockwell | Link |
Rockwell Automation 1756 EN2/1756 EN3 CIP Message out-of-bounds write | 9.8 | 07/12/2023 | Rockwell | Link |
Adobe ColdFusion deserialization | 8.4 | 07/12/2023 | Adobe | Link |
Cisco SD-WAN vManage REST API access control | 9.4 | 07/12/2023 | Cisco | Link |
Elecom WRC-1167GHBK-S Request os command injection | 8.0 | 07/13/2023 | Elecom | Link |
SonicWALL GMS/Analytics os command injection | 8.0 | 07/13/2023 | SonicWALL | Link |
Bullwark path traversal | 7.8 | 07/13/2023 | Bullwark | Link |
Lisa Florist Site sql injection | 8.4 | 07/13/2023 | Lisa | Link |
Elra Parkmatik Command Line sql injection | 8.5 | 07/13/2023 | Elra | Link |
Honeywell Controller Message buffer overflow | 9.8 | 07/13/2023 | Honeywell | Link |
Honeywell Controller Message stack-based overflow | 9.8 | 07/13/2023 | Honeywell | Link |
Honeywell Experion Server/Experion PKS Console Station out-of-bounds write | 9.8 | 07/13/2023 | Honeywell | Link |
Honeywell Controller data authenticity | 9.8 | 07/13/2023 | Honeywell | Link |
VegaGroup Web Collection sql injection | 8.4 | 07/13/2023 | VegaGroup | Link |
Unitronics Vision1210 PCOM Protocol malicious code | 9.5 | 07/13/2023 | Unitronics | Link |
Belkin Wemo Smart Plug WSP080 Firmware File signature verification | 7.7 | 07/13/2023 | Belkin | Link |
vm2 sandbox | 9.5 | 07/13/2023 | vm2 | Link |
Netgear ProSAFE Network Management System SettingConfigController Privilege Escalation | 8.4 | 07/14/2023 | Netgear | Link |
Netgear ProSAFE Network Management System UpLoadServlet unrestricted upload | 9.4 | 07/14/2023 | Netgear | Link |
Netgear ProSAFE Network Management System BkreProcessThread Privilege Escalation | 8.4 | 07/14/2023 | Netgear | Link |
Netgear ProSAFE Network Management System MFileUploadController unrestricted upload | 8.4 | 07/14/2023 | Netgear | Link |
Razer RazerCentral RazerCentralSerivce Named Pipe privileges management | 7.8 | 07/14/2023 | Razer | Link |
Panda Security VPN PANDAVPN.exe uncontrolled search path | 7.5 | 07/14/2023 | Panda | Link |
Razer RazerCentral RazerCentralSerivce Named Pipe privileges management | 7.8 | 07/14/2023 | Razer | Link |
XWiki Platform SkinsCode.XWikiSkinsSheet neutralization of directives | 7.9 | 07/15/2023 | XWiki | Link |
IBM Performance Tools for i Command Line privileges management | 7.9 | 07/17/2023 | IBM | Link |
IBM i Command Line privileges management | 7.9 | 07/17/2023 | IBM | Link |
Zekiweb sql injection | 8.4 | 07/17/2023 | Zekiweb | Link |
Zyxel ATP/USG FLEX/VPN Access Point Management os command injection | 8.0 | 07/18/2023 | Zyxel | Link |
pixman stress-test pixman-combine-float.c combine_inner Privilege Escalation | 8.0 | 07/18/2023 | pixman | Link |
wolfSSL Key input validation | 8.0 | 07/18/2023 | wolfSSL | Link |
Zyxel USG FLEX/VPN Free Time WiFi Hotspot os command injection | 8.8 | 07/18/2023 | Zyxel | Link |
Zyxel ATP/USG FLEX/VPN os command injection | 8.0 | 07/18/2023 | Zyxel | Link |
Zyxel ATP/USG FLEX/VPN GRE Configuration os command injection | 8.8 | 07/18/2023 | Zyxel | Link |
Zyxel ATP/USG FLEX/VPN PPPoE Configuration format string | 8.8 | 07/18/2023 | Zyxel | Link |
Zyxel ATP/USG FLEX Configuration Parser os command injection | 8.8 | 07/18/2023 | Zyxel | Link |
Keysight Geolocation Server path traversal | 7.5 | 07/18/2023 | Keysight | Link |
Keysight Geolocation Server ZIP File routine | 7.5 | 07/18/2023 | Keysight | Link |
GeoVision GV-ADR2701 Web Application improper authentication | 9.4 | 07/18/2023 | GeoVision | Link |
Tesla Model 3 Firmware code download | 7.6 | 07/18/2023 | Tesla | Link |
Citrix ADC/Gateway code injection | 9.4 | 07/18/2023 | Citrix | Link |
Citrix ADC/Gateway Management Interface privileges management | 7.6 | 07/18/2023 | Citrix | Link |
Kratos NGC-IDU TCP Request command injection | 8.8 | 07/18/2023 | Kratos | Link |
1Panel HTTP Request ip os command injection | 7.8 | 07/18/2023 | 1Panel | Link |
Payplug Module ajax.php sql injection | 8.5 | 07/18/2023 | Payplug | Link |
Oracle Siebel CRM EAI Remote Code Execution | 9.4 | 07/19/2023 | Oracle | Link |
Oracle Retail Advanced Inventory Planning Operations/Maintenance Remote Code Execution | 9.4 | 07/19/2023 | Oracle | Link |
Oracle PeopleSoft Enterprise PeopleTools Portal Local Privilege Escalation | 8.0 | 07/19/2023 | Oracle | Link |
Oracle PeopleSoft Enterprise PeopleTools Elastic Search Remote Code Execution | 9.4 | 07/19/2023 | Oracle | Link |
mlflow absolute path traversal | 8.5 | 07/19/2023 | mlflow | Link |
IBM Security Guardium permission | 7.9 | 07/19/2023 | IBM | Link |
Atlassian Confluence Server/Data Center Privilege Escalation | 7.8 | 07/19/2023 | Atlassian | Link |
Oracle VM VirtualBox Core Remote Code Execution | 7.7 | 07/19/2023 | Oracle | Link |
Oracle Utilities Testing Accelerator Tools Remote Code Execution | 9.4 | 07/19/2023 | Oracle | Link |
Oracle Utilities Testing Accelerator Tools Remote Code Execution | 9.4 | 07/19/2023 | Oracle | Link |
Oracle Solaris Device Driver Interface Local Privilege Escalation | 7.5 | 07/19/2023 | Oracle | Link |
MikroTik RouterOS Winbox/HTTP Interface privileges management | 8.1 | 07/19/2023 | MikroTik | Link |
Grub2 HTTP Header out-of-bounds write | 7.9 | 07/20/2023 | Grub2 | Link |
TIBCO EBX Add-ons Data Exchange Add-on sql injection | 7.5 | 07/20/2023 | TIBCO | Link |
Infinity Document On-line Submission and Approval System unrestricted upload | 9.8 | 07/20/2023 | Infinity | Link |
Grub2 IP Packet grub_net_recv_ip4_packets integer underflow | 7.9 | 07/20/2023 | Grub2 | Link |
Avaya Aura Device Services Web Application unrestricted upload | 7.9 | 07/20/2023 | Avaya | Link |
OpenIdentity OpenAM SAML improper authentication | 8.0 | 07/20/2023 | OpenIdentity | Link |
HGiga iSherlock os command injection | 9.6 | 07/21/2023 | HGiga | Link |
Asus RT-AX56U V2/RT-AC86U cm_processChangedConfigMsg format string | 9.8 | 07/21/2023 | Asus | Link |
vm2 Custom Inspection os command injection | 7.7 | 07/21/2023 | vm2 | Link |
KubeOperator KubePi privileges management | 7.5 | 07/22/2023 | KubeOperator | Link |
Open Babel translationVectors Parser memory corruption | 8.4 | 07/22/2023 | Open | Link |
Open Babel translationVectors Parser memory corruption | 8.4 | 07/22/2023 | Open | Link |
Open Babel translationVectors Parser memory corruption | 8.4 | 07/22/2023 | Open | Link |
Open Babel translationVectors Parser memory corruption | 8.4 | 07/22/2023 | Open | Link |
Open Babel translationVectors Parser memory corruption | 8.4 | 07/22/2023 | Open | Link |
Open Babel ORCA Format heap-based overflow | 8.4 | 07/22/2023 | Open | Link |
Open Babel ORCA Format heap-based overflow | 8.4 | 07/22/2023 | Open | Link |
Open Babel PQS Format uninitialized pointer | 8.4 | 07/22/2023 | Open | Link |
Open Babel MSI Format Atom uninitialized pointer | 8.4 | 07/22/2023 | Open | Link |
Open Babel MOL2 Format Attribute memory corruption | 7.6 | 07/22/2023 | Open | Link |
Open Babel PQS Format coord_file memory corruption | 8.4 | 07/22/2023 | Open | Link |
Open Babel RO Format uninitialized pointer | 8.4 | 07/22/2023 | Open | Link |
Open Babel CSR Format Title buffer overflow | 8.4 | 07/22/2023 | Open | Link |
Linux Kernel net-sched cls_fw.c fw_set_parms use after free | 7.6 | 07/22/2023 | Linux | Link |
Linux Kernel net-sched sch_qfq.c qfq_change_agg out-of-bounds write | 7.6 | 07/22/2023 | Linux | Link |
Linux Kernel Netfilter nf_tables use after free | 7.6 | 07/22/2023 | Linux | Link |
Linux Kernel net-sched cls_u32.c tcf_change_indev use after free | 7.6 | 07/22/2023 | Linux | Link |
Pointware EasyInventory Easy2W.exe unquoted search path | 7.5 | 07/22/2023 | Pointware | Link |
Linux Kernel TUN Device Driver tun.c tun_napi_alloc_frags out-of-bounds | 7.6 | 07/24/2023 | Linux | Link |
NodeBB Export Code path traversal | 8.5 | 07/25/2023 | NodeBB | Link |
Biltay Scienta sql injection | 8.4 | 07/25/2023 | Biltay | Link |
Vasion PrinterLogic Client Installation/Repair untrusted search path | 7.5 | 07/25/2023 | Vasion | Link |
Ivanti Endpoint Manager Mobile improper authentication | 9.7 | 07/25/2023 | Ivanti | Link |
Apple watchOS Kernel memory corruption | 7.5 | 07/25/2023 | Apple | Link |
Apple watchOS Kernel memory corruption | 7.5 | 07/25/2023 | Apple | Link |
Apple watchOS Apple Neural Engine memory corruption | 7.5 | 07/25/2023 | Apple | Link |
Apple watchOS Apple Neural Engine memory corruption | 7.5 | 07/25/2023 | Apple | Link |
Apple iOS/iPadOS libxpc path traversal | 7.5 | 07/25/2023 | Apple | Link |
Apple iOS/iPadOS Kernel use after free | 7.5 | 07/25/2023 | Apple | Link |
Apple iOS/iPadOS Kernel use after free | 7.5 | 07/25/2023 | Apple | Link |
Apple iOS/iPadOS Kernel use after free | 7.5 | 07/25/2023 | Apple | Link |
Apple iOS/iPadOS Kernel memory corruption | 7.5 | 07/25/2023 | Apple | Link |
Apple iOS/iPadOS Kernel memory corruption | 7.5 | 07/25/2023 | Apple | Link |
Apple iOS/iPadOS Kernel memory corruption | 7.5 | 07/25/2023 | Apple | Link |
Infodrom E-Invoice Approval System sql injection | 8.4 | 07/25/2023 | Infodrom | Link |
Axis A1001 OSDP heap-based overflow | 8.0 | 07/25/2023 | Axis | Link |
Ubuntu Linux overlayfs ovl_copy_up_meta_inode_data permission | 7.8 | 07/26/2023 | Ubuntu | Link |
Ubuntu Linux overlayfs authorization | 7.8 | 07/26/2023 | Ubuntu | Link |
Envoy HTTP2 input validation | 7.6 | 07/26/2023 | Envoy | Link |
Envoy HMAC escape output | 7.8 | 07/26/2023 | Envoy | Link |
Paddle fs.py os command injection | 7.8 | 07/26/2023 | Paddle | Link |
ASUS Armoury Crate SetupAsusServices unquoted search path | 7.8 | 07/26/2023 | ASUS | Link |
InstaWP Connect Plugin Setting events_receiver authorization | 8.4 | 07/27/2023 | InstaWP | Link |
Mitsubishi Electric M8V/M8/C80/IoT Unit Packet buffer overflow | 9.2 | 07/27/2023 | Mitsubishi | Link |
jgraph drawio os command injection | 7.7 | 07/27/2023 | jgraph | Link |
jgraph drawio os command injection | 9.0 | 07/27/2023 | jgraph | Link |
Crossplane Package input validation | 7.7 | 07/27/2023 | Crossplane | Link |
Red Hat OpenStack privileges assignment | 7.8 | 07/27/2023 | Red | Link |
ARM Compiler 5, Compiler 6, Compiler for Embedded, Compiler for Embedded FuSa, Compiler for Linux, Development Studio, Development Studio Morello Edition, Forge, Mobile Studio, DS-5 Development Studio, Fast Models, GNU Toolchain, Installer Vulnerabilities, Keil MDK, Socrates permission | 7.8 | 07/28/2023 | ARM | Link |
Arm Compiler 5 Installer untrusted search path | 7.8 | 07/28/2023 | Arm | Link |
Apple macOS out-of-bounds write | 7.5 | 07/28/2023 | Apple | Link |
Apple tvOS out-of-bounds write | 7.5 | 07/28/2023 | Apple | Link |
Apple watchOS out-of-bounds write | 7.5 | 07/28/2023 | Apple | Link |
Apple iOS/iPadOS out-of-bounds write | 7.5 | 07/28/2023 | Apple | Link |
Apple macOS use after free | 7.5 | 07/28/2023 | Apple | Link |
Apple tvOS use after free | 7.5 | 07/28/2023 | Apple | Link |
Apple watchOS use after free | 7.5 | 07/28/2023 | Apple | Link |
Apple iOS/iPadOS use after free | 7.5 | 07/28/2023 | Apple | Link |
Apple macOS out-of-bounds | 7.5 | 07/28/2023 | Apple | Link |
Apple iOS/iPadOS out-of-bounds | 7.5 | 07/28/2023 | Apple | Link |
Apple macOS integer overflow | 7.5 | 07/28/2023 | Apple | Link |
Apple tvOS integer overflow | 7.5 | 07/28/2023 | Apple | Link |
Apple watchOS integer overflow | 7.5 | 07/28/2023 | Apple | Link |
Apple iOS/iPadOS integer overflow | 7.5 | 07/28/2023 | Apple | Link |
Apple macOS memory corruption | 7.5 | 07/28/2023 | Apple | Link |
Apple watchOS memory corruption | 7.5 | 07/28/2023 | Apple | Link |
Apple iOS/iPadOS memory corruption | 7.5 | 07/28/2023 | Apple | Link |
Adtran SR400ac Ping Command command injection | 8.4 | 07/29/2023 | Adtran | Link |
Heights Telecom ERO1xS-Pro Dual-Band Remote Code Execution | 9.8 | 07/30/2023 | Heights | Link |
Synel Synergy Fingerprint Terminal os command injection | 8.8 | 07/30/2023 | Synel | Link |
Synel Synergy Fingerprint Terminal hard-coded credentials | 9.8 | 07/30/2023 | Synel | Link |
ASUS RT-AX88U httpd ej.c do_json_decode out-of-bounds | 7.5 | 07/31/2023 | ASUS | Link |
ASUS RT-AX88U httpd web.c out-of-bounds | 7.5 | 07/31/2023 | ASUS | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
Deno/deno_runtime node:http/node:https privileges management | 7.8 | 06/01/2023 | Deno/deno_runtime | Link |
Linux Kernel xfs_btree.c xfs_btree_lookup_get_block use after free | 7.6 | 06/01/2023 | Linux | Link |
VIPRE Antivirus Plus link following | 7.8 | 06/01/2023 | VIPRE | Link |
VIPRE Antivirus Plus SetPrivateConfig path traversal | 7.8 | 06/01/2023 | VIPRE | Link |
VIPRE Antivirus Plus DeleteHistoryFile path traversal | 7.8 | 06/01/2023 | VIPRE | Link |
VIPRE Antivirus Plus TelFileTransfer link following | 7.8 | 06/01/2023 | VIPRE | Link |
VIPRE Antivirus Plus FPQuarTransfer link following | 7.8 | 06/01/2023 | VIPRE | Link |
Gallagher Controller 6000 Controller Diagnostic Web Interface buffer overflow | 8.0 | 06/01/2023 | Gallagher | Link |
Sprecher SPRECON-E CPU hard-coded credentials | 9.8 | 06/01/2023 | Sprecher | Link |
Hangzhou Hopechart HQT401 MQTT improper authentication | 7.9 | 06/01/2023 | Hangzhou | Link |
SUSE Rancher privileges management | 7.9 | 06/01/2023 | SUSE | Link |
SUSE Rancher Azure AD privileges management | 7.8 | 06/01/2023 | SUSE | Link |
Dell OS Recovery Tool access control | 7.6 | 06/01/2023 | Dell | Link |
Brook tproxy Server os command injection | 8.6 | 06/01/2023 | Brook | Link |
DataEase Datasource deserialization | 8.4 | 06/01/2023 | DataEase | Link |
Erikoglu ErMon sql injection | 9.6 | 06/02/2023 | Erikoglu | Link |
Hitron CODA-5310 System Configuration Interface missing authentication | 8.5 | 06/02/2023 | Hitron | Link |
Hitron CODA-5310 Telnet hard-coded credentials | 9.8 | 06/02/2023 | Hitron | Link |
Wade Graphic Design FANTSY URL Parameter authorization | 9.8 | 06/02/2023 | Wade | Link |
Wade Graphic Design FANTSY unrestricted upload | 7.5 | 06/02/2023 | Wade | Link |
ARM Mali GPU Kernel Driver use after free | 7.5 | 06/02/2023 | ARM | Link |
Furbo Dog Camera Device Log Management command injection | 9.3 | 06/02/2023 | Furbo | Link |
Asus RT-AC86U Web URL os command injection | 8.8 | 06/02/2023 | Asus | Link |
Elite Technology Web Fax Login Page sql injection | 8.5 | 06/02/2023 | Elite | Link |
SGUDA U-Lock API authorization | 7.5 | 06/02/2023 | SGUDA | Link |
SGUDA U-Lock Lock Management authorization | 8.8 | 06/02/2023 | SGUDA | Link |
SailPoint IdentityIQ Java Constructor unknown vulnerability | 7.9 | 06/05/2023 | SailPoint | Link |
ABB ASPECT Enterprise privileges management | 7.6 | 06/05/2023 | ABB | Link |
IBM Aspera Connect/Aspera Cargo buffer overflow | 7.9 | 06/05/2023 | IBM | Link |
Mobatime AMXGT100 improper authentication | 9.5 | 06/05/2023 | Mobatime | Link |
Mobatime AMXGT100 authorization | 8.5 | 06/05/2023 | Mobatime | Link |
Linux Kernel relocation.c prepare_to_relocate use after free | 7.5 | 06/05/2023 | Linux | Link |
Lenovo ThinkPad USB-A Dock Firmware Update Tool default permission | 7.8 | 06/06/2023 | Lenovo | Link |
jmsslider ajax_jmsslider.php access control | 8.5 | 06/06/2023 | jmsslider | Link |
jmsmegamenu ajax_jmsmegamenu.php sql injection | 8.5 | 06/06/2023 | jmsmegamenu | Link |
jmsthemelayout ajax_jmsvermegamenu.php sql injection | 8.5 | 06/06/2023 | jmsthemelayout | Link |
Qualcomm 315 5G IoT Modem GPU Subsystem memory corruption | 7.6 | 06/06/2023 | Qualcomm | Link |
Qualcomm CSRA6620 Audio memory corruption | 7.6 | 06/06/2023 | Qualcomm | Link |
Qualcomm AR8035 WLAN Host memory corruption | 7.6 | 06/06/2023 | Qualcomm | Link |
Qualcomm APQ8064AU GPU memory corruption | 7.9 | 06/06/2023 | Qualcomm | Link |
Qualcomm QCA8081 WLAN HAL memory corruption | 7.9 | 06/06/2023 | Qualcomm | Link |
Qualcomm 315 5G IoT Modem HLOS memory corruption | 7.9 | 06/06/2023 | Qualcomm | Link |
Qualcomm AQT1000 memory corruption | 7.9 | 06/06/2023 | Qualcomm | Link |
Qualcomm CSR8811 hyp-assign memory corruption | 7.9 | 06/06/2023 | Qualcomm | Link |
Delta Electronics CNCSoft-B DOPSoft heap-based overflow | 7.5 | 06/06/2023 | Delta | Link |
Delta Electronics CNCSoft-B DOPSoft stack-based overflow | 7.5 | 06/06/2023 | Delta | Link |
jmspagebuilder ajax_jmspagebuilder.php sql injection | 8.5 | 06/06/2023 | jmspagebuilder | Link |
Frontend File Manager Plugin Setting wpfm_save_settings authorization | 8.0 | 07/06/2023 | Frontend | Link |
User Submitted Posts Plugin usp_check_images unrestricted upload | 8.4 | 07/06/2023 | User | Link |
Automatic Plugin Setting process_form.php authorization | 8.1 | 07/06/2023 | Automatic | Link |
Shapely epsilon_framework_ajax_action code injection | 8.4 | 07/06/2023 | Shapely | Link |
Ultimate Reviews Plugin deserialization | 8.4 | 07/06/2023 | Ultimate | Link |
Newsletter Manager Plugin deserialization | 8.4 | 07/06/2023 | Newsletter | Link |
GDPR CCPA Compliance Support Plugin deserialization | 8.4 | 07/06/2023 | GDPR | Link |
Delete All Comments Plugin delete-all-comments.php unrestricted upload | 8.4 | 07/06/2023 | Delete | Link |
uListing Plugin authorization | 8.4 | 07/06/2023 | uListing | Link |
uListing Plugin import_new_layout authorization | 8.4 | 07/06/2023 | uListing | Link |
uListing Plugin save_role_api authorization | 7.7 | 07/06/2023 | uListing | Link |
Kiwi Social Share Plugin kiwi_social_share_get_option authorization | 8.4 | 07/06/2023 | Kiwi | Link |
Controlled Admin Access Plugin Configuration access control | 8.0 | 07/06/2023 | Controlled | Link |
uListing Plugin AJAX Action stm_listing_profile_edit authorization | 8.4 | 07/06/2023 | uListing | Link |
Unauthenticated Account Creation Plugin stm_listing_register authorization | 8.4 | 07/06/2023 | Unauthenticated | Link |
Triangle MicroWorks SCADA Data Gateway Broadcast Message GTWWebMonitor.exe format string | 7.7 | 07/06/2023 | Triangle | Link |
Adning Advertising Plugin _ning_upload_image unrestricted upload | 8.2 | 07/06/2023 | Adning | Link |
Pinterest Automatic Plugin process_form.php wp_pinterest_automatic_parse_request access control | 8.4 | 07/06/2023 | Link | |
VMware Aria Operations for Networks command injection | 8.4 | 07/06/2023 | VMware | Link |
VMware Aria Operations for Networks command injection | 9.4 | 07/06/2023 | VMware | Link |
Planet WDRT-1800AX Cookie improper authentication | 8.0 | 07/06/2023 | Planet | Link |
mailcow authorization | 8.6 | 07/06/2023 | mailcow | Link |
Cisco Expressway/TelePresence Video Communication Server Local Privilege Escalation | 7.5 | 08/06/2023 | Cisco | Link |
Cisco Expressway/TelePresence Video Communication Server Privilege Escalation | 8.4 | 08/06/2023 | Cisco | Link |
Cisco AnyConnect Secure Mobility Client Local Privilege Escalation | 7.5 | 08/06/2023 | Cisco | Link |
Netgear RAX30 cmsCli_authenticate stack-based overflow | 8.4 | 09/06/2023 | Netgear | Link |
Sante DICOM Viewer Pro DCM File Parser out-of-bounds write | 7.5 | 09/06/2023 | Sante | Link |
Sante DICOM Viewer Pro DCM File Parser out-of-bounds write | 7.5 | 09/06/2023 | Sante | Link |
Sante DICOM Viewer Pro JP2 File Parser out-of-bounds write | 7.5 | 09/06/2023 | Sante | Link |
owncast server-side request forgery | 7.6 | 10/06/2023 | owncast | Link |
Danfoss AK-EM100 os command injection | 9.2 | 11/06/2023 | Danfoss | Link |
Danfoss AK-EM100 Login Form sql injection | 8.5 | 11/06/2023 | Danfoss | Link |
AMI BMC IPMI denial of service | 7.7 | 12/06/2023 | AMI | Link |
Western Digital My Cloud OS/My Cloud Home/My Cloud Home Duo authentication spoofing | 9.7 | 12/06/2023 | Western | Link |
AMI BMC IPMI buffer overflow | 8.1 | 12/06/2023 | AMI | Link |
SRS POST Request snapshots os command injection | 8.0 | 12/06/2023 | SRS | Link |
EaseUS Todo Backup Installation Local Privilege Escalation | 8.3 | 13/06/2023 | EaseUS | Link |
Milesight NCR Camera improper authentication | 7.7 | 13/06/2023 | Milesight | Link |
Mazda Model improper authentication | 7.7 | 13/06/2023 | Mazda | Link |
WP Directory Kit Plugin wdk_public_action file inclusion | 7.9 | 13/06/2023 | WP | Link |
Fortinet FortiOS Fclicense daemon format string | 8.4 | 13/06/2023 | Fortinet | Link |
Fortinet FortiOS/FortiProxy FortiGate SSL-VPN heap-based overflow | 9.4 | 13/06/2023 | Fortinet | Link |
Fortinet FortiADC/FortiADC Manager CLI Command os command injection | 7.5 | 13/06/2023 | Fortinet | Link |
Fortinet FortiClient/FortiConverter Installation default permission | 7.5 | 13/06/2023 | Fortinet | Link |
Citrix ShareFile StorageZones Controller access control | 9.4 | 13/06/2023 | Citrix | Link |
TMT Lockcell unrestricted upload | 8.5 | 13/06/2023 | TMT | Link |
TMT Lockcell authorization | 8.6 | 13/06/2023 | TMT | Link |
TMT Lockcell sql injection | 8.4 | 13/06/2023 | TMT | Link |
Siemens SIMATIC WinCC Installation permission assignment | 7.6 | 13/06/2023 | Siemens | Link |
Siemens SIMATIC PCS 7/SIMATIC S7-PM/SIMATIC STEP 7 V5 code injection | 9.1 | 13/06/2023 | Siemens | Link |
TMT Lockcell unknown vulnerability | 8.4 | 13/06/2023 | TMT | Link |
Siemens Teamcenter Visualization/JT2Go CGM File memory corruption | 7.6 | 13/06/2023 | Siemens | Link |
Siemens Mendix SAML Incomplete Fix CVE-2023-25957 unknown vulnerability | 8.0 | 13/06/2023 | Siemens | Link |
Satos Mobile SOAP sql injection | 8.4 | 13/06/2023 | Satos | Link |
Microsoft Exchange Server Privilege Escalation | 7.7 | 13/06/2023 | Microsoft | Link |
Microsoft Windows Pragmatic General Multicast Remote Code Execution | 8.5 | 13/06/2023 | Microsoft | Link |
Microsoft Windows Pragmatic General Multicast Remote Code Execution | 8.5 | 13/06/2023 | Microsoft | Link |
Microsoft Windows Collaborative Translation Framework Local Privilege Escalation | 7.7 | 13/06/2023 | Microsoft | Link |
Microsoft Windows ODBC Driver Remote Code Execution | 7.7 | 13/06/2023 | Microsoft | Link |
Microsoft Windows WDAC OLE DB Provider for SQL Server Remote Code Execution | 7.7 | 13/06/2023 | Microsoft | Link |
Microsoft Windows Pragmatic General Multicast Remote Code Execution | 8.5 | 13/06/2023 | Microsoft | Link |
Microsoft Windows Remote Desktop Client Remote Code Execution | 7.7 | 13/06/2023 | Microsoft | Link |
Microsoft SharePoint Server Remote Code Execution | 8.5 | 13/06/2023 | Microsoft | Link |
Microsoft .NET Framework Remote Code Execution | 7.7 | 13/06/2023 | Microsoft | Link |
benjjvi PyBB sql injection | 8.4 | 13/06/2023 | benjjvi | Link |
nuxt code injection | 7.5 | 13/06/2023 | nuxt | Link |
ServiceNow Quebec/Rome/San Diego/Tokyo/Utah access control | 7.9 | 13/06/2023 | ServiceNow | Link |
benjjvi PyBB sql injection | 8.4 | 13/06/2023 | benjjvi | Link |
nuxt code injection | 7.5 | 13/06/2023 | nuxt | Link |
ServiceNow Quebec/Rome/San Diego/Tokyo/Utah access control | 7.9 | 13/06/2023 | ServiceNow | Link |
Schneider Electric EcoStruxure Foxboro DCS Control Core Services Foxboro.sys out-of-bounds write | 7.6 | 06/14/2023 | Schneider | Link |
Schneider Electric IGSS Dashboard Dashboard Module DashBoard.exe deserialization | 7.6 | 06/14/2023 | Schneider | Link |
Cloudflare cfnts NTP Server out-of-bounds | 7.9 | 06/14/2023 | Cloudflare | Link |
Dell Power Protect Cyber Recovery http headers for scripting syntax | 8.8 | 06/14/2023 | Dell | Link |
cpdb-libs scanf stack-based overflow | 9.6 | 06/14/2023 | cpdb-libs | Link |
Grav Template code injection | 7.9 | 06/15/2023 | Grav | Link |
ADSLR VW2100 Firmware command injection | 8.1 | 06/15/2023 | ADSLR | Link |
Microsoft ODBC Driver for SQL Server Local Privilege Escalation | 7.5 | 06/15/2023 | Microsoft | Link |
Microsoft SQL Server/OLE DB Local Privilege Escalation | 7.5 | 06/15/2023 | Microsoft | Link |
Microsoft ODBC Driver for SQL Server Local Privilege Escalation | 7.5 | 06/15/2023 | Microsoft | Link |
Microsoft ODBC Driver for SQL Server Local Privilege Escalation | 7.5 | 06/15/2023 | Microsoft | Link |
Microsoft ODBC Driver for SQL Server Local Privilege Escalation | 7.5 | 06/15/2023 | Microsoft | Link |
Microsoft ODBC Driver for SQL Server Local Privilege Escalation | 7.5 | 06/15/2023 | Microsoft | Link |
Silabs GSDK Wi-Fi Commissioning buffer overflow | 9.6 | 06/16/2023 | Silabs | Link |
Synacor Zimbra Collaboration Local Privilege Escalation | 7.8 | 06/16/2023 | Synacor | Link |
Thinking Efence Login sql injection | 8.5 | 06/16/2023 | Thinking | Link |
Omicard EDM unrestricted upload | 9.8 | 06/16/2023 | Omicard | Link |
L7 InstantScan IS-8000/InstantQoS IQ-8000 unrestricted upload | 9.8 | 06/16/2023 | L7 | Link |
Advantech WebAccess/SCADA RPC untrusted pointer dereference | 9.4 | 06/16/2023 | Advantech | Link |
Huawei HarmonyOS HwWatchHealth Remote Code Execution | 8.5 | 06/16/2023 | Huawei | Link |
ipandlanguageredirect Extension sql injection | 7.6 | 06/17/2023 | ipandlanguageredirect | Link |
Ricoh Printer Driver Packager NX Installation Local Privilege Escalation | 7.5 | 06/19/2023 | Ricoh | Link |
Trend Micro Apex One Security Agent Local Privilege Escalation | 7.5 | 06/19/2023 | Trend | Link |
Trend Micro Apex One Security Agent Local Privilege Escalation | 7.5 | 06/19/2023 | Trend | Link |
Trend Micro Apex One Security Agent Local Privilege Escalation | 7.5 | 06/19/2023 | Trend | Link |
Trend Micro Apex One Security Agent untrusted search path | 7.5 | 06/19/2023 | Trend | Link |
Trend Micro Apex One Security Agent untrusted search path | 7.5 | 06/19/2023 | Trend | Link |
Ashlar-Vellum Cobalt CO File Parser out-of-bounds write | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Ashlar-Vellum Cobalt CO File Parser stack-based overflow | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Ashlar-Vellum Cobalt XE File Parser uninitialized pointer | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Ashlar-Vellum Cobalt heap-based overflow | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Ashlar-Vellum Cobalt out-of-bounds write | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Ashlar-Vellum Cobalt out-of-bounds write | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Ashlar-Vellum Cobalt out-of-bounds write | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Ashlar-Vellum Cobalt out-of-bounds write | 7.8 | 06/19/2023 | Ashlar-Vellum | Link |
Fatek FvDesigner FPJ File Parser out-of-bounds write | 7.8 | 06/19/2023 | Fatek | Link |
Fatek FvDesigner FPJ File Parser uninitialized pointer | 7.8 | 06/19/2023 | Fatek | Link |
Fatek FvDesigner FPJ File Parser out-of-bounds write | 7.8 | 06/19/2023 | Fatek | Link |
Fatek FvDesigner FPJ File Parser out-of-bounds write | 8.8 | 06/19/2023 | Fatek | Link |
Fatek FvDesigner FPJ File Parser out-of-bounds write | 7.8 | 06/19/2023 | Fatek | Link |
Marksoft sql injection | 8.5 | 06/19/2023 | Marksoft | Link |
ZyXEL NAS326/NAS540 HTTP Request os command injection | 9.6 | 06/19/2023 | ZyXEL | Link |
SICK EventCam App API improper authentication | 8.5 | 06/19/2023 | SICK | Link |
SICK EventCam App channel accessible | 7.7 | 06/19/2023 | SICK | Link |
XWiki Platform Tip UI Extension authorization | 7.9 | 06/21/2023 | XWiki | Link |
clips2/video-clip-distributor/video-history-server path traversal | 8.5 | 06/27/2023 | clips2/video-clip-distributor/video-history-server | Link |
Stormshield Endpoint Security Evolution SES Evolution Agent permission | 7.8 | 06/28/2023 | Stormshield | Link |
git-commit-info API gitCommitInfo command injection | 8.4 | 06/28/2023 | git-commit-info | Link |
Linux Kernel io_uring Subsystem toctou | 7.6 | 06/28/2023 | Linux | Link |
Hitachi Energy TXpert Hub CoreTec 4 os command injection | 8.3 | 06/28/2023 | Hitachi | Link |
Linux Kernel ipvlan Network Driver ipvlan_core.c ipvlan_process_v6_outbound out-of-bounds write | 7.6 | 06/28/2023 | Linux | Link |
Linux Kernel Netfilter Subsystem nf_tables_api.c use after free | 7.6 | 06/29/2023 | Linux | Link |
D-Link DSL-G256DG Web Management Interface improper authentication | 8.5 | 06/29/2023 | D-Link | Link |
D-Link DSL-224 improper authentication | 8.0 | 06/29/2023 | D-Link | Link |
Samsung Smart Phone Exynos Baseband buffer overflow | 8.6 | 06/29/2023 | Samsung | Link |
Alerton BCM-WEB authentication spoofing | 8.6 | 06/29/2023 | Alerton | Link |
Active Directory Integration & LDAP Integration Plugin ldap injection | 7.8 | 06/29/2023 | Active | Link |
Parse Server BSON Parser prototype pollution | 8.4 | 06/29/2023 | Parse | Link |
STW TCG-4 Connectivity Module improper authentication | 9.8 | 06/29/2023 | STW | Link |
Medtronic Paceart Optima Microsoft Messaging Queuing Service deserialization | 9.8 | 06/29/2023 | Medtronic | Link |
Sealos Role Based Access Control improper authentication | 9.1 | 06/29/2023 | Sealos | Link |
Delta Electronics InfraSuite Device Master deserialization | 9.4 | 06/29/2023 | Delta | Link |
XWiki Platform injection | 7.9 | 06/30/2023 | XWiki | Link |
XWiki Platform cleanup | 7.9 | 06/30/2023 | XWiki | Link |
XWiki Platform neutralization of directives | 7.9 | 06/30/2023 | XWiki | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
CODESYS Development System inadequate encryption | 7.9 | 05/15/2023 | CODESYS | Link |
WAGO Compact Controller CC100 Device Configuration os command injection | 9.6 | 05/15/2023 | WAGO | Link |
SICK FTMg Air Flow Sensor REST Interface resource consumption | 7.5 | 05/15/2023 | SICK | Link |
CODESYS Control CmpTraceMgr out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control CmpTraceMgr out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link |
vm2 injection | 9.6 | 05/16/2023 | vm2 | Link |
Synology Router Manager os command injection | 8.8 | 05/16/2023 | Synology | Link |
Synology Router Manager os command injection | 9.6 | 05/16/2023 | Synology | Link |
Snap One OvrC Pro Firmware Signature data authenticity | 9.4 | 05/16/2023 | Snap | Link |
posstaticblocks getPosCurrentHook sql injection | 8.5 | 05/17/2023 | posstaticblocks | Link |
ABB Terra AC improper authentication | 8.8 | 05/17/2023 | ABB | Link |
IBM PowerVM Logical Partition access control | 8.5 | 05/17/2023 | IBM | Link |
Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link |
Linux Kernel ksmbd race condition | 9.4 | 05/18/2023 | Linux | Link |
Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link |
Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link |
mlflow path traversal | 8.4 | 05/18/2023 | mlflow | Link |
cdesigner initContent sql injection | 8.4 | 05/18/2023 | cdesigner | Link |
cups-filters Backend Error beh.c os command injection | 8.6 | 05/18/2023 | cups-filters | Link |
Acronis Home Office signature verification | 7.6 | 05/18/2023 | Acronis | Link |
Opentext Documentum Content Server dm_secure_writer Privilege Escalation | 7.6 | 05/18/2023 | Opentext | Link |
Johnson Controls OpenBlue Enterprise Manager Data Collector API improper authentication | 8.5 | 05/19/2023 | Johnson | Link |
Apple macOS libxpc Local Privilege Escalation | 7.5 | 05/20/2023 | Apple | Link |
Apple macOS Kernel use after free | 7.5 | 05/20/2023 | Apple | Link |
Apple macOS Kernel type confusion | 7.5 | 05/20/2023 | Apple | Link |
WooCommerce Memberships for Multivendor Marketplace Plugin authorization | 8.4 | 05/20/2023 | WooCommerce | Link |
Rental Module unrestricted upload | 8.5 | 05/20/2023 | Rental | Link |
IBM InfoSphere Information Server RMI Service deserialization | 7.9 | 05/22/2023 | IBM | Link |
Moxa MXsecurity Web-based API hard-coded credentials | 8.4 | 05/22/2023 | Moxa | Link |
Dataprobe iBoot-PDU Basic Discovery Protocol authentication bypass | 7.5 | 05/23/2023 | Dataprobe | Link |
cloudexplorer-lite access control | 8.6 | 05/23/2023 | cloudexplorer-lite | Link |
Adam Retail Automation Systems Mobilmen Terminal Software sql injection | 8.4 | 05/24/2023 | Adam | Link |
Garmin GarminOS CIQ API buffer overflow | 7.5 | 05/24/2023 | Garmin | Link |
Garmin GarminOS CIQ API buffer overflow | 7.5 | 05/24/2023 | Garmin | Link |
Garmin GarminOS API buffer overflow | 7.5 | 05/24/2023 | Garmin | Link |
Garmin GarminOS API integer overflow | 7.5 | 05/24/2023 | Garmin | Link |
Garmin GarminOS Toybox.Ant.BurstPayload.add out-of-bounds write | 7.5 | 05/24/2023 | Garmin | Link |
Garmin GarminOS TVM buffer overflow | 7.5 | 05/24/2023 | Garmin | Link |
Kerui W18 Alarm System authentication replay | 7.5 | 05/24/2023 | Kerui | Link |
AGShome Smart Alarm authentication replay | 7.5 | 05/24/2023 | AGShome | Link |
Digoo DG-HAMB authentication replay | 7.5 | 05/24/2023 | Digoo | Link |
Blitzwolf BW-IS22 authentication replay | 7.5 | 05/24/2023 | Blitzwolf | Link |
Mitsubishi Electric MELSEC iQ-F Packets buffer overflow | 9.9 | 05/24/2023 | Mitsubishi | Link |
Cityboss E-municipality sql injection | 8.4 | 05/24/2023 | Cityboss | Link |
kubelet Windows Container access control | 7.6 | 05/24/2023 | kubelet | Link |
Minova eTrace sql injection | 8.4 | 05/24/2023 | Minova | Link |
Ipekyolu Auto Damage Tracking sql injection | 8.4 | 05/24/2023 | Ipekyolu | Link |
Zyxel ATP/USG FLEX/VPN/Zywall ID Processing buffer overflow | 9.8 | 05/24/2023 | Zyxel | Link |
Zyxel ATP/USG FLEX/VPN/Zywall Notifications buffer overflow | 9.8 | 05/24/2023 | Zyxel | Link |
Autodesk On-Demand Install Services link following | 7.5 | 05/24/2023 | Autodesk | Link |
Barracuda Email Security Gateway TAR File command injection | 8.2 | 05/24/2023 | Barracuda | Link |
Hitachi Vantara Pentaho Business Analytics Server JSON Data deserialization | 7.8 | 05/25/2023 | Hitachi | Link |
MStore API Plugin improper authentication | 8.4 | 05/25/2023 | MStore | Link |
CBOT Chatbot authentication spoofing | 8.0 | 05/25/2023 | CBOT | Link |
CBOT Chatbot channel accessible | 7.6 | 05/25/2023 | CBOT | Link |
CBOT Chatbot generation of incorrect security tokens | 7.9 | 05/25/2023 | CBOT | Link |
AGT Tech Ceppatron sql injection | 8.6 | 05/25/2023 | AGT | Link |
Nagvis NagVisHoverUrl.php path traversal | 7.5 | 05/26/2023 | Nagvis | Link |
GitLab Community Edition/Enterprise Edition Public Project path traversal | 8.6 | 05/27/2023 | GitLab | Link |
Wacom Driver permission | 7.8 | 05/27/2023 | Wacom | Link |
Wacom Driver Local Privilege Escalation | 7.8 | 05/27/2023 | Wacom | Link |
FS S3900-24T4S Privilege Escalation | 7.7 | 05/29/2023 | FS | Link |
Emby Server request smuggling | 8.0 | 05/30/2023 | Emby | Link |
CKAN sudo privileges management | 8.6 | 05/30/2023 | CKAN | Link |
RIOT-OS 6LoWPAN Frame memory corruption | 9.6 | 05/30/2023 | RIOT-OS | Link |
JFrog proxy HTTP Request undefined values | 7.5 | 05/30/2023 | JFrog | Link |
ASUSTOR Download Center access control | 7.9 | 05/31/2023 | ASUSTOR | Link |
JetBrains TeamCity authorization | 8.0 | 05/31/2023 | JetBrains | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Feb, 01 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Feb, 01 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Feb, 01 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Feb, 01 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Feb, 01 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Feb, 01 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Feb, 01 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Feb, 01 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Feb, 01 2023 | Schneider | Link |
F5 BIG-IP iControl SOAP format string | (8.2) | Feb, 01 2023 | F5 | Link |
F5 BIG-IP Edge Client Installer uncontrolled search path | (8.1) | Feb, 01 2023 | F5 | Link |
Atlassian Jira Service Management Server and Data Center improper authentication | (8.3) | Feb, 01 2023 | Atlassian | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Feb, 02 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Feb, 02 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Feb, 02 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Feb, 02 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Feb, 02 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Feb, 02 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Feb, 02 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Feb, 02 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Feb, 02 2023 | Schneider | Link |
F5 BIG-IP iControl SOAP format string | (8.2) | Feb, 02 2023 | F5 | Link |
F5 BIG-IP Edge Client Installer uncontrolled search path | (8.1) | Feb, 02 2023 | F5 | Link |
Atlassian Jira Service Management Server and Data Center improper authentication | (8.3) | Feb, 02 2023 | Atlassian | Link |
Delta Electronics DIAScreen out-of-bounds write | (8.4) | Feb, 02 2023 | Delta | Link |
Delta Electronics DIAScreen memory corruption | (8.4) | Feb, 02 2023 | Delta | Link |
Delta Electronics DIAScreen stack-based overflow | (8.4) | Feb, 02 2023 | Delta | Link |
Netgear WNR612v2 Firmware Image unrestricted upload | (7.5) | Feb, 02 2023 | Netgear | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Feb, 03 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Feb, 03 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Feb, 03 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Feb, 03 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Feb, 03 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Feb, 03 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Feb, 03 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Feb, 03 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Feb, 03 2023 | Schneider | Link |
F5 BIG-IP iControl SOAP format string | (8.2) | Feb, 03 2023 | F5 | Link |
F5 BIG-IP Edge Client Installer uncontrolled search path | (8.1) | Feb, 03 2023 | F5 | Link |
Atlassian Jira Service Management Server and Data Center improper authentication | (8.3) | Feb, 03 2023 | Atlassian | Link |
Delta Electronics DIAScreen out-of-bounds write | (8.4) | Feb, 03 2023 | Delta | Link |
Delta Electronics DIAScreen memory corruption | (8.4) | Feb, 03 2023 | Delta | Link |
Delta Electronics DIAScreen stack-based overflow | (8.4) | Feb, 03 2023 | Delta | Link |
Netgear WNR612v2 Firmware Image unrestricted upload | (7.5) | Feb, 03 2023 | Netgear | Link |
TOTOLINK CA300-PoE hard-coded credentials | (8.5) | Feb, 03 2023 | TOTOLINK | Link |
Dell EMC NetWorker nsrexecd code injection | (7.8) | Feb, 03 2023 | Dell | Link |
froxlor code injection | (7.9) | Feb, 04 2023 | froxlor | Link |
Intel oneAPI DPC++ Compiler access control | (8.1) | Feb, 06 2023 | Intel | Link |
Intel oneAPI DPC++ Compiler uncontrolled search path | (7.6) | Feb, 06 2023 | Intel | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Feb, 07 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Feb, 07 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Feb, 07 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Feb, 07 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Feb, 07 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Feb, 07 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Feb, 07 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Feb, 07 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Feb, 07 2023 | Schneider | Link |
F5 BIG-IP iControl SOAP format string | (8.2) | Feb, 07 2023 | F5 | Link |
F5 BIG-IP Edge Client Installer uncontrolled search path | (8.1) | Feb, 07 2023 | F5 | Link |
Atlassian Jira Service Management Server and Data Center improper authentication | (8.3) | Feb, 07 2023 | Atlassian | Link |
Delta Electronics DIAScreen out-of-bounds write | (8.4) | Feb, 07 2023 | Delta | Link |
Delta Electronics DIAScreen memory corruption | (8.4) | Feb, 07 2023 | Delta | Link |
Delta Electronics DIAScreen stack-based overflow | (8.4) | Feb, 07 2023 | Delta | Link |
Netgear WNR612v2 Firmware Image unrestricted upload | (7.5) | Feb, 07 2023 | Netgear | Link |
TOTOLINK CA300-PoE hard-coded credentials | (8.5) | Feb, 07 2023 | TOTOLINK | Link |
Dell EMC NetWorker nsrexecd code injection | (7.8) | Feb, 07 2023 | Dell | Link |
Dompdf SVG File interpretation conflict | (8.5) | Feb, 07 2023 | Dompdf | Link |
Dell Command Intel vPro Out of Band improper authorization | (7.7) | Feb, 07 2023 | Dell | Link |
SUSE Linux Enterprise Server/Manager Server rmt-server-regsharing Service default permission | (8.1) | Feb, 07 2023 | SUSE | Link |
Netatalk dsi_writeinit heap-based overflow | (9.4) | Feb, 07 2023 | Netatalk | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Feb, 08 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Feb, 08 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Feb, 08 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Feb, 08 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Feb, 08 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Feb, 08 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Feb, 08 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Feb, 08 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Feb, 08 2023 | Schneider | Link |
F5 BIG-IP iControl SOAP format string | (8.2) | Feb, 08 2023 | F5 | Link |
F5 BIG-IP Edge Client Installer uncontrolled search path | (8.1) | Feb, 08 2023 | F5 | Link |
Atlassian Jira Service Management Server and Data Center improper authentication | (8.3) | Feb, 08 2023 | Atlassian | Link |
Delta Electronics DIAScreen out-of-bounds write | (8.4) | Feb, 08 2023 | Delta | Link |
Delta Electronics DIAScreen memory corruption | (8.4) | Feb, 08 2023 | Delta | Link |
Delta Electronics DIAScreen stack-based overflow | (8.4) | Feb, 08 2023 | Delta | Link |
Netgear WNR612v2 Firmware Image unrestricted upload | (7.5) | Feb, 08 2023 | Netgear | Link |
TOTOLINK CA300-PoE hard-coded credentials | (8.5) | Feb, 08 2023 | TOTOLINK | Link |
Dell EMC NetWorker nsrexecd code injection | (7.8) | Feb, 08 2023 | Dell | Link |
Dompdf SVG File interpretation conflict | (8.5) | Feb, 08 2023 | Dompdf | Link |
Dell Command Intel vPro Out of Band improper authorization | (7.7) | Feb, 08 2023 | Dell | Link |
SUSE Linux Enterprise Server/Manager Server rmt-server-regsharing Service default permission | (8.1) | Feb, 08 2023 | SUSE | Link |
Netatalk dsi_writeinit heap-based overflow | (9.4) | Feb, 08 2023 | Netatalk | Link |
Caphyon Advanced Installer MSI Repair Local Privilege Escalation | (7.6) | Feb, 08 2023 | Caphyon | Link |
B&R APROL System Configuration improper authentication | (8.2) | Feb, 08 2023 | B&R | Link |
B&R APROL Tbase Server stack-based overflow | (9.6) | Feb, 08 2023 | B&R | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Feb, 09 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Feb, 09 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Feb, 09 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Feb, 09 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Feb, 09 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Feb, 09 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Feb, 09 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Feb, 09 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Feb, 09 2023 | Schneider | Link |
F5 BIG-IP iControl SOAP format string | (8.2) | Feb, 09 2023 | F5 | Link |
F5 BIG-IP Edge Client Installer uncontrolled search path | (8.1) | Feb, 09 2023 | F5 | Link |
Atlassian Jira Service Management Server and Data Center improper authentication | (8.3) | Feb, 09 2023 | Atlassian | Link |
Delta Electronics DIAScreen out-of-bounds write | (8.4) | Feb, 09 2023 | Delta | Link |
Delta Electronics DIAScreen memory corruption | (8.4) | Feb, 09 2023 | Delta | Link |
Delta Electronics DIAScreen stack-based overflow | (8.4) | Feb, 09 2023 | Delta | Link |
Netgear WNR612v2 Firmware Image unrestricted upload | (7.5) | Feb, 09 2023 | Netgear | Link |
TOTOLINK CA300-PoE hard-coded credentials | (8.5) | Feb, 09 2023 | TOTOLINK | Link |
Dell EMC NetWorker nsrexecd code injection | (7.8) | Feb, 09 2023 | Dell | Link |
Dompdf SVG File interpretation conflict | (8.5) | Feb, 09 2023 | Dompdf | Link |
Dell Command Intel vPro Out of Band improper authorization | (7.7) | Feb, 09 2023 | Dell | Link |
SUSE Linux Enterprise Server/Manager Server rmt-server-regsharing Service default permission | (8.1) | Feb, 09 2023 | SUSE | Link |
Netatalk dsi_writeinit heap-based overflow | (9.4) | Feb, 09 2023 | Netatalk | Link |
Caphyon Advanced Installer MSI Repair Local Privilege Escalation | (7.6) | Feb, 09 2023 | Caphyon | Link |
B&R APROL System Configuration improper authentication | (8.2) | Feb, 09 2023 | B&R | Link |
B&R APROL Tbase Server stack-based overflow | (9.6) | Feb, 09 2023 | B&R | Link |
Samsung Smart Phone data authenticity | (7.5) | Feb, 09 2023 | Samsung | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Feb, 10 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Feb, 10 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Feb, 10 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Feb, 10 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Feb, 10 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Feb, 10 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Feb, 10 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Feb, 10 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Feb, 10 2023 | Schneider | Link |
F5 BIG-IP iControl SOAP format string | (8.2) | Feb, 10 2023 | F5 | Link |
F5 BIG-IP Edge Client Installer uncontrolled search path | (8.1) | Feb, 10 2023 | F5 | Link |
Atlassian Jira Service Management Server and Data Center improper authentication | (8.3) | Feb, 10 2023 | Atlassian | Link |
Delta Electronics DIAScreen out-of-bounds write | (8.4) | Feb, 10 2023 | Delta | Link |
Delta Electronics DIAScreen memory corruption | (8.4) | Feb, 10 2023 | Delta | Link |
Delta Electronics DIAScreen stack-based overflow | (8.4) | Feb, 10 2023 | Delta | Link |
Netgear WNR612v2 Firmware Image unrestricted upload | (7.5) | Feb, 10 2023 | Netgear | Link |
TOTOLINK CA300-PoE hard-coded credentials | (8.5) | Feb, 10 2023 | TOTOLINK | Link |
Dell EMC NetWorker nsrexecd code injection | (7.8) | Feb, 10 2023 | Dell | Link |
Dompdf SVG File interpretation conflict | (8.5) | Feb, 10 2023 | Dompdf | Link |
Dell Command Intel vPro Out of Band improper authorization | (7.7) | Feb, 10 2023 | Dell | Link |
SUSE Linux Enterprise Server/Manager Server rmt-server-regsharing Service default permission | (8.1) | Feb, 10 2023 | SUSE | Link |
Netatalk dsi_writeinit heap-based overflow | (9.4) | Feb, 10 2023 | Netatalk | Link |
Caphyon Advanced Installer MSI Repair Local Privilege Escalation | (7.6) | Feb, 10 2023 | Caphyon | Link |
B&R APROL System Configuration improper authentication | (8.2) | Feb, 10 2023 | B&R | Link |
B&R APROL Tbase Server stack-based overflow | (9.6) | Feb, 10 2023 | B&R | Link |
Samsung Smart Phone data authenticity | (7.5) | Feb, 10 2023 | Samsung | Link |
Linux Kernel Netfilter Subsystem nft_payload.c nft_payload_copy_vlan buffer overflow | (7.6) | Feb, 10 2023 | Linux | Link |
Dell Alienware Command Center Named Pipe input validation | (8.3) | Feb, 10 2023 | Dell | Link |
APSystems ECU-R Administration Interface command injection | (9.5) | Feb, 10 2023 | APSystems | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 01 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 01 2023 | vooon | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 02 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 02 2023 | vooon | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 03 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 03 2023 | vooon | Link |
Fortinet FortiTester os command injection | (8.3) | Jan, 03 2023 | Fortinet | Link |
Fortinet FortiADC HTTP Request os command injection | (8.6) | Jan, 03 2023 | Fortinet | Link |
Apache Dubbo Telnet deserialization | (9.6) | Jan, 03 2023 | Apache | Link |
User Post Gallery Plugin command injection | (8.4) | Jan, 03 2023 | User | Link |
User Post Gallery Plugin authorization | (8.4) | Jan, 03 2023 | User | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 04 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 04 2023 | vooon | Link |
Fortinet FortiTester os command injection | (8.3) | Jan, 04 2023 | Fortinet | Link |
Fortinet FortiADC HTTP Request os command injection | (8.6) | Jan, 04 2023 | Fortinet | Link |
Apache Dubbo Telnet deserialization | (9.6) | Jan, 04 2023 | Apache | Link |
User Post Gallery Plugin command injection | (8.4) | Jan, 04 2023 | User | Link |
User Post Gallery Plugin authorization | (8.4) | Jan, 04 2023 | User | Link |
KubePi hard-coded credentials | (8.9) | Jan, 04 2023 | KubePi | Link |
Apache DolphinScheduler Script Alert Plugin Parameter input validation | (8.0) | Jan, 04 2023 | Apache | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 05 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 05 2023 | vooon | Link |
Fortinet FortiTester os command injection | (8.3) | Jan, 05 2023 | Fortinet | Link |
Fortinet FortiADC HTTP Request os command injection | (8.6) | Jan, 05 2023 | Fortinet | Link |
Apache Dubbo Telnet deserialization | (9.6) | Jan, 05 2023 | Apache | Link |
User Post Gallery Plugin command injection | (8.4) | Jan, 05 2023 | User | Link |
User Post Gallery Plugin authorization | (8.4) | Jan, 05 2023 | User | Link |
KubePi hard-coded credentials | (8.9) | Jan, 05 2023 | KubePi | Link |
Apache DolphinScheduler Script Alert Plugin Parameter input validation | (8.0) | Jan, 05 2023 | Apache | Link |
Hitachi Energy UNEM R16A hard-coded key | (8.0) | Jan, 05 2023 | Hitachi | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 06 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 06 2023 | vooon | Link |
Fortinet FortiTester os command injection | (8.3) | Jan, 06 2023 | Fortinet | Link |
Fortinet FortiADC HTTP Request os command injection | (8.6) | Jan, 06 2023 | Fortinet | Link |
Apache Dubbo Telnet deserialization | (9.6) | Jan, 06 2023 | Apache | Link |
User Post Gallery Plugin command injection | (8.4) | Jan, 06 2023 | User | Link |
User Post Gallery Plugin authorization | (8.4) | Jan, 06 2023 | User | Link |
KubePi hard-coded credentials | (8.9) | Jan, 06 2023 | KubePi | Link |
Apache DolphinScheduler Script Alert Plugin Parameter input validation | (8.0) | Jan, 06 2023 | Apache | Link |
Hitachi Energy UNEM R16A hard-coded key | (8.0) | Jan, 06 2023 | Hitachi | Link |
ZTE MF286R command injection | (7.6) | Jan, 06 2023 | ZTE | Link |
Nexxt Amp300 ARN02304U8 Web Service sysTools os command injection | (7.5) | Jan, 06 2023 | Nexxt | Link |
NSA Ghidra launch.sh analyzeHeadless command injection | (7.5) | Jan, 06 2023 | NSA | Link |
exec-local-bin theProcess command injection | (8.0) | Jan, 06 2023 | exec-local-bin | Link |
Siren Investigate Script Variable access control | (7.5) | Jan, 06 2023 | Siren | Link |
Centos Panel 7 HTTP Request index.php os command injection | (7.9) | Jan, 06 2023 | Centos | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 07 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 07 2023 | vooon | Link |
Fortinet FortiTester os command injection | (8.3) | Jan, 07 2023 | Fortinet | Link |
Fortinet FortiADC HTTP Request os command injection | (8.6) | Jan, 07 2023 | Fortinet | Link |
Apache Dubbo Telnet deserialization | (9.6) | Jan, 07 2023 | Apache | Link |
User Post Gallery Plugin command injection | (8.4) | Jan, 07 2023 | User | Link |
User Post Gallery Plugin authorization | (8.4) | Jan, 07 2023 | User | Link |
KubePi hard-coded credentials | (8.9) | Jan, 07 2023 | KubePi | Link |
Apache DolphinScheduler Script Alert Plugin Parameter input validation | (8.0) | Jan, 07 2023 | Apache | Link |
Hitachi Energy UNEM R16A hard-coded key | (8.0) | Jan, 07 2023 | Hitachi | Link |
ZTE MF286R command injection | (7.6) | Jan, 07 2023 | ZTE | Link |
Nexxt Amp300 ARN02304U8 Web Service sysTools os command injection | (7.5) | Jan, 07 2023 | Nexxt | Link |
NSA Ghidra launch.sh analyzeHeadless command injection | (7.5) | Jan, 07 2023 | NSA | Link |
exec-local-bin theProcess command injection | (8.0) | Jan, 07 2023 | exec-local-bin | Link |
Siren Investigate Script Variable access control | (7.5) | Jan, 07 2023 | Siren | Link |
Centos Panel 7 HTTP Request index.php os command injection | (7.9) | Jan, 07 2023 | Centos | Link |
holdennb CollabCal calenderServer.cpp handleGet improper authentication | (8.0) | Jan, 07 2023 | holdennb | Link |
Netis Netcore Router hard-coded password | (8.0) | Jan, 07 2023 | Netis | Link |
Nokia ASIK AirScale System Module Firmware Verification unknown vulnerability | (8.0) | Jan, 07 2023 | Nokia | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 08 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 08 2023 | vooon | Link |
Fortinet FortiTester os command injection | (8.3) | Jan, 08 2023 | Fortinet | Link |
Fortinet FortiADC HTTP Request os command injection | (8.6) | Jan, 08 2023 | Fortinet | Link |
Apache Dubbo Telnet deserialization | (9.6) | Jan, 08 2023 | Apache | Link |
User Post Gallery Plugin command injection | (8.4) | Jan, 08 2023 | User | Link |
User Post Gallery Plugin authorization | (8.4) | Jan, 08 2023 | User | Link |
KubePi hard-coded credentials | (8.9) | Jan, 08 2023 | KubePi | Link |
Apache DolphinScheduler Script Alert Plugin Parameter input validation | (8.0) | Jan, 08 2023 | Apache | Link |
Hitachi Energy UNEM R16A hard-coded key | (8.0) | Jan, 08 2023 | Hitachi | Link |
ZTE MF286R command injection | (7.6) | Jan, 08 2023 | ZTE | Link |
Nexxt Amp300 ARN02304U8 Web Service sysTools os command injection | (7.5) | Jan, 08 2023 | Nexxt | Link |
NSA Ghidra launch.sh analyzeHeadless command injection | (7.5) | Jan, 08 2023 | NSA | Link |
exec-local-bin theProcess command injection | (8.0) | Jan, 08 2023 | exec-local-bin | Link |
Siren Investigate Script Variable access control | (7.5) | Jan, 08 2023 | Siren | Link |
Centos Panel 7 HTTP Request index.php os command injection | (7.9) | Jan, 08 2023 | Centos | Link |
holdennb CollabCal calenderServer.cpp handleGet improper authentication | (8.0) | Jan, 08 2023 | holdennb | Link |
Netis Netcore Router hard-coded password | (8.0) | Jan, 08 2023 | Netis | Link |
Nokia ASIK AirScale System Module Firmware Verification unknown vulnerability | (8.0) | Jan, 08 2023 | Nokia | Link |
web-cyradm auth.inc.php sql injection | (8.0) | Jan, 08 2023 | web-cyradm | Link |
perfSONAR file URL Privilege Escalation | (7.5) | Jan, 09 2023 | perfSONAR | Link |
vooon ntpd_driver Source Code access control | (7.9) | Jan, 09 2023 | vooon | Link |
Fortinet FortiTester os command injection | (8.3) | Jan, 09 2023 | Fortinet | Link |
Fortinet FortiADC HTTP Request os command injection | (8.6) | Jan, 09 2023 | Fortinet | Link |
Apache Dubbo Telnet deserialization | (9.6) | Jan, 09 2023 | Apache | Link |
User Post Gallery Plugin command injection | (8.4) | Jan, 09 2023 | User | Link |
User Post Gallery Plugin authorization | (8.4) | Jan, 09 2023 | User | Link |
KubePi hard-coded credentials | (8.9) | Jan, 09 2023 | KubePi | Link |
Apache DolphinScheduler Script Alert Plugin Parameter input validation | (8.0) | Jan, 09 2023 | Apache | Link |
Hitachi Energy UNEM R16A hard-coded key | (8.0) | Jan, 09 2023 | Hitachi | Link |
ZTE MF286R command injection | (7.6) | Jan, 09 2023 | ZTE | Link |
Nexxt Amp300 ARN02304U8 Web Service sysTools os command injection | (7.5) | Jan, 09 2023 | Nexxt | Link |
NSA Ghidra launch.sh analyzeHeadless command injection | (7.5) | Jan, 09 2023 | NSA | Link |
exec-local-bin theProcess command injection | (8.0) | Jan, 09 2023 | exec-local-bin | Link |
Siren Investigate Script Variable access control | (7.5) | Jan, 09 2023 | Siren | Link |
Centos Panel 7 HTTP Request index.php os command injection | (7.9) | Jan, 09 2023 | Centos | Link |
holdennb CollabCal calenderServer.cpp handleGet improper authentication | (8.0) | Jan, 09 2023 | holdennb | Link |
Netis Netcore Router hard-coded password | (8.0) | Jan, 09 2023 | Netis | Link |
Nokia ASIK AirScale System Module Firmware Verification unknown vulnerability | (8.0) | Jan, 09 2023 | Nokia | Link |
web-cyradm auth.inc.php sql injection | (8.0) | Jan, 09 2023 | web-cyradm | Link |
Zoom Rooms uncontrolled search path | (8.3) | Jan, 09 2023 | Zoom | Link |
Zoom Rooms Installer toctou | (7.6) | Jan, 09 2023 | Zoom | Link |
Zoom Rooms toctou | (8.3) | Jan, 09 2023 | Zoom | Link |
Zoom Rooms os command injection | (8.3) | Jan, 09 2023 | Zoom | Link |
SourceCodester Dynamic Transaction Queuing System sql injection | (7.9) | Jan, 09 2023 | SourceCodester | Link |
Weave GitOps file access | (7.5) | Jan, 09 2023 | Weave | Link |
Qualcomm WSA8835 Connectivity stack-based overflow | (7.9) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm WSA8835 Boot stack-based overflow | (7.9) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm WSA8835 Boot stack-based overflow | (7.9) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm WSA8835 Automotive Android OS memory corruption | (7.9) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm WSA8835 WLAN Firmware buffer overflow | (7.9) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm QAM8295P Android Core array index | (7.9) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm QCA7500/QCA7520/QCA7550 Powerline Communication Firmware memory corruption | (8.0) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm APQ8064AU Automotive integer overflow to buffer overflow | (8.2) | Jan, 09 2023 | Qualcomm | Link |
Qualcomm APQ8064AU Automotive memory corruption | (7.5) | Jan, 09 2023 | Qualcomm | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Jan, 10 2023 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Jan, 10 2023 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Jan, 10 2023 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Jan, 10 2023 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Jan, 10 2023 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Jan, 10 2023 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Jan, 10 2023 | fastrack | Link |
ikus060 rdiffweb access control | (8.4) | Jan, 10 2023 | ikus060 | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 10 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 10 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 10 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 10 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 10 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 10 2023 | D-Link | Link |
usememos unknown vulnerability | (7.8) | Jan, 10 2023 | usememos | Link |
usememos access control | (7.7) | Jan, 10 2023 | usememos | Link |
usememos access control | (7.6) | Jan, 10 2023 | usememos | Link |
Elvexys StreamX HTML Component improper authentication | (7.5) | Jan, 10 2023 | Elvexys | Link |
X.org X11 Server XkbCopyNames double free | (8.8) | Jan, 10 2023 | X.org | Link |
Apache Kylin Diagnosis Controller command injection | (7.9) | Jan, 10 2023 | Apache | Link |
Netgear RAX40 buffer overflow | (7.8) | Jan, 10 2023 | Netgear | Link |
usememos cross site scripting | (7.6) | Jan, 10 2023 | usememos | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
Tenda Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 10 2023 | Tenda | Link |
TRENDnet TEW755AP icp_setbg_img stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_24g stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP icp_setlogo_img stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_5g command injection | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP setup_wizard_mydlink command injection | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP icp_delete_img stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP auto_up_fw stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP do_sta_enrollee_wifi stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_5g stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP reject stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
TRENDnet TEW755AP tools_netstat stack-based overflow | (7.6) | Jan, 10 2023 | TRENDnet | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Jan, 11 2023 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Jan, 11 2023 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Jan, 11 2023 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Jan, 11 2023 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Jan, 11 2023 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Jan, 11 2023 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Jan, 11 2023 | fastrack | Link |
ikus060 rdiffweb access control | (8.4) | Jan, 11 2023 | ikus060 | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 11 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 11 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 11 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 11 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 11 2023 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Jan, 11 2023 | D-Link | Link |
usememos unknown vulnerability | (7.8) | Jan, 11 2023 | usememos | Link |
usememos access control | (7.7) | Jan, 11 2023 | usememos | Link |
usememos access control | (7.6) | Jan, 11 2023 | usememos | Link |
Elvexys StreamX HTML Component improper authentication | (7.5) | Jan, 11 2023 | Elvexys | Link |
X.org X11 Server XkbCopyNames double free | (8.8) | Jan, 11 2023 | X.org | Link |
Apache Kylin Diagnosis Controller command injection | (7.9) | Jan, 11 2023 | Apache | Link |
Netgear RAX40 buffer overflow | (7.8) | Jan, 11 2023 | Netgear | Link |
usememos cross site scripting | (7.6) | Jan, 11 2023 | usememos | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
Tenda Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Jan, 11 2023 | Tenda | Link |
TRENDnet TEW755AP icp_setbg_img stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_24g stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP icp_setlogo_img stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_5g command injection | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP setup_wizard_mydlink command injection | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP icp_delete_img stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP auto_up_fw stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP do_sta_enrollee_wifi stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_5g stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP reject stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
TRENDnet TEW755AP tools_netstat stack-based overflow | (7.6) | Jan, 11 2023 | TRENDnet | Link |
Cisco BroadWorks Application Delivery Platform denial of service | (7.9) | Jan, 11 2023 | Cisco | Link |
Cisco Industrial Network Director key management | (8.6) | Jan, 11 2023 | Cisco | Link |
Cisco Small Business RV082 Web-based Management Interface improper authentication | (8.8) | Jan, 11 2023 | Cisco | Link |
SourceCodester Lead Management System ajax_represent.php sql injection | (7.5) | Jan, 11 2023 | SourceCodester | Link |
SourceCodester Lead Management System removeLead.php sql injection | (7.5) | Jan, 11 2023 | SourceCodester | Link |
SourceCodester Lead Management System removeProduct.php sql injection | (7.5) | Jan, 11 2023 | SourceCodester | Link |
SourceCodester Lead Management System changePassword.php sql injection | (7.5) | Jan, 11 2023 | SourceCodester | Link |
Linux Kernel get_uts use after free | (8.1) | Jan, 11 2023 | Linux | Link |
SourceCodester Lead Management System removeBrand.php sql injection | (7.5) | Jan, 11 2023 | SourceCodester | Link |
SourceCodester Lead Management System removeOrder.php sql injection | (7.5) | Jan, 11 2023 | SourceCodester | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 12 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 12 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 12 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 12 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 12 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 12 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 12 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 12 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 12 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 12 2023 | EXFO | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 13 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 13 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 13 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 13 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 13 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 13 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 13 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 13 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 13 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 13 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 13 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 13 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 13 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 13 2023 | SAUTER | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 14 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 14 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 14 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 14 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 14 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 14 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 14 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 14 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 14 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 14 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 14 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 14 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 14 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 14 2023 | SAUTER | Link |
pyload code injection | (8.9) | Jan, 14 2023 | pyload | Link |
Izanami JWT Authentication Token authentication bypass | (8.4) | Jan, 14 2023 | Izanami | Link |
Netdata health_alarm_execute command injection | (7.8) | Jan, 14 2023 | Netdata | Link |
Easy Digital Downloads Plugin sql injection | (8.4) | Jan, 14 2023 | Easy | Link |
Paid Memberships Pro Plugin sql injection | (8.4) | Jan, 14 2023 | Paid | Link |
webbrowser-rs URL access control | (7.9) | Jan, 14 2023 | webbrowser-rs | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 15 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 15 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 15 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 15 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 15 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 15 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 15 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 15 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 15 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 15 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 15 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 15 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 15 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 15 2023 | SAUTER | Link |
pyload code injection | (8.9) | Jan, 15 2023 | pyload | Link |
Izanami JWT Authentication Token authentication bypass | (8.4) | Jan, 15 2023 | Izanami | Link |
Netdata health_alarm_execute command injection | (7.8) | Jan, 15 2023 | Netdata | Link |
Easy Digital Downloads Plugin sql injection | (8.4) | Jan, 15 2023 | Easy | Link |
Paid Memberships Pro Plugin sql injection | (8.4) | Jan, 15 2023 | Paid | Link |
webbrowser-rs URL access control | (7.9) | Jan, 15 2023 | webbrowser-rs | Link |
radare2 unknown vulnerability | (7.5) | Jan, 15 2023 | radare2 | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 16 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 16 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 16 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 16 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 16 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 16 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 16 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 16 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 16 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 16 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 16 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 16 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 16 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 16 2023 | SAUTER | Link |
pyload code injection | (8.9) | Jan, 16 2023 | pyload | Link |
Izanami JWT Authentication Token authentication bypass | (8.4) | Jan, 16 2023 | Izanami | Link |
Netdata health_alarm_execute command injection | (7.8) | Jan, 16 2023 | Netdata | Link |
Easy Digital Downloads Plugin sql injection | (8.4) | Jan, 16 2023 | Easy | Link |
Paid Memberships Pro Plugin sql injection | (8.4) | Jan, 16 2023 | Paid | Link |
webbrowser-rs URL access control | (7.9) | Jan, 16 2023 | webbrowser-rs | Link |
radare2 unknown vulnerability | (7.5) | Jan, 16 2023 | radare2 | Link |
saemorris TheRadSystem _login.php redirect sql injection | (8.0) | Jan, 16 2023 | saemorris | Link |
Fontsy Plugin sql injection | (8.4) | Jan, 16 2023 | Fontsy | Link |
SourceCodester Online Tours & Travels Management System page-login.php sql injection | (7.9) | Jan, 16 2023 | SourceCodester | Link |
HIMA HOPCS/X-OPC A+E/X-OPC DA/X-OTS exe unquoted search path | (8.3) | Jan, 16 2023 | HIMA | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 17 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 17 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 17 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 17 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 17 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 17 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 17 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 17 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 17 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 17 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 17 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 17 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 17 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 17 2023 | SAUTER | Link |
pyload code injection | (8.9) | Jan, 17 2023 | pyload | Link |
Izanami JWT Authentication Token authentication bypass | (8.4) | Jan, 17 2023 | Izanami | Link |
Netdata health_alarm_execute command injection | (7.8) | Jan, 17 2023 | Netdata | Link |
Easy Digital Downloads Plugin sql injection | (8.4) | Jan, 17 2023 | Easy | Link |
Paid Memberships Pro Plugin sql injection | (8.4) | Jan, 17 2023 | Paid | Link |
webbrowser-rs URL access control | (7.9) | Jan, 17 2023 | webbrowser-rs | Link |
radare2 unknown vulnerability | (7.5) | Jan, 17 2023 | radare2 | Link |
saemorris TheRadSystem _login.php redirect sql injection | (8.0) | Jan, 17 2023 | saemorris | Link |
Fontsy Plugin sql injection | (8.4) | Jan, 17 2023 | Fontsy | Link |
SourceCodester Online Tours & Travels Management System page-login.php sql injection | (7.9) | Jan, 17 2023 | SourceCodester | Link |
HIMA HOPCS/X-OPC A+E/X-OPC DA/X-OTS exe unquoted search path | (8.3) | Jan, 17 2023 | HIMA | Link |
GE Digital Proficy Historian authentication bypass | (8.4) | Jan, 17 2023 | GE | Link |
Mahoroba MAHO-PBX NetDevancer os command injection | (8.4) | Jan, 17 2023 | Mahoroba | Link |
TP-Link SG105PE improper authentication | (8.4) | Jan, 17 2023 | TP-Link | Link |
Omron CP1L-EL20DR-D FINS Protocol denial of service | (7.5) | Jan, 17 2023 | Omron | Link |
ARM Mali GPU Kernel Driver use after free | (8.8) | Jan, 17 2023 | ARM | Link |
SourceCodester Online Food Ordering System manage_user.php sql injection | (7.9) | Jan, 17 2023 | SourceCodester | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 18 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 18 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 18 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 18 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 18 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 18 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 18 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 18 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 18 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 18 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 18 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 18 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 18 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 18 2023 | SAUTER | Link |
pyload code injection | (8.9) | Jan, 18 2023 | pyload | Link |
Izanami JWT Authentication Token authentication bypass | (8.4) | Jan, 18 2023 | Izanami | Link |
Netdata health_alarm_execute command injection | (7.8) | Jan, 18 2023 | Netdata | Link |
Easy Digital Downloads Plugin sql injection | (8.4) | Jan, 18 2023 | Easy | Link |
Paid Memberships Pro Plugin sql injection | (8.4) | Jan, 18 2023 | Paid | Link |
webbrowser-rs URL access control | (7.9) | Jan, 18 2023 | webbrowser-rs | Link |
radare2 unknown vulnerability | (7.5) | Jan, 18 2023 | radare2 | Link |
saemorris TheRadSystem _login.php redirect sql injection | (8.0) | Jan, 18 2023 | saemorris | Link |
Fontsy Plugin sql injection | (8.4) | Jan, 18 2023 | Fontsy | Link |
SourceCodester Online Tours & Travels Management System page-login.php sql injection | (7.9) | Jan, 18 2023 | SourceCodester | Link |
HIMA HOPCS/X-OPC A+E/X-OPC DA/X-OTS exe unquoted search path | (8.3) | Jan, 18 2023 | HIMA | Link |
GE Digital Proficy Historian authentication bypass | (8.4) | Jan, 18 2023 | GE | Link |
Mahoroba MAHO-PBX NetDevancer os command injection | (8.4) | Jan, 18 2023 | Mahoroba | Link |
TP-Link SG105PE improper authentication | (8.4) | Jan, 18 2023 | TP-Link | Link |
Omron CP1L-EL20DR-D FINS Protocol denial of service | (7.5) | Jan, 18 2023 | Omron | Link |
ARM Mali GPU Kernel Driver use after free | (8.8) | Jan, 18 2023 | ARM | Link |
SourceCodester Online Food Ordering System manage_user.php sql injection | (7.9) | Jan, 18 2023 | SourceCodester | Link |
Sudo Environment Variable protection mechanism | (7.9) | Jan, 18 2023 | Sudo | Link |
Dell Command Configure permission | (8.8) | Jan, 18 2023 | Dell | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 19 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 19 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 19 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 19 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 19 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 19 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 19 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 19 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 19 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 19 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 19 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 19 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 19 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 19 2023 | SAUTER | Link |
pyload code injection | (8.9) | Jan, 19 2023 | pyload | Link |
Izanami JWT Authentication Token authentication bypass | (8.4) | Jan, 19 2023 | Izanami | Link |
Netdata health_alarm_execute command injection | (7.8) | Jan, 19 2023 | Netdata | Link |
Easy Digital Downloads Plugin sql injection | (8.4) | Jan, 19 2023 | Easy | Link |
Paid Memberships Pro Plugin sql injection | (8.4) | Jan, 19 2023 | Paid | Link |
webbrowser-rs URL access control | (7.9) | Jan, 19 2023 | webbrowser-rs | Link |
radare2 unknown vulnerability | (7.5) | Jan, 19 2023 | radare2 | Link |
saemorris TheRadSystem _login.php redirect sql injection | (8.0) | Jan, 19 2023 | saemorris | Link |
Fontsy Plugin sql injection | (8.4) | Jan, 19 2023 | Fontsy | Link |
SourceCodester Online Tours & Travels Management System page-login.php sql injection | (7.9) | Jan, 19 2023 | SourceCodester | Link |
HIMA HOPCS/X-OPC A+E/X-OPC DA/X-OTS exe unquoted search path | (8.3) | Jan, 19 2023 | HIMA | Link |
GE Digital Proficy Historian authentication bypass | (8.4) | Jan, 19 2023 | GE | Link |
Mahoroba MAHO-PBX NetDevancer os command injection | (8.4) | Jan, 19 2023 | Mahoroba | Link |
TP-Link SG105PE improper authentication | (8.4) | Jan, 19 2023 | TP-Link | Link |
Omron CP1L-EL20DR-D FINS Protocol denial of service | (7.5) | Jan, 19 2023 | Omron | Link |
ARM Mali GPU Kernel Driver use after free | (8.8) | Jan, 19 2023 | ARM | Link |
SourceCodester Online Food Ordering System manage_user.php sql injection | (7.9) | Jan, 19 2023 | SourceCodester | Link |
Sudo Environment Variable protection mechanism | (7.9) | Jan, 19 2023 | Sudo | Link |
Dell Command Configure permission | (8.8) | Jan, 19 2023 | Dell | Link |
zephyrproject-rtos Zephyr Bluetooth Controller le_read_buffer_size_complete unknown vulnerability | (8.0) | Jan, 19 2023 | zephyrproject-rtos | Link |
Sewio RTLS Studio out-of-bounds write | (8.8) | Jan, 20 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 20 2023 | Sewio | Link |
Sewio RTLS Studio os command injection | (7.7) | Jan, 20 2023 | Sewio | Link |
Sewio RTLS Studio hard-coded password | (9.7) | Jan, 20 2023 | Sewio | Link |
Linux Kernel MCTP use after free | (8.1) | Jan, 20 2023 | Linux | Link |
Qt QML QtScript Reflect API heap-based overflow | (7.9) | Jan, 20 2023 | Qt | Link |
Qt QML QtScript Reflect API integer overflow | (7.9) | Jan, 20 2023 | Qt | Link |
Alotcer AR7088H-A input validation | (7.7) | Jan, 20 2023 | Alotcer | Link |
EXFO BV-10 Performance Endpoint Unit hard-coded credentials | (9.8) | Jan, 20 2023 | EXFO | Link |
EXFO BV-10 Performance Endpoint Unit improper authentication | (9.8) | Jan, 20 2023 | EXFO | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 20 2023 | Dynamic | Link |
Dynamic Transaction Queuing System sql injection | (7.5) | Jan, 20 2023 | Dynamic | Link |
NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima injection | (8.3) | Jan, 20 2023 | NVIDIA | Link |
SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication | (9.5) | Jan, 20 2023 | SAUTER | Link |
pyload code injection | (8.9) | Jan, 20 2023 | pyload | Link |
Izanami JWT Authentication Token authentication bypass | (8.4) | Jan, 20 2023 | Izanami | Link |
Netdata health_alarm_execute command injection | (7.8) | Jan, 20 2023 | Netdata | Link |
Easy Digital Downloads Plugin sql injection | (8.4) | Jan, 20 2023 | Easy | Link |
Paid Memberships Pro Plugin sql injection | (8.4) | Jan, 20 2023 | Paid | Link |
webbrowser-rs URL access control | (7.9) | Jan, 20 2023 | webbrowser-rs | Link |
radare2 unknown vulnerability | (7.5) | Jan, 20 2023 | radare2 | Link |
saemorris TheRadSystem _login.php redirect sql injection | (8.0) | Jan, 20 2023 | saemorris | Link |
Fontsy Plugin sql injection | (8.4) | Jan, 20 2023 | Fontsy | Link |
SourceCodester Online Tours & Travels Management System page-login.php sql injection | (7.9) | Jan, 20 2023 | SourceCodester | Link |
HIMA HOPCS/X-OPC A+E/X-OPC DA/X-OTS exe unquoted search path | (8.3) | Jan, 20 2023 | HIMA | Link |
GE Digital Proficy Historian authentication bypass | (8.4) | Jan, 20 2023 | GE | Link |
Mahoroba MAHO-PBX NetDevancer os command injection | (8.4) | Jan, 20 2023 | Mahoroba | Link |
TP-Link SG105PE improper authentication | (8.4) | Jan, 20 2023 | TP-Link | Link |
Omron CP1L-EL20DR-D FINS Protocol denial of service | (7.5) | Jan, 20 2023 | Omron | Link |
ARM Mali GPU Kernel Driver use after free | (8.8) | Jan, 20 2023 | ARM | Link |
SourceCodester Online Food Ordering System manage_user.php sql injection | (7.9) | Jan, 20 2023 | SourceCodester | Link |
Sudo Environment Variable protection mechanism | (7.9) | Jan, 20 2023 | Sudo | Link |
Dell Command Configure permission | (8.8) | Jan, 20 2023 | Dell | Link |
zephyrproject-rtos Zephyr Bluetooth Controller le_read_buffer_size_complete unknown vulnerability | (8.0) | Jan, 20 2023 | zephyrproject-rtos | Link |
Sofia-SIP Length stun_parse_attribute buffer overflow | (8.4) | Jan, 20 2023 | Sofia-SIP | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 21 2023 | Common | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 22 2023 | Common | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 23 2023 | Common | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 24 2023 | Common | Link |
Apple macOS PackageKit state issue | (7.5) | Jan, 24 2023 | Apple | Link |
Apple macOS Kernel memory corruption | (7.5) | Jan, 24 2023 | Apple | Link |
Apple macOS Intel Graphics Driver memory corruption | (7.5) | Jan, 24 2023 | Apple | Link |
Apple watchOS Kernel memory corruption | (7.5) | Jan, 24 2023 | Apple | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 25 2023 | Common | Link |
Apple macOS PackageKit state issue | (7.5) | Jan, 25 2023 | Apple | Link |
Apple macOS Kernel memory corruption | (7.5) | Jan, 25 2023 | Apple | Link |
Apple macOS Intel Graphics Driver memory corruption | (7.5) | Jan, 25 2023 | Apple | Link |
Apple watchOS Kernel memory corruption | (7.5) | Jan, 25 2023 | Apple | Link |
LPAR2RRD command injection | (8.4) | Jan, 25 2023 | LPAR2RRD | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 26 2023 | Common | Link |
Apple macOS PackageKit state issue | (7.5) | Jan, 26 2023 | Apple | Link |
Apple macOS Kernel memory corruption | (7.5) | Jan, 26 2023 | Apple | Link |
Apple macOS Intel Graphics Driver memory corruption | (7.5) | Jan, 26 2023 | Apple | Link |
Apple watchOS Kernel memory corruption | (7.5) | Jan, 26 2023 | Apple | Link |
LPAR2RRD command injection | (8.4) | Jan, 26 2023 | LPAR2RRD | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 27 2023 | Common | Link |
Apple macOS PackageKit state issue | (7.5) | Jan, 27 2023 | Apple | Link |
Apple macOS Kernel memory corruption | (7.5) | Jan, 27 2023 | Apple | Link |
Apple macOS Intel Graphics Driver memory corruption | (7.5) | Jan, 27 2023 | Apple | Link |
Apple watchOS Kernel memory corruption | (7.5) | Jan, 27 2023 | Apple | Link |
LPAR2RRD command injection | (8.4) | Jan, 27 2023 | LPAR2RRD | Link |
D-Link DIR-878 SubnetMask command injection | (7.7) | Jan, 27 2023 | D-Link | Link |
D-Link DIR-878 IPAddress command injection | (7.7) | Jan, 27 2023 | D-Link | Link |
Razer Synapse bin access control | (8.4) | Jan, 27 2023 | Razer | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 28 2023 | Common | Link |
Apple macOS PackageKit state issue | (7.5) | Jan, 28 2023 | Apple | Link |
Apple macOS Kernel memory corruption | (7.5) | Jan, 28 2023 | Apple | Link |
Apple macOS Intel Graphics Driver memory corruption | (7.5) | Jan, 28 2023 | Apple | Link |
Apple watchOS Kernel memory corruption | (7.5) | Jan, 28 2023 | Apple | Link |
LPAR2RRD command injection | (8.4) | Jan, 28 2023 | LPAR2RRD | Link |
D-Link DIR-878 SubnetMask command injection | (7.7) | Jan, 28 2023 | D-Link | Link |
D-Link DIR-878 IPAddress command injection | (7.7) | Jan, 28 2023 | D-Link | Link |
Razer Synapse bin access control | (8.4) | Jan, 28 2023 | Razer | Link |
Apple tvOS Kernel memory corruption | (7.5) | Jan, 28 2023 | Apple | Link |
ContentStudio Plugin cstu_get_metadata authorization | (8.4) | Jan, 28 2023 | ContentStudio | Link |
ContentStudio Plugin authorization | (8.0) | Jan, 28 2023 | ContentStudio | Link |
Common Desktop Environment libXm ParseColors stack-based overflow | (8.0) | Jan, 29 2023 | Common | Link |
Apple macOS PackageKit state issue | (7.5) | Jan, 29 2023 | Apple | Link |
Apple macOS Kernel memory corruption | (7.5) | Jan, 29 2023 | Apple | Link |
Apple macOS Intel Graphics Driver memory corruption | (7.5) | Jan, 29 2023 | Apple | Link |
Apple watchOS Kernel memory corruption | (7.5) | Jan, 29 2023 | Apple | Link |
LPAR2RRD command injection | (8.4) | Jan, 29 2023 | LPAR2RRD | Link |
D-Link DIR-878 SubnetMask command injection | (7.7) | Jan, 29 2023 | D-Link | Link |
D-Link DIR-878 IPAddress command injection | (7.7) | Jan, 29 2023 | D-Link | Link |
Razer Synapse bin access control | (8.4) | Jan, 29 2023 | Razer | Link |
Apple tvOS Kernel memory corruption | (7.5) | Jan, 29 2023 | Apple | Link |
ContentStudio Plugin cstu_get_metadata authorization | (8.4) | Jan, 29 2023 | ContentStudio | Link |
ContentStudio Plugin authorization | (8.0) | Jan, 29 2023 | ContentStudio | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Jan, 30 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Jan, 30 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Jan, 30 2023 | QNAP | Link |
Linux Kernel io_uring io_prep_async_work use after free | (8.1) | Jan, 31 2023 | Linux | Link |
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | (7.5) | Jan, 31 2023 | Linux | Link |
QNAP QuTS hero/QTS sql injection | (8.4) | Jan, 31 2023 | QNAP | Link |
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | (8.0) | Jan, 31 2023 | Schneider | Link |
Schneider Electric EcoStruxure Control Expert authentication replay | (8.1) | Jan, 31 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller improper authentication | (9.6) | Jan, 31 2023 | Schneider | Link |
Schneider Electric C-Bus Network Automation Controller weak password | (8.4) | Jan, 31 2023 | Schneider | Link |
Motorola MR2600 input validation | (7.5) | Jan, 31 2023 | Motorola | Link |
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | (7.8) | Jan, 31 2023 | Schneider | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Dec, 01 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Dec, 01 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Dec, 01 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Dec, 01 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Dec, 01 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Dec, 01 2022 | Acer | Link |
School Management System sql injection | (7.7) | Dec, 01 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Dec, 01 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Dec, 01 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Dec, 01 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Dec, 01 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Dec, 01 2022 | PuneethReddyHC | Link |
Microsoft Edge GPU heap-based overflow | (7.8) | Dec, 01 2022 | Microsoft | Link |
Tribal Systems Zenario CMS Privilege Escalation | (8.0) | Dec, 01 2022 | Tribal | Link |
oretnom23 Simple Inventory Management System login.php sql injection | (7.5) | Dec, 01 2022 | oretnom23 | Link |
SourceCodester Book Store Management System index.php access control | (7.9) | Dec, 01 2022 | SourceCodester | Link |
owncast sql injection | (8.2) | Dec, 01 2022 | owncast | Link |
Book Store Management System Admin Panel hard-coded credentials | (7.9) | Dec, 01 2022 | Book | Link |
Sanitization Management System Admin Panel hard-coded credentials | (7.9) | Dec, 01 2022 | Sanitization | Link |
OP-TEE Trusted OS cleanup_shm_refs array index | (7.8) | Dec, 01 2022 | OP-TEE | Link |
Symantec Endpoint Protection privileges management | (7.6) | Dec, 01 2022 | Symantec | Link |
asith-eranga ISIC Tour Booking controller.php sql injection | (7.9) | Dec, 01 2022 | asith-eranga | Link |
Asus NAS-M25 Cookie os command injection | (9.8) | Dec, 01 2022 | Asus | Link |
Rocket TRUfusion Enterprise JSP File unrestricted upload | (7.9) | Dec, 01 2022 | Rocket | Link |
Festo VTEM-S1 insufficient technical documentation | (9.6) | Dec, 01 2022 | Festo | Link |
SnakeYAML Constructor deserialization | (8.1) | Dec, 01 2022 | SnakeYAML | Link |
ff4j Privilege Escalation | (8.0) | Dec, 01 2022 | ff4j | Link |
discourse-bbcode CSS injection | (8.2) | Dec, 01 2022 | discourse-bbcode | Link |
Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization | (8.3) | Dec, 01 2022 | Xiongmai | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Dec, 02 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Dec, 02 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Dec, 02 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Dec, 02 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Dec, 02 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Dec, 02 2022 | Acer | Link |
School Management System sql injection | (7.7) | Dec, 02 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Dec, 02 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Dec, 02 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Dec, 02 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Dec, 02 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Dec, 02 2022 | PuneethReddyHC | Link |
Microsoft Edge GPU heap-based overflow | (7.8) | Dec, 02 2022 | Microsoft | Link |
Tribal Systems Zenario CMS Privilege Escalation | (8.0) | Dec, 02 2022 | Tribal | Link |
oretnom23 Simple Inventory Management System login.php sql injection | (7.5) | Dec, 02 2022 | oretnom23 | Link |
SourceCodester Book Store Management System index.php access control | (7.9) | Dec, 02 2022 | SourceCodester | Link |
owncast sql injection | (8.2) | Dec, 02 2022 | owncast | Link |
Book Store Management System Admin Panel hard-coded credentials | (7.9) | Dec, 02 2022 | Book | Link |
Sanitization Management System Admin Panel hard-coded credentials | (7.9) | Dec, 02 2022 | Sanitization | Link |
OP-TEE Trusted OS cleanup_shm_refs array index | (7.8) | Dec, 02 2022 | OP-TEE | Link |
Symantec Endpoint Protection privileges management | (7.6) | Dec, 02 2022 | Symantec | Link |
asith-eranga ISIC Tour Booking controller.php sql injection | (7.9) | Dec, 02 2022 | asith-eranga | Link |
Asus NAS-M25 Cookie os command injection | (9.8) | Dec, 02 2022 | Asus | Link |
Rocket TRUfusion Enterprise JSP File unrestricted upload | (7.9) | Dec, 02 2022 | Rocket | Link |
Festo VTEM-S1 insufficient technical documentation | (9.6) | Dec, 02 2022 | Festo | Link |
SnakeYAML Constructor deserialization | (8.1) | Dec, 02 2022 | SnakeYAML | Link |
ff4j Privilege Escalation | (8.0) | Dec, 02 2022 | ff4j | Link |
discourse-bbcode CSS injection | (8.2) | Dec, 02 2022 | discourse-bbcode | Link |
Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization | (8.3) | Dec, 02 2022 | Xiongmai | Link |
vim heap-based overflow | (7.9) | Dec, 02 2022 | vim | Link |
Rukovoditel sql injection | (7.5) | Dec, 02 2022 | Rukovoditel | Link |
Horner Automation RCC 972 hard-coded key | (9.6) | Dec, 02 2022 | Horner | Link |
Capsule authorization | (8.6) | Dec, 02 2022 | Capsule | Link |
webTareas phasesets.php sql injection | (7.6) | Dec, 02 2022 | webTareas | Link |
webTareas deleteapprovalstages.php sql injection | (7.6) | Dec, 02 2022 | webTareas | Link |
Tenda i21 setUplinkInfo buffer overflow | (7.5) | Dec, 02 2022 | Tenda | Link |
Tenda i21 setSysPwd stack-based overflow | (7.5) | Dec, 02 2022 | Tenda | Link |
Tenda i21 setSnmpInfo buffer overflow | (7.5) | Dec, 02 2022 | Tenda | Link |
Tenda i21 AddSysLogRule buffer overflow | (7.5) | Dec, 02 2022 | Tenda | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Dec, 03 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Dec, 03 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Dec, 03 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Dec, 03 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Dec, 03 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Dec, 03 2022 | Acer | Link |
School Management System sql injection | (7.7) | Dec, 03 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Dec, 03 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Dec, 03 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Dec, 03 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Dec, 03 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Dec, 03 2022 | PuneethReddyHC | Link |
Microsoft Edge GPU heap-based overflow | (7.8) | Dec, 03 2022 | Microsoft | Link |
Tribal Systems Zenario CMS Privilege Escalation | (8.0) | Dec, 03 2022 | Tribal | Link |
oretnom23 Simple Inventory Management System login.php sql injection | (7.5) | Dec, 03 2022 | oretnom23 | Link |
SourceCodester Book Store Management System index.php access control | (7.9) | Dec, 03 2022 | SourceCodester | Link |
owncast sql injection | (8.2) | Dec, 03 2022 | owncast | Link |
Book Store Management System Admin Panel hard-coded credentials | (7.9) | Dec, 03 2022 | Book | Link |
Sanitization Management System Admin Panel hard-coded credentials | (7.9) | Dec, 03 2022 | Sanitization | Link |
OP-TEE Trusted OS cleanup_shm_refs array index | (7.8) | Dec, 03 2022 | OP-TEE | Link |
Symantec Endpoint Protection privileges management | (7.6) | Dec, 03 2022 | Symantec | Link |
asith-eranga ISIC Tour Booking controller.php sql injection | (7.9) | Dec, 03 2022 | asith-eranga | Link |
Asus NAS-M25 Cookie os command injection | (9.8) | Dec, 03 2022 | Asus | Link |
Rocket TRUfusion Enterprise JSP File unrestricted upload | (7.9) | Dec, 03 2022 | Rocket | Link |
Festo VTEM-S1 insufficient technical documentation | (9.6) | Dec, 03 2022 | Festo | Link |
SnakeYAML Constructor deserialization | (8.1) | Dec, 03 2022 | SnakeYAML | Link |
ff4j Privilege Escalation | (8.0) | Dec, 03 2022 | ff4j | Link |
discourse-bbcode CSS injection | (8.2) | Dec, 03 2022 | discourse-bbcode | Link |
Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization | (8.3) | Dec, 03 2022 | Xiongmai | Link |
vim heap-based overflow | (7.9) | Dec, 03 2022 | vim | Link |
Rukovoditel sql injection | (7.5) | Dec, 03 2022 | Rukovoditel | Link |
Horner Automation RCC 972 hard-coded key | (9.6) | Dec, 03 2022 | Horner | Link |
Capsule authorization | (8.6) | Dec, 03 2022 | Capsule | Link |
webTareas phasesets.php sql injection | (7.6) | Dec, 03 2022 | webTareas | Link |
webTareas deleteapprovalstages.php sql injection | (7.6) | Dec, 03 2022 | webTareas | Link |
Tenda i21 setUplinkInfo buffer overflow | (7.5) | Dec, 03 2022 | Tenda | Link |
Tenda i21 setSysPwd stack-based overflow | (7.5) | Dec, 03 2022 | Tenda | Link |
Tenda i21 setSnmpInfo buffer overflow | (7.5) | Dec, 03 2022 | Tenda | Link |
Tenda i21 AddSysLogRule buffer overflow | (7.5) | Dec, 03 2022 | Tenda | Link |
SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload | (7.9) | Dec, 03 2022 | SourceCodester | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Dec, 04 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Dec, 04 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Dec, 04 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Dec, 04 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Dec, 04 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Dec, 04 2022 | Acer | Link |
School Management System sql injection | (7.7) | Dec, 04 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Dec, 04 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Dec, 04 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Dec, 04 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Dec, 04 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Dec, 04 2022 | PuneethReddyHC | Link |
Microsoft Edge GPU heap-based overflow | (7.8) | Dec, 04 2022 | Microsoft | Link |
Tribal Systems Zenario CMS Privilege Escalation | (8.0) | Dec, 04 2022 | Tribal | Link |
oretnom23 Simple Inventory Management System login.php sql injection | (7.5) | Dec, 04 2022 | oretnom23 | Link |
SourceCodester Book Store Management System index.php access control | (7.9) | Dec, 04 2022 | SourceCodester | Link |
owncast sql injection | (8.2) | Dec, 04 2022 | owncast | Link |
Book Store Management System Admin Panel hard-coded credentials | (7.9) | Dec, 04 2022 | Book | Link |
Sanitization Management System Admin Panel hard-coded credentials | (7.9) | Dec, 04 2022 | Sanitization | Link |
OP-TEE Trusted OS cleanup_shm_refs array index | (7.8) | Dec, 04 2022 | OP-TEE | Link |
Symantec Endpoint Protection privileges management | (7.6) | Dec, 04 2022 | Symantec | Link |
asith-eranga ISIC Tour Booking controller.php sql injection | (7.9) | Dec, 04 2022 | asith-eranga | Link |
Asus NAS-M25 Cookie os command injection | (9.8) | Dec, 04 2022 | Asus | Link |
Rocket TRUfusion Enterprise JSP File unrestricted upload | (7.9) | Dec, 04 2022 | Rocket | Link |
Festo VTEM-S1 insufficient technical documentation | (9.6) | Dec, 04 2022 | Festo | Link |
SnakeYAML Constructor deserialization | (8.1) | Dec, 04 2022 | SnakeYAML | Link |
ff4j Privilege Escalation | (8.0) | Dec, 04 2022 | ff4j | Link |
discourse-bbcode CSS injection | (8.2) | Dec, 04 2022 | discourse-bbcode | Link |
Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization | (8.3) | Dec, 04 2022 | Xiongmai | Link |
vim heap-based overflow | (7.9) | Dec, 04 2022 | vim | Link |
Rukovoditel sql injection | (7.5) | Dec, 04 2022 | Rukovoditel | Link |
Horner Automation RCC 972 hard-coded key | (9.6) | Dec, 04 2022 | Horner | Link |
Capsule authorization | (8.6) | Dec, 04 2022 | Capsule | Link |
webTareas phasesets.php sql injection | (7.6) | Dec, 04 2022 | webTareas | Link |
webTareas deleteapprovalstages.php sql injection | (7.6) | Dec, 04 2022 | webTareas | Link |
Tenda i21 setUplinkInfo buffer overflow | (7.5) | Dec, 04 2022 | Tenda | Link |
Tenda i21 setSysPwd stack-based overflow | (7.5) | Dec, 04 2022 | Tenda | Link |
Tenda i21 setSnmpInfo buffer overflow | (7.5) | Dec, 04 2022 | Tenda | Link |
Tenda i21 AddSysLogRule buffer overflow | (7.5) | Dec, 04 2022 | Tenda | Link |
SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload | (7.9) | Dec, 04 2022 | SourceCodester | Link |
Veritas NetBackup Flex Scale sandbox | (8.8) | Dec, 04 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Management Portal Remote Code Execution | (9.8) | Dec, 04 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Management Portal Privilege Escalation | (8.8) | Dec, 04 2022 | Veritas | Link |
Veritas NetBackup Flex Scale privileges management | (8.8) | Dec, 04 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Installation hard-coded password | (8.8) | Dec, 04 2022 | Veritas | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Dec, 05 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Dec, 05 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Dec, 05 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Dec, 05 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Dec, 05 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Dec, 05 2022 | Acer | Link |
School Management System sql injection | (7.7) | Dec, 05 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Dec, 05 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Dec, 05 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Dec, 05 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Dec, 05 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Dec, 05 2022 | PuneethReddyHC | Link |
Microsoft Edge GPU heap-based overflow | (7.8) | Dec, 05 2022 | Microsoft | Link |
Tribal Systems Zenario CMS Privilege Escalation | (8.0) | Dec, 05 2022 | Tribal | Link |
oretnom23 Simple Inventory Management System login.php sql injection | (7.5) | Dec, 05 2022 | oretnom23 | Link |
SourceCodester Book Store Management System index.php access control | (7.9) | Dec, 05 2022 | SourceCodester | Link |
owncast sql injection | (8.2) | Dec, 05 2022 | owncast | Link |
Book Store Management System Admin Panel hard-coded credentials | (7.9) | Dec, 05 2022 | Book | Link |
Sanitization Management System Admin Panel hard-coded credentials | (7.9) | Dec, 05 2022 | Sanitization | Link |
OP-TEE Trusted OS cleanup_shm_refs array index | (7.8) | Dec, 05 2022 | OP-TEE | Link |
Symantec Endpoint Protection privileges management | (7.6) | Dec, 05 2022 | Symantec | Link |
asith-eranga ISIC Tour Booking controller.php sql injection | (7.9) | Dec, 05 2022 | asith-eranga | Link |
Asus NAS-M25 Cookie os command injection | (9.8) | Dec, 05 2022 | Asus | Link |
Rocket TRUfusion Enterprise JSP File unrestricted upload | (7.9) | Dec, 05 2022 | Rocket | Link |
Festo VTEM-S1 insufficient technical documentation | (9.6) | Dec, 05 2022 | Festo | Link |
SnakeYAML Constructor deserialization | (8.1) | Dec, 05 2022 | SnakeYAML | Link |
ff4j Privilege Escalation | (8.0) | Dec, 05 2022 | ff4j | Link |
discourse-bbcode CSS injection | (8.2) | Dec, 05 2022 | discourse-bbcode | Link |
Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization | (8.3) | Dec, 05 2022 | Xiongmai | Link |
vim heap-based overflow | (7.9) | Dec, 05 2022 | vim | Link |
Rukovoditel sql injection | (7.5) | Dec, 05 2022 | Rukovoditel | Link |
Horner Automation RCC 972 hard-coded key | (9.6) | Dec, 05 2022 | Horner | Link |
Capsule authorization | (8.6) | Dec, 05 2022 | Capsule | Link |
webTareas phasesets.php sql injection | (7.6) | Dec, 05 2022 | webTareas | Link |
webTareas deleteapprovalstages.php sql injection | (7.6) | Dec, 05 2022 | webTareas | Link |
Tenda i21 setUplinkInfo buffer overflow | (7.5) | Dec, 05 2022 | Tenda | Link |
Tenda i21 setSysPwd stack-based overflow | (7.5) | Dec, 05 2022 | Tenda | Link |
Tenda i21 setSnmpInfo buffer overflow | (7.5) | Dec, 05 2022 | Tenda | Link |
Tenda i21 AddSysLogRule buffer overflow | (7.5) | Dec, 05 2022 | Tenda | Link |
SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload | (7.9) | Dec, 05 2022 | SourceCodester | Link |
Veritas NetBackup Flex Scale sandbox | (8.8) | Dec, 05 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Management Portal Remote Code Execution | (9.8) | Dec, 05 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Management Portal Privilege Escalation | (8.8) | Dec, 05 2022 | Veritas | Link |
Veritas NetBackup Flex Scale privileges management | (8.8) | Dec, 05 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Installation hard-coded password | (8.8) | Dec, 05 2022 | Veritas | Link |
Nadesiko3 Nako3edit os command injection | (8.0) | Dec, 05 2022 | Nadesiko3 | Link |
Nadesiko3 os command injection | (8.0) | Dec, 05 2022 | Nadesiko3 | Link |
Proxmox Virtual Environment/Mail Gateway HTTP Request server-side request forgery | (7.9) | Dec, 05 2022 | Proxmox | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Dec, 06 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Dec, 06 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Dec, 06 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Dec, 06 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Dec, 06 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Dec, 06 2022 | Acer | Link |
School Management System sql injection | (7.7) | Dec, 06 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Dec, 06 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Dec, 06 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Dec, 06 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Dec, 06 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Dec, 06 2022 | PuneethReddyHC | Link |
Microsoft Edge GPU heap-based overflow | (7.8) | Dec, 06 2022 | Microsoft | Link |
Tribal Systems Zenario CMS Privilege Escalation | (8.0) | Dec, 06 2022 | Tribal | Link |
oretnom23 Simple Inventory Management System login.php sql injection | (7.5) | Dec, 06 2022 | oretnom23 | Link |
SourceCodester Book Store Management System index.php access control | (7.9) | Dec, 06 2022 | SourceCodester | Link |
owncast sql injection | (8.2) | Dec, 06 2022 | owncast | Link |
Book Store Management System Admin Panel hard-coded credentials | (7.9) | Dec, 06 2022 | Book | Link |
Sanitization Management System Admin Panel hard-coded credentials | (7.9) | Dec, 06 2022 | Sanitization | Link |
OP-TEE Trusted OS cleanup_shm_refs array index | (7.8) | Dec, 06 2022 | OP-TEE | Link |
Symantec Endpoint Protection privileges management | (7.6) | Dec, 06 2022 | Symantec | Link |
asith-eranga ISIC Tour Booking controller.php sql injection | (7.9) | Dec, 06 2022 | asith-eranga | Link |
Asus NAS-M25 Cookie os command injection | (9.8) | Dec, 06 2022 | Asus | Link |
Rocket TRUfusion Enterprise JSP File unrestricted upload | (7.9) | Dec, 06 2022 | Rocket | Link |
Festo VTEM-S1 insufficient technical documentation | (9.6) | Dec, 06 2022 | Festo | Link |
SnakeYAML Constructor deserialization | (8.1) | Dec, 06 2022 | SnakeYAML | Link |
ff4j Privilege Escalation | (8.0) | Dec, 06 2022 | ff4j | Link |
discourse-bbcode CSS injection | (8.2) | Dec, 06 2022 | discourse-bbcode | Link |
Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization | (8.3) | Dec, 06 2022 | Xiongmai | Link |
vim heap-based overflow | (7.9) | Dec, 06 2022 | vim | Link |
Rukovoditel sql injection | (7.5) | Dec, 06 2022 | Rukovoditel | Link |
Horner Automation RCC 972 hard-coded key | (9.6) | Dec, 06 2022 | Horner | Link |
Capsule authorization | (8.6) | Dec, 06 2022 | Capsule | Link |
webTareas phasesets.php sql injection | (7.6) | Dec, 06 2022 | webTareas | Link |
webTareas deleteapprovalstages.php sql injection | (7.6) | Dec, 06 2022 | webTareas | Link |
Tenda i21 setUplinkInfo buffer overflow | (7.5) | Dec, 06 2022 | Tenda | Link |
Tenda i21 setSysPwd stack-based overflow | (7.5) | Dec, 06 2022 | Tenda | Link |
Tenda i21 setSnmpInfo buffer overflow | (7.5) | Dec, 06 2022 | Tenda | Link |
Tenda i21 AddSysLogRule buffer overflow | (7.5) | Dec, 06 2022 | Tenda | Link |
SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload | (7.9) | Dec, 06 2022 | SourceCodester | Link |
Veritas NetBackup Flex Scale sandbox | (8.8) | Dec, 06 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Management Portal Remote Code Execution | (9.8) | Dec, 06 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Management Portal Privilege Escalation | (8.8) | Dec, 06 2022 | Veritas | Link |
Veritas NetBackup Flex Scale privileges management | (8.8) | Dec, 06 2022 | Veritas | Link |
Veritas NetBackup Flex Scale/Access Appliance Installation hard-coded password | (8.8) | Dec, 06 2022 | Veritas | Link |
Nadesiko3 Nako3edit os command injection | (8.0) | Dec, 06 2022 | Nadesiko3 | Link |
Nadesiko3 os command injection | (8.0) | Dec, 06 2022 | Nadesiko3 | Link |
Proxmox Virtual Environment/Mail Gateway HTTP Request server-side request forgery | (7.9) | Dec, 06 2022 | Proxmox | Link |
Seagate Central NAS STCG4000300 Web-Management Application mv_backend_helper.php mv_backend_launch os command injection | (7.5) | Dec, 06 2022 | Seagate | Link |
Google Android integer overflow | (8.4) | Dec, 06 2022 | Link | |
Google Android Remote Code Execution | (8.6) | Dec, 06 2022 | Link | |
Google Android array index | (8.4) | Dec, 06 2022 | Link | |
hope-boot deserialization | (8.0) | Dec, 07 2022 | hope-boot | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (9.0) | Dec, 07 2022 | PaddlePaddle | Link |
Itd-inc bingo!CMS improper authentication | (8.5) | Dec, 07 2022 | Itd-inc | Link |
Buffalo WHR-HP-G300N improper authentication | (7.5) | Dec, 07 2022 | Buffalo | Link |
Markdown Preview Enhanced GFM Export os command injection | (7.6) | Dec, 07 2022 | Markdown | Link |
Markdown Preview Enhanced PDF File Import command injection | (7.6) | Dec, 07 2022 | Markdown | Link |
ARMember premium Plugin privileges management | (8.6) | Dec, 07 2022 | ARMember | Link |
hope-boot deserialization | (8.0) | Dec, 08 2022 | hope-boot | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (9.0) | Dec, 08 2022 | PaddlePaddle | Link |
Itd-inc bingo!CMS improper authentication | (8.5) | Dec, 08 2022 | Itd-inc | Link |
Buffalo WHR-HP-G300N improper authentication | (7.5) | Dec, 08 2022 | Buffalo | Link |
Markdown Preview Enhanced GFM Export os command injection | (7.6) | Dec, 08 2022 | Markdown | Link |
Markdown Preview Enhanced PDF File Import command injection | (7.6) | Dec, 08 2022 | Markdown | Link |
ARMember premium Plugin privileges management | (8.6) | Dec, 08 2022 | ARMember | Link |
hope-boot deserialization | (8.0) | Dec, 09 2022 | hope-boot | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (9.0) | Dec, 09 2022 | PaddlePaddle | Link |
Itd-inc bingo!CMS improper authentication | (8.5) | Dec, 09 2022 | Itd-inc | Link |
Buffalo WHR-HP-G300N improper authentication | (7.5) | Dec, 09 2022 | Buffalo | Link |
Markdown Preview Enhanced GFM Export os command injection | (7.6) | Dec, 09 2022 | Markdown | Link |
Markdown Preview Enhanced PDF File Import command injection | (7.6) | Dec, 09 2022 | Markdown | Link |
ARMember premium Plugin privileges management | (8.6) | Dec, 09 2022 | ARMember | Link |
Brocade Fabric OS os command injection | (8.5) | Dec, 09 2022 | Brocade | Link |
hope-boot deserialization | (8.0) | Dec, 10 2022 | hope-boot | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (9.0) | Dec, 10 2022 | PaddlePaddle | Link |
Itd-inc bingo!CMS improper authentication | (8.5) | Dec, 10 2022 | Itd-inc | Link |
Buffalo WHR-HP-G300N improper authentication | (7.5) | Dec, 10 2022 | Buffalo | Link |
Markdown Preview Enhanced GFM Export os command injection | (7.6) | Dec, 10 2022 | Markdown | Link |
Markdown Preview Enhanced PDF File Import command injection | (7.6) | Dec, 10 2022 | Markdown | Link |
ARMember premium Plugin privileges management | (8.6) | Dec, 10 2022 | ARMember | Link |
Brocade Fabric OS os command injection | (8.5) | Dec, 10 2022 | Brocade | Link |
snap-confine must_mkdir_and_open_with_perms race condition | (7.5) | Dec, 10 2022 | snap-confine | Link |
CHICKEN EGG File egg-compile.scm os command injection | (7.5) | Dec, 10 2022 | CHICKEN | Link |
Zephyr IF Statement smp_check_keys state issue | (8.6) | Dec, 10 2022 | Zephyr | Link |
Netgear RAX30 AX2400 IPv6 access control | (8.5) | Dec, 10 2022 | Netgear | Link |
VMware ESXi/Cloud Foundation ESXi Network Socket memory corruption | (7.5) | Dec, 10 2022 | VMware | Link |
cube-js sql-runner sql injection | (8.1) | Dec, 10 2022 | cube-js | Link |
Marc Lehmann rxvt-unicode Perl Background Extension injection | (8.0) | Dec, 10 2022 | Marc | Link |
hope-boot deserialization | (8.0) | Dec, 11 2022 | hope-boot | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (9.0) | Dec, 11 2022 | PaddlePaddle | Link |
Itd-inc bingo!CMS improper authentication | (8.5) | Dec, 11 2022 | Itd-inc | Link |
Buffalo WHR-HP-G300N improper authentication | (7.5) | Dec, 11 2022 | Buffalo | Link |
Markdown Preview Enhanced GFM Export os command injection | (7.6) | Dec, 11 2022 | Markdown | Link |
Markdown Preview Enhanced PDF File Import command injection | (7.6) | Dec, 11 2022 | Markdown | Link |
ARMember premium Plugin privileges management | (8.6) | Dec, 11 2022 | ARMember | Link |
Brocade Fabric OS os command injection | (8.5) | Dec, 11 2022 | Brocade | Link |
snap-confine must_mkdir_and_open_with_perms race condition | (7.5) | Dec, 11 2022 | snap-confine | Link |
CHICKEN EGG File egg-compile.scm os command injection | (7.5) | Dec, 11 2022 | CHICKEN | Link |
Zephyr IF Statement smp_check_keys state issue | (8.6) | Dec, 11 2022 | Zephyr | Link |
Netgear RAX30 AX2400 IPv6 access control | (8.5) | Dec, 11 2022 | Netgear | Link |
VMware ESXi/Cloud Foundation ESXi Network Socket memory corruption | (7.5) | Dec, 11 2022 | VMware | Link |
cube-js sql-runner sql injection | (8.1) | Dec, 11 2022 | cube-js | Link |
Marc Lehmann rxvt-unicode Perl Background Extension injection | (8.0) | Dec, 11 2022 | Marc | Link |
Rockwell Automation CompactLogix Network Message denial of service | (7.8) | Dec, 11 2022 | Rockwell | Link |
hope-boot deserialization | (8.0) | Dec, 12 2022 | hope-boot | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (9.0) | Dec, 12 2022 | PaddlePaddle | Link |
Itd-inc bingo!CMS improper authentication | (8.5) | Dec, 12 2022 | Itd-inc | Link |
Buffalo WHR-HP-G300N improper authentication | (7.5) | Dec, 12 2022 | Buffalo | Link |
Markdown Preview Enhanced GFM Export os command injection | (7.6) | Dec, 12 2022 | Markdown | Link |
Markdown Preview Enhanced PDF File Import command injection | (7.6) | Dec, 12 2022 | Markdown | Link |
ARMember premium Plugin privileges management | (8.6) | Dec, 12 2022 | ARMember | Link |
Brocade Fabric OS os command injection | (8.5) | Dec, 12 2022 | Brocade | Link |
snap-confine must_mkdir_and_open_with_perms race condition | (7.5) | Dec, 12 2022 | snap-confine | Link |
CHICKEN EGG File egg-compile.scm os command injection | (7.5) | Dec, 12 2022 | CHICKEN | Link |
Zephyr IF Statement smp_check_keys state issue | (8.6) | Dec, 12 2022 | Zephyr | Link |
Netgear RAX30 AX2400 IPv6 access control | (8.5) | Dec, 12 2022 | Netgear | Link |
VMware ESXi/Cloud Foundation ESXi Network Socket memory corruption | (7.5) | Dec, 12 2022 | VMware | Link |
cube-js sql-runner sql injection | (8.1) | Dec, 12 2022 | cube-js | Link |
Marc Lehmann rxvt-unicode Perl Background Extension injection | (8.0) | Dec, 12 2022 | Marc | Link |
Rockwell Automation CompactLogix Network Message denial of service | (7.8) | Dec, 12 2022 | Rockwell | Link |
IFM Moneo Appliance password recovery | (8.1) | Dec, 12 2022 | IFM | Link |
Devolutions Remote Desktop Manager Azure SQL Data Source Privilege Escalation | (7.5) | Dec, 12 2022 | Devolutions | Link |
hope-boot deserialization | (8.0) | Dec, 13 2022 | hope-boot | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (9.0) | Dec, 13 2022 | PaddlePaddle | Link |
Itd-inc bingo!CMS improper authentication | (8.5) | Dec, 13 2022 | Itd-inc | Link |
Buffalo WHR-HP-G300N improper authentication | (7.5) | Dec, 13 2022 | Buffalo | Link |
Markdown Preview Enhanced GFM Export os command injection | (7.6) | Dec, 13 2022 | Markdown | Link |
Markdown Preview Enhanced PDF File Import command injection | (7.6) | Dec, 13 2022 | Markdown | Link |
ARMember premium Plugin privileges management | (8.6) | Dec, 13 2022 | ARMember | Link |
Brocade Fabric OS os command injection | (8.5) | Dec, 13 2022 | Brocade | Link |
snap-confine must_mkdir_and_open_with_perms race condition | (7.5) | Dec, 13 2022 | snap-confine | Link |
CHICKEN EGG File egg-compile.scm os command injection | (7.5) | Dec, 13 2022 | CHICKEN | Link |
Zephyr IF Statement smp_check_keys state issue | (8.6) | Dec, 13 2022 | Zephyr | Link |
Netgear RAX30 AX2400 IPv6 access control | (8.5) | Dec, 13 2022 | Netgear | Link |
VMware ESXi/Cloud Foundation ESXi Network Socket memory corruption | (7.5) | Dec, 13 2022 | VMware | Link |
cube-js sql-runner sql injection | (8.1) | Dec, 13 2022 | cube-js | Link |
Marc Lehmann rxvt-unicode Perl Background Extension injection | (8.0) | Dec, 13 2022 | Marc | Link |
Rockwell Automation CompactLogix Network Message denial of service | (7.8) | Dec, 13 2022 | Rockwell | Link |
IFM Moneo Appliance password recovery | (8.1) | Dec, 13 2022 | IFM | Link |
Devolutions Remote Desktop Manager Azure SQL Data Source Privilege Escalation | (7.5) | Dec, 13 2022 | Devolutions | Link |
Qualcomm Snapdragon Mobile/Snapdragon Wearables SPI Bus memory corruption | (8.5) | Dec, 13 2022 | Qualcomm | Link |
Qualcomm Snapdragon Mobile/Snapdragon Wearables i2c Driver memory corruption | (7.9) | Dec, 13 2022 | Qualcomm | Link |
Citrix ADC/Gateway resource control | (9.6) | Dec, 13 2022 | Citrix | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 16 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 16 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 16 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 16 2022 | Broadcom | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 17 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 17 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 17 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 17 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 17 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 17 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 17 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 17 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 17 2022 | PAX | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 18 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 18 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 18 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 18 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 18 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 18 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 18 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 18 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 18 2022 | PAX | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 19 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 19 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 19 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 19 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 19 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 19 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 19 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 19 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 19 2022 | PAX | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 20 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 20 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 20 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 20 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 20 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 20 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 20 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 20 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 20 2022 | PAX | Link |
Baijiacms common.inc.php code injection | (7.5) | Dec, 20 2022 | Baijiacms | Link |
Apache Airflow Hive Provider. command injection | (7.5) | Dec, 20 2022 | Apache | Link |
pdftojson makeFilter stack-based overflow | (7.6) | Dec, 20 2022 | pdftojson | Link |
pdftojson Object.cc copy(Object*) stack-based overflow | (7.6) | Dec, 20 2022 | pdftojson | Link |
safe-eval safeEval prototype pollution | (8.2) | Dec, 20 2022 | safe-eval | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 20 2022 | Zoho | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 20 2022 | Zoho | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 21 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 21 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 21 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 21 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 21 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 21 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 21 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 21 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 21 2022 | PAX | Link |
Baijiacms common.inc.php code injection | (7.5) | Dec, 21 2022 | Baijiacms | Link |
Apache Airflow Hive Provider. command injection | (7.5) | Dec, 21 2022 | Apache | Link |
pdftojson makeFilter stack-based overflow | (7.6) | Dec, 21 2022 | pdftojson | Link |
pdftojson Object.cc copy(Object*) stack-based overflow | (7.6) | Dec, 21 2022 | pdftojson | Link |
safe-eval safeEval prototype pollution | (8.2) | Dec, 21 2022 | safe-eval | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 21 2022 | Zoho | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 21 2022 | Zoho | Link |
Apache Karaf JDBC JNDI URL doCreateDatasource injection | (7.9) | Dec, 21 2022 | Apache | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 22 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 22 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 22 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 22 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 22 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 22 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 22 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 22 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 22 2022 | PAX | Link |
Baijiacms common.inc.php code injection | (7.5) | Dec, 22 2022 | Baijiacms | Link |
Apache Airflow Hive Provider. command injection | (7.5) | Dec, 22 2022 | Apache | Link |
pdftojson makeFilter stack-based overflow | (7.6) | Dec, 22 2022 | pdftojson | Link |
pdftojson Object.cc copy(Object*) stack-based overflow | (7.6) | Dec, 22 2022 | pdftojson | Link |
safe-eval safeEval prototype pollution | (8.2) | Dec, 22 2022 | safe-eval | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 22 2022 | Zoho | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 22 2022 | Zoho | Link |
Apache Karaf JDBC JNDI URL doCreateDatasource injection | (7.9) | Dec, 22 2022 | Apache | Link |
Mozilla Thunderbird Angle Remote Code Execution | (7.9) | Dec, 22 2022 | Mozilla | Link |
Mozilla Firefox Angle Remote Code Execution | (7.9) | Dec, 22 2022 | Mozilla | Link |
Mozilla Thunderbird memory corruption | (7.9) | Dec, 22 2022 | Mozilla | Link |
Mozilla Firefox memory corruption | (7.9) | Dec, 22 2022 | Mozilla | Link |
AyaCMS fst_down.inc.php unrestricted upload | (7.6) | Dec, 22 2022 | AyaCMS | Link |
Apache ShardingSphere-Proxy Client Authentication cleanup | (7.5) | Dec, 22 2022 | Apache | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 23 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 23 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 23 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 23 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 23 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 23 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 23 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 23 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 23 2022 | PAX | Link |
Baijiacms common.inc.php code injection | (7.5) | Dec, 23 2022 | Baijiacms | Link |
Apache Airflow Hive Provider. command injection | (7.5) | Dec, 23 2022 | Apache | Link |
pdftojson makeFilter stack-based overflow | (7.6) | Dec, 23 2022 | pdftojson | Link |
pdftojson Object.cc copy(Object*) stack-based overflow | (7.6) | Dec, 23 2022 | pdftojson | Link |
safe-eval safeEval prototype pollution | (8.2) | Dec, 23 2022 | safe-eval | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 23 2022 | Zoho | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 23 2022 | Zoho | Link |
Apache Karaf JDBC JNDI URL doCreateDatasource injection | (7.9) | Dec, 23 2022 | Apache | Link |
Mozilla Thunderbird Angle Remote Code Execution | (7.9) | Dec, 23 2022 | Mozilla | Link |
Mozilla Firefox Angle Remote Code Execution | (7.9) | Dec, 23 2022 | Mozilla | Link |
Mozilla Thunderbird memory corruption | (7.9) | Dec, 23 2022 | Mozilla | Link |
Mozilla Firefox memory corruption | (7.9) | Dec, 23 2022 | Mozilla | Link |
AyaCMS fst_down.inc.php unrestricted upload | (7.6) | Dec, 23 2022 | AyaCMS | Link |
Apache ShardingSphere-Proxy Client Authentication cleanup | (7.5) | Dec, 23 2022 | Apache | Link |
D-Link DIR-846 SetAutoUpgradeInfo command injection | (7.7) | Dec, 23 2022 | D-Link | Link |
D-Link DIR-846 SetIpMacBindSettings command injection | (7.6) | Dec, 23 2022 | D-Link | Link |
Linux Kernel ksmbd smb2pdu.c smb2_tree_disconnect use after free | (8.7) | Dec, 23 2022 | Linux | Link |
usememos access control | (7.7) | Dec, 23 2022 | usememos | Link |
usememos improper authorization | (7.9) | Dec, 23 2022 | usememos | Link |
usememos improper authentication | (8.5) | Dec, 23 2022 | usememos | Link |
usememos access control | (7.5) | Dec, 23 2022 | usememos | Link |
Netgear Nighthawk httpsniff Service command injection | (8.6) | Dec, 24 2022 | Netgear | Link |
Rockwell Automation MicroLogix 1100/MicroLogix 1400 TCP Packet denial of service | (7.5) | Dec, 24 2022 | Rockwell | Link |
Google Android Privilege Escalation | (7.5) | Dec, 24 2022 | Link | |
Broadcom Symantec Identity Manager Management Console xml external entity reference | (7.5) | Dec, 24 2022 | Broadcom | Link |
Rockwell Automation GuardLogix/ControlLogix CIP Request denial of service | (7.9) | Dec, 24 2022 | Rockwell | Link |
Mutiny hard-coded password | (7.6) | Dec, 24 2022 | Mutiny | Link |
y_project Ruoyi Shiro Framework deserialization | (7.9) | Dec, 24 2022 | y_project | Link |
SourceCodester Online Grading System sql injection | (7.7) | Dec, 24 2022 | SourceCodester | Link |
PAX Technology A930 PayDroid systool_server os command injection | (7.9) | Dec, 24 2022 | PAX | Link |
Baijiacms common.inc.php code injection | (7.5) | Dec, 24 2022 | Baijiacms | Link |
Apache Airflow Hive Provider. command injection | (7.5) | Dec, 24 2022 | Apache | Link |
pdftojson makeFilter stack-based overflow | (7.6) | Dec, 24 2022 | pdftojson | Link |
pdftojson Object.cc copy(Object*) stack-based overflow | (7.6) | Dec, 24 2022 | pdftojson | Link |
safe-eval safeEval prototype pollution | (8.2) | Dec, 24 2022 | safe-eval | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 24 2022 | Zoho | Link |
Zoho ManageEngine Device Control Plus Endpoint Protection Agent access control | (7.9) | Dec, 24 2022 | Zoho | Link |
Apache Karaf JDBC JNDI URL doCreateDatasource injection | (7.9) | Dec, 24 2022 | Apache | Link |
Mozilla Thunderbird Angle Remote Code Execution | (7.9) | Dec, 24 2022 | Mozilla | Link |
Mozilla Firefox Angle Remote Code Execution | (7.9) | Dec, 24 2022 | Mozilla | Link |
Mozilla Thunderbird memory corruption | (7.9) | Dec, 24 2022 | Mozilla | Link |
Mozilla Firefox memory corruption | (7.9) | Dec, 24 2022 | Mozilla | Link |
AyaCMS fst_down.inc.php unrestricted upload | (7.6) | Dec, 24 2022 | AyaCMS | Link |
Apache ShardingSphere-Proxy Client Authentication cleanup | (7.5) | Dec, 24 2022 | Apache | Link |
D-Link DIR-846 SetAutoUpgradeInfo command injection | (7.7) | Dec, 24 2022 | D-Link | Link |
D-Link DIR-846 SetIpMacBindSettings command injection | (7.6) | Dec, 24 2022 | D-Link | Link |
Linux Kernel ksmbd smb2pdu.c smb2_tree_disconnect use after free | (8.7) | Dec, 24 2022 | Linux | Link |
usememos access control | (7.7) | Dec, 24 2022 | usememos | Link |
usememos improper authorization | (7.9) | Dec, 24 2022 | usememos | Link |
usememos improper authentication | (8.5) | Dec, 24 2022 | usememos | Link |
usememos access control | (7.5) | Dec, 24 2022 | usememos | Link |
ThinkPHP Language Pack pearcmd.php file inclusion | (8.4) | Dec, 24 2022 | ThinkPHP | Link |
IP-COM M50 formDelWewifiPic buffer overflow | (7.6) | Dec, 24 2022 | IP-COM | Link |
IP-COM M50 formPortalAuth buffer overflow | (7.6) | Dec, 24 2022 | IP-COM | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Dec, 25 2022 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Dec, 25 2022 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Dec, 25 2022 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Dec, 25 2022 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Dec, 25 2022 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Dec, 25 2022 | Nintendo | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Dec, 26 2022 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Dec, 26 2022 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Dec, 26 2022 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Dec, 26 2022 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Dec, 26 2022 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Dec, 26 2022 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Dec, 26 2022 | fastrack | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Dec, 27 2022 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Dec, 27 2022 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Dec, 27 2022 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Dec, 27 2022 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Dec, 27 2022 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Dec, 27 2022 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Dec, 27 2022 | fastrack | Link |
ikus060 rdiffweb access control | (8.4) | Dec, 27 2022 | ikus060 | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Dec, 28 2022 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Dec, 28 2022 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Dec, 28 2022 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Dec, 28 2022 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Dec, 28 2022 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Dec, 28 2022 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Dec, 28 2022 | fastrack | Link |
ikus060 rdiffweb access control | (8.4) | Dec, 28 2022 | ikus060 | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 28 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 28 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 28 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 28 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 28 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 28 2022 | D-Link | Link |
usememos unknown vulnerability | (7.8) | Dec, 28 2022 | usememos | Link |
usememos access control | (7.7) | Dec, 28 2022 | usememos | Link |
usememos access control | (7.6) | Dec, 28 2022 | usememos | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Dec, 29 2022 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Dec, 29 2022 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Dec, 29 2022 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Dec, 29 2022 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Dec, 29 2022 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Dec, 29 2022 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Dec, 29 2022 | fastrack | Link |
ikus060 rdiffweb access control | (8.4) | Dec, 29 2022 | ikus060 | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 29 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 29 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 29 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 29 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 29 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 29 2022 | D-Link | Link |
usememos unknown vulnerability | (7.8) | Dec, 29 2022 | usememos | Link |
usememos access control | (7.7) | Dec, 29 2022 | usememos | Link |
usememos access control | (7.6) | Dec, 29 2022 | usememos | Link |
Elvexys StreamX HTML Component improper authentication | (7.5) | Dec, 29 2022 | Elvexys | Link |
X.org X11 Server XkbCopyNames double free | (8.8) | Dec, 29 2022 | X.org | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Dec, 30 2022 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Dec, 30 2022 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Dec, 30 2022 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Dec, 30 2022 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Dec, 30 2022 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Dec, 30 2022 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Dec, 30 2022 | fastrack | Link |
ikus060 rdiffweb access control | (8.4) | Dec, 30 2022 | ikus060 | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 30 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 30 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 30 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 30 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 30 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 30 2022 | D-Link | Link |
usememos unknown vulnerability | (7.8) | Dec, 30 2022 | usememos | Link |
usememos access control | (7.7) | Dec, 30 2022 | usememos | Link |
usememos access control | (7.6) | Dec, 30 2022 | usememos | Link |
Elvexys StreamX HTML Component improper authentication | (7.5) | Dec, 30 2022 | Elvexys | Link |
X.org X11 Server XkbCopyNames double free | (8.8) | Dec, 30 2022 | X.org | Link |
Apache Kylin Diagnosis Controller command injection | (7.9) | Dec, 30 2022 | Apache | Link |
Netgear RAX40 buffer overflow | (7.8) | Dec, 30 2022 | Netgear | Link |
SourceCodester School Dormitory Management System Admin Login sql injection | (7.9) | Dec, 31 2022 | SourceCodester | Link |
SourceCodester Blood Bank Management System login.php sql injection | (7.9) | Dec, 31 2022 | SourceCodester | Link |
Heimdal ASN.1 Codec Privilege Escalation | (7.9) | Dec, 31 2022 | Heimdal | Link |
Simmeth Lieferantenmanager MSSQL xp_cmdshell sql injection | (7.5) | Dec, 31 2022 | Simmeth | Link |
Simmeth Lieferantenmanager API Call improper authentication | (7.5) | Dec, 31 2022 | Simmeth | Link |
Nintendo NetworkBuffer UDP Packet buffer overflow | (8.5) | Dec, 31 2022 | Nintendo | Link |
fastrack Reflex Firmware Update data authenticity | (8.2) | Dec, 31 2022 | fastrack | Link |
ikus060 rdiffweb access control | (8.4) | Dec, 31 2022 | ikus060 | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 31 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 31 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 31 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 31 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 31 2022 | D-Link | Link |
D-Link DIR-825 xupnpd command injection | (8.8) | Dec, 31 2022 | D-Link | Link |
usememos unknown vulnerability | (7.8) | Dec, 31 2022 | usememos | Link |
usememos access control | (7.7) | Dec, 31 2022 | usememos | Link |
usememos access control | (7.6) | Dec, 31 2022 | usememos | Link |
Elvexys StreamX HTML Component improper authentication | (7.5) | Dec, 31 2022 | Elvexys | Link |
X.org X11 Server XkbCopyNames double free | (8.8) | Dec, 31 2022 | X.org | Link |
Apache Kylin Diagnosis Controller command injection | (7.9) | Dec, 31 2022 | Apache | Link |
Netgear RAX40 buffer overflow | (7.8) | Dec, 31 2022 | Netgear | Link |
usememos cross site scripting | (7.6) | Dec, 31 2022 | usememos | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
Tenda Tenda A15 WifiBasicSet stack-based overflow | (7.6) | Dec, 31 2022 | Tenda | Link |
TRENDnet TEW755AP icp_setbg_img stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_24g stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP icp_setlogo_img stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_5g command injection | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP setup_wizard_mydlink command injection | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP icp_delete_img stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP auto_up_fw stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP do_sta_enrollee_wifi stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP set_sta_enrollee_pin_5g stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP reject stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
TRENDnet TEW755AP tools_netstat stack-based overflow | (7.6) | Dec, 31 2022 | TRENDnet | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 02 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 02 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 02 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 02 2022 | xmldom | Link |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 03 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 03 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 03 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 03 2022 | xmldom | Link |
Tenda AC23 formSetFirewallCfg stack-based overflow | (9.3) | Nov, 03 2022 | Tenda | Link |
Tenda AC23 setSmartPowerManagement stack-based overflow | (9.3) | Nov, 03 2022 | Tenda | Link |
Tenda AC23 setSchedWifi stack-based overflow | (8.9) | Nov, 03 2022 | Tenda | Link |
Tenda AC23 fromSetWifiGusetBasic stack-based overflow | (9.3) | Nov, 03 2022 | Tenda | Link |
Tenda AC23 fromSetWirelessRepeat stack-based overflow | (8.9) | Nov, 03 2022 | Tenda | Link |
Tenda AC23 Parameter formSetQosBand out-of-bounds write | (9.3) | Nov, 03 2022 | Tenda | Link |
Tenda AC23 fromSetSysTime out-of-bounds write | (9.3) | Nov, 03 2022 | Tenda | Link |
Tenda AC23 formSetDeviceName out-of-bounds write | (8.2) | Nov, 03 2022 | Tenda | Link |
Keystone Environment Variable injection | (8.4) | Nov, 03 2022 | Keystone | Link |
D-Link DIR-823G Packet SetNetworkTomographySettings command injection | (7.6) | Nov, 03 2022 | D-Link | Link |
GLPI API REST sql injection | (7.5) | Nov, 03 2022 | GLPI | Link |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 04 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 04 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 04 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 04 2022 | xmldom | Link |
Tenda AC23 formSetFirewallCfg stack-based overflow | (9.3) | Nov, 04 2022 | Tenda | Link |
Tenda AC23 setSmartPowerManagement stack-based overflow | (9.3) | Nov, 04 2022 | Tenda | Link |
Tenda AC23 setSchedWifi stack-based overflow | (8.9) | Nov, 04 2022 | Tenda | Link |
Tenda AC23 fromSetWifiGusetBasic stack-based overflow | (9.3) | Nov, 04 2022 | Tenda | Link |
Tenda AC23 fromSetWirelessRepeat stack-based overflow | (8.9) | Nov, 04 2022 | Tenda | Link |
Tenda AC23 Parameter formSetQosBand out-of-bounds write | (9.3) | Nov, 04 2022 | Tenda | Link |
Tenda AC23 fromSetSysTime out-of-bounds write | (9.3) | Nov, 04 2022 | Tenda | Link |
Tenda AC23 formSetDeviceName out-of-bounds write | (8.2) | Nov, 04 2022 | Tenda | Link |
Keystone Environment Variable injection | (8.4) | Nov, 04 2022 | Keystone | Link |
D-Link DIR-823G Packet SetNetworkTomographySettings command injection | (7.6) | Nov, 04 2022 | D-Link | Link |
GLPI API REST sql injection | (7.5) | Nov, 04 2022 | GLPI | Link |
Zoho ManageEngine ServiceDesk Plus exportMickeyList input validation | (8.6) | Nov, 04 2022 | Zoho | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 04 2022 | D-Link | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 04 2022 | D-Link | Link |
D-Link DIR-1935 stack-based overflow | (8.4) | Nov, 04 2022 | D-Link | Link |
Apache Commons BCEL API out-of-bounds | (7.5) | Nov, 04 2022 | Apache | Link |
D-Link DIR-1935 SOAPAction stack-based overflow | (8.4) | Nov, 04 2022 | D-Link | Link |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 05 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 05 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 05 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 05 2022 | xmldom | Link |
Tenda AC23 formSetFirewallCfg stack-based overflow | (9.3) | Nov, 05 2022 | Tenda | Link |
Tenda AC23 setSmartPowerManagement stack-based overflow | (9.3) | Nov, 05 2022 | Tenda | Link |
Tenda AC23 setSchedWifi stack-based overflow | (8.9) | Nov, 05 2022 | Tenda | Link |
Tenda AC23 fromSetWifiGusetBasic stack-based overflow | (9.3) | Nov, 05 2022 | Tenda | Link |
Tenda AC23 fromSetWirelessRepeat stack-based overflow | (8.9) | Nov, 05 2022 | Tenda | Link |
Tenda AC23 Parameter formSetQosBand out-of-bounds write | (9.3) | Nov, 05 2022 | Tenda | Link |
Tenda AC23 fromSetSysTime out-of-bounds write | (9.3) | Nov, 05 2022 | Tenda | Link |
Tenda AC23 formSetDeviceName out-of-bounds write | (8.2) | Nov, 05 2022 | Tenda | Link |
Keystone Environment Variable injection | (8.4) | Nov, 05 2022 | Keystone | Link |
D-Link DIR-823G Packet SetNetworkTomographySettings command injection | (7.6) | Nov, 05 2022 | D-Link | Link |
GLPI API REST sql injection | (7.5) | Nov, 05 2022 | GLPI | Link |
Zoho ManageEngine ServiceDesk Plus exportMickeyList input validation | (8.6) | Nov, 05 2022 | Zoho | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 05 2022 | D-Link | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 05 2022 | D-Link | Link |
D-Link DIR-1935 stack-based overflow | (8.4) | Nov, 05 2022 | D-Link | Link |
Apache Commons BCEL API out-of-bounds | (7.5) | Nov, 05 2022 | Apache | Link |
D-Link DIR-1935 SOAPAction stack-based overflow | (8.4) | Nov, 05 2022 | D-Link | Link |
Splunk Enterprise tstats Command access control | (7.6) | Nov, 05 2022 | Splunk | Link |
Splunk Enterprise SPL Safeguard access control | (7.6) | Nov, 05 2022 | Splunk | Link |
Azure RTOS USBX USB DFU UPLOAD ux_device_class_dfu_control_request buffer overflow | (9.6) | Nov, 05 2022 | Azure | Link |
XWiki Request Parameter improper authentication | (7.9) | Nov, 05 2022 | XWiki | Link |
Splunk Enterprise Mobile Alerts deserialization | (8.6) | Nov, 05 2022 | Splunk | Link |
VMware Spring Tools/VSCode Extension Snakeyaml code injection | (7.9) | Nov, 05 2022 | VMware | Link |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 06 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 06 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 06 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 06 2022 | xmldom | Link |
Tenda AC23 formSetFirewallCfg stack-based overflow | (9.3) | Nov, 06 2022 | Tenda | Link |
Tenda AC23 setSmartPowerManagement stack-based overflow | (9.3) | Nov, 06 2022 | Tenda | Link |
Tenda AC23 setSchedWifi stack-based overflow | (8.9) | Nov, 06 2022 | Tenda | Link |
Tenda AC23 fromSetWifiGusetBasic stack-based overflow | (9.3) | Nov, 06 2022 | Tenda | Link |
Tenda AC23 fromSetWirelessRepeat stack-based overflow | (8.9) | Nov, 06 2022 | Tenda | Link |
Tenda AC23 Parameter formSetQosBand out-of-bounds write | (9.3) | Nov, 06 2022 | Tenda | Link |
Tenda AC23 fromSetSysTime out-of-bounds write | (9.3) | Nov, 06 2022 | Tenda | Link |
Tenda AC23 formSetDeviceName out-of-bounds write | (8.2) | Nov, 06 2022 | Tenda | Link |
Keystone Environment Variable injection | (8.4) | Nov, 06 2022 | Keystone | Link |
D-Link DIR-823G Packet SetNetworkTomographySettings command injection | (7.6) | Nov, 06 2022 | D-Link | Link |
GLPI API REST sql injection | (7.5) | Nov, 06 2022 | GLPI | Link |
Zoho ManageEngine ServiceDesk Plus exportMickeyList input validation | (8.6) | Nov, 06 2022 | Zoho | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 06 2022 | D-Link | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 06 2022 | D-Link | Link |
D-Link DIR-1935 stack-based overflow | (8.4) | Nov, 06 2022 | D-Link | Link |
Apache Commons BCEL API out-of-bounds | (7.5) | Nov, 06 2022 | Apache | Link |
D-Link DIR-1935 SOAPAction stack-based overflow | (8.4) | Nov, 06 2022 | D-Link | Link |
Splunk Enterprise tstats Command access control | (7.6) | Nov, 06 2022 | Splunk | Link |
Splunk Enterprise SPL Safeguard access control | (7.6) | Nov, 06 2022 | Splunk | Link |
Azure RTOS USBX USB DFU UPLOAD ux_device_class_dfu_control_request buffer overflow | (9.6) | Nov, 06 2022 | Azure | Link |
XWiki Request Parameter improper authentication | (7.9) | Nov, 06 2022 | XWiki | Link |
Splunk Enterprise Mobile Alerts deserialization | (8.6) | Nov, 06 2022 | Splunk | Link |
VMware Spring Tools/VSCode Extension Snakeyaml code injection | (7.9) | Nov, 06 2022 | VMware | Link |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 07 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 07 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 07 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 07 2022 | xmldom | Link |
Tenda AC23 formSetFirewallCfg stack-based overflow | (9.3) | Nov, 07 2022 | Tenda | Link |
Tenda AC23 setSmartPowerManagement stack-based overflow | (9.3) | Nov, 07 2022 | Tenda | Link |
Tenda AC23 setSchedWifi stack-based overflow | (8.9) | Nov, 07 2022 | Tenda | Link |
Tenda AC23 fromSetWifiGusetBasic stack-based overflow | (9.3) | Nov, 07 2022 | Tenda | Link |
Tenda AC23 fromSetWirelessRepeat stack-based overflow | (8.9) | Nov, 07 2022 | Tenda | Link |
Tenda AC23 Parameter formSetQosBand out-of-bounds write | (9.3) | Nov, 07 2022 | Tenda | Link |
Tenda AC23 fromSetSysTime out-of-bounds write | (9.3) | Nov, 07 2022 | Tenda | Link |
Tenda AC23 formSetDeviceName out-of-bounds write | (8.2) | Nov, 07 2022 | Tenda | Link |
Keystone Environment Variable injection | (8.4) | Nov, 07 2022 | Keystone | Link |
D-Link DIR-823G Packet SetNetworkTomographySettings command injection | (7.6) | Nov, 07 2022 | D-Link | Link |
GLPI API REST sql injection | (7.5) | Nov, 07 2022 | GLPI | Link |
Zoho ManageEngine ServiceDesk Plus exportMickeyList input validation | (8.6) | Nov, 07 2022 | Zoho | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 07 2022 | D-Link | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 07 2022 | D-Link | Link |
D-Link DIR-1935 stack-based overflow | (8.4) | Nov, 07 2022 | D-Link | Link |
Apache Commons BCEL API out-of-bounds | (7.5) | Nov, 07 2022 | Apache | Link |
D-Link DIR-1935 SOAPAction stack-based overflow | (8.4) | Nov, 07 2022 | D-Link | Link |
Splunk Enterprise tstats Command access control | (7.6) | Nov, 07 2022 | Splunk | Link |
Splunk Enterprise SPL Safeguard access control | (7.6) | Nov, 07 2022 | Splunk | Link |
Azure RTOS USBX USB DFU UPLOAD ux_device_class_dfu_control_request buffer overflow | (9.6) | Nov, 07 2022 | Azure | Link |
XWiki Request Parameter improper authentication | (7.9) | Nov, 07 2022 | XWiki | Link |
Splunk Enterprise Mobile Alerts deserialization | (8.6) | Nov, 07 2022 | Splunk | Link |
VMware Spring Tools/VSCode Extension Snakeyaml code injection | (7.9) | Nov, 07 2022 | VMware | Link |
d8s-xml backdoor | (7.5) | Nov, 07 2022 | d8s-xml | Link |
d8s-networking backdoor | (7.5) | Nov, 07 2022 | d8s-networking | Link |
d8s-dates backdoor | (7.5) | Nov, 07 2022 | d8s-dates | Link |
d8s-stats backdoor | (7.5) | Nov, 07 2022 | d8s-stats | Link |
d8s-networking backdoor | (7.5) | Nov, 07 2022 | d8s-networking | Link |
d8s-python backdoor | (7.5) | Nov, 07 2022 | d8s-python | Link |
d8s-urls backdoor | (7.5) | Nov, 07 2022 | d8s-urls | Link |
d8s-python backdoor | (7.5) | Nov, 07 2022 | d8s-python | Link |
d8s-timer backdoor | (7.5) | Nov, 07 2022 | d8s-timer | Link |
d8s-strings backdoor | (7.5) | Nov, 07 2022 | d8s-strings | Link |
Contact Form Plugin Plugin csv injection | (7.5) | Nov, 07 2022 | Contact | Link |
WooCommerce Dropshipping Plugin REST Endpoint sql injection | (8.4) | Nov, 07 2022 | WooCommerce | Link |
Role Based Pricing for WooCommerce Plugin unrestricted upload | (7.9) | Nov, 07 2022 | Role | Link |
Lightning Labs Ind btcd Privilege Escalation | (7.5) | Nov, 07 2022 | Lightning | Link |
NTFS-3G NTFS Image buffer overflow | (7.6) | Nov, 07 2022 | NTFS-3G | Link |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 08 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 08 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 08 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 08 2022 | xmldom | Link |
Tenda AC23 formSetFirewallCfg stack-based overflow | (9.3) | Nov, 08 2022 | Tenda | Link |
Tenda AC23 setSmartPowerManagement stack-based overflow | (9.3) | Nov, 08 2022 | Tenda | Link |
Tenda AC23 setSchedWifi stack-based overflow | (8.9) | Nov, 08 2022 | Tenda | Link |
Tenda AC23 fromSetWifiGusetBasic stack-based overflow | (9.3) | Nov, 08 2022 | Tenda | Link |
Tenda AC23 fromSetWirelessRepeat stack-based overflow | (8.9) | Nov, 08 2022 | Tenda | Link |
Tenda AC23 Parameter formSetQosBand out-of-bounds write | (9.3) | Nov, 08 2022 | Tenda | Link |
Tenda AC23 fromSetSysTime out-of-bounds write | (9.3) | Nov, 08 2022 | Tenda | Link |
Tenda AC23 formSetDeviceName out-of-bounds write | (8.2) | Nov, 08 2022 | Tenda | Link |
Keystone Environment Variable injection | (8.4) | Nov, 08 2022 | Keystone | Link |
D-Link DIR-823G Packet SetNetworkTomographySettings command injection | (7.6) | Nov, 08 2022 | D-Link | Link |
GLPI API REST sql injection | (7.5) | Nov, 08 2022 | GLPI | Link |
Zoho ManageEngine ServiceDesk Plus exportMickeyList input validation | (8.6) | Nov, 08 2022 | Zoho | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 08 2022 | D-Link | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 08 2022 | D-Link | Link |
D-Link DIR-1935 stack-based overflow | (8.4) | Nov, 08 2022 | D-Link | Link |
Apache Commons BCEL API out-of-bounds | (7.5) | Nov, 08 2022 | Apache | Link |
D-Link DIR-1935 SOAPAction stack-based overflow | (8.4) | Nov, 08 2022 | D-Link | Link |
Splunk Enterprise tstats Command access control | (7.6) | Nov, 08 2022 | Splunk | Link |
Splunk Enterprise SPL Safeguard access control | (7.6) | Nov, 08 2022 | Splunk | Link |
Azure RTOS USBX USB DFU UPLOAD ux_device_class_dfu_control_request buffer overflow | (9.6) | Nov, 08 2022 | Azure | Link |
XWiki Request Parameter improper authentication | (7.9) | Nov, 08 2022 | XWiki | Link |
Splunk Enterprise Mobile Alerts deserialization | (8.6) | Nov, 08 2022 | Splunk | Link |
VMware Spring Tools/VSCode Extension Snakeyaml code injection | (7.9) | Nov, 08 2022 | VMware | Link |
d8s-xml backdoor | (7.5) | Nov, 08 2022 | d8s-xml | Link |
d8s-networking backdoor | (7.5) | Nov, 08 2022 | d8s-networking | Link |
d8s-dates backdoor | (7.5) | Nov, 08 2022 | d8s-dates | Link |
d8s-stats backdoor | (7.5) | Nov, 08 2022 | d8s-stats | Link |
d8s-networking backdoor | (7.5) | Nov, 08 2022 | d8s-networking | Link |
d8s-python backdoor | (7.5) | Nov, 08 2022 | d8s-python | Link |
d8s-urls backdoor | (7.5) | Nov, 08 2022 | d8s-urls | Link |
d8s-python backdoor | (7.5) | Nov, 08 2022 | d8s-python | Link |
d8s-timer backdoor | (7.5) | Nov, 08 2022 | d8s-timer | Link |
d8s-strings backdoor | (7.5) | Nov, 08 2022 | d8s-strings | Link |
Contact Form Plugin Plugin csv injection | (7.5) | Nov, 08 2022 | Contact | Link |
WooCommerce Dropshipping Plugin REST Endpoint sql injection | (8.4) | Nov, 08 2022 | WooCommerce | Link |
Role Based Pricing for WooCommerce Plugin unrestricted upload | (7.9) | Nov, 08 2022 | Role | Link |
Lightning Labs Ind btcd Privilege Escalation | (7.5) | Nov, 08 2022 | Lightning | Link |
NTFS-3G NTFS Image buffer overflow | (7.6) | Nov, 08 2022 | NTFS-3G | Link |
Microsoft Windows ODBC Driver Remote Code Execution | (8.1) | Nov, 08 2022 | Microsoft | Link |
Microsoft Windows Scripting Language Remote Code Execution | (8.4) | Nov, 08 2022 | Microsoft | Link |
Silicon Labs Bootloader GBL Parser memory corruption | (8.7) | Nov, 09 2022 | Silicon | Link |
Frauscher Sensortechnik FDS102 Configuration unrestricted upload | (9.6) | Nov, 09 2022 | Frauscher | Link |
Discourse Email Address improper authorization | (7.7) | Nov, 09 2022 | Discourse | Link |
xmldom improper validation of consistency within input | (8.7) | Nov, 09 2022 | xmldom | Link |
Tenda AC23 formSetFirewallCfg stack-based overflow | (9.3) | Nov, 09 2022 | Tenda | Link |
Tenda AC23 setSmartPowerManagement stack-based overflow | (9.3) | Nov, 09 2022 | Tenda | Link |
Tenda AC23 setSchedWifi stack-based overflow | (8.9) | Nov, 09 2022 | Tenda | Link |
Tenda AC23 fromSetWifiGusetBasic stack-based overflow | (9.3) | Nov, 09 2022 | Tenda | Link |
Tenda AC23 fromSetWirelessRepeat stack-based overflow | (8.9) | Nov, 09 2022 | Tenda | Link |
Tenda AC23 Parameter formSetQosBand out-of-bounds write | (9.3) | Nov, 09 2022 | Tenda | Link |
Tenda AC23 fromSetSysTime out-of-bounds write | (9.3) | Nov, 09 2022 | Tenda | Link |
Tenda AC23 formSetDeviceName out-of-bounds write | (8.2) | Nov, 09 2022 | Tenda | Link |
Keystone Environment Variable injection | (8.4) | Nov, 09 2022 | Keystone | Link |
D-Link DIR-823G Packet SetNetworkTomographySettings command injection | (7.6) | Nov, 09 2022 | D-Link | Link |
GLPI API REST sql injection | (7.5) | Nov, 09 2022 | GLPI | Link |
Zoho ManageEngine ServiceDesk Plus exportMickeyList input validation | (8.6) | Nov, 09 2022 | Zoho | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 09 2022 | D-Link | Link |
D-Link DIR-1935 HNAP improper authentication | (8.4) | Nov, 09 2022 | D-Link | Link |
D-Link DIR-1935 stack-based overflow | (8.4) | Nov, 09 2022 | D-Link | Link |
Apache Commons BCEL API out-of-bounds | (7.5) | Nov, 09 2022 | Apache | Link |
D-Link DIR-1935 SOAPAction stack-based overflow | (8.4) | Nov, 09 2022 | D-Link | Link |
Splunk Enterprise tstats Command access control | (7.6) | Nov, 09 2022 | Splunk | Link |
Splunk Enterprise SPL Safeguard access control | (7.6) | Nov, 09 2022 | Splunk | Link |
Azure RTOS USBX USB DFU UPLOAD ux_device_class_dfu_control_request buffer overflow | (9.6) | Nov, 09 2022 | Azure | Link |
XWiki Request Parameter improper authentication | (7.9) | Nov, 09 2022 | XWiki | Link |
Splunk Enterprise Mobile Alerts deserialization | (8.6) | Nov, 09 2022 | Splunk | Link |
VMware Spring Tools/VSCode Extension Snakeyaml code injection | (7.9) | Nov, 09 2022 | VMware | Link |
d8s-xml backdoor | (7.5) | Nov, 09 2022 | d8s-xml | Link |
d8s-networking backdoor | (7.5) | Nov, 09 2022 | d8s-networking | Link |
d8s-dates backdoor | (7.5) | Nov, 09 2022 | d8s-dates | Link |
d8s-stats backdoor | (7.5) | Nov, 09 2022 | d8s-stats | Link |
d8s-networking backdoor | (7.5) | Nov, 09 2022 | d8s-networking | Link |
d8s-python backdoor | (7.5) | Nov, 09 2022 | d8s-python | Link |
d8s-urls backdoor | (7.5) | Nov, 09 2022 | d8s-urls | Link |
d8s-python backdoor | (7.5) | Nov, 09 2022 | d8s-python | Link |
d8s-timer backdoor | (7.5) | Nov, 09 2022 | d8s-timer | Link |
d8s-strings backdoor | (7.5) | Nov, 09 2022 | d8s-strings | Link |
Contact Form Plugin Plugin csv injection | (7.5) | Nov, 09 2022 | Contact | Link |
WooCommerce Dropshipping Plugin REST Endpoint sql injection | (8.4) | Nov, 09 2022 | WooCommerce | Link |
Role Based Pricing for WooCommerce Plugin unrestricted upload | (7.9) | Nov, 09 2022 | Role | Link |
Lightning Labs Ind btcd Privilege Escalation | (7.5) | Nov, 09 2022 | Lightning | Link |
NTFS-3G NTFS Image buffer overflow | (7.6) | Nov, 09 2022 | NTFS-3G | Link |
Microsoft Windows ODBC Driver Remote Code Execution | (8.1) | Nov, 09 2022 | Microsoft | Link |
Microsoft Windows Scripting Language Remote Code Execution | (8.4) | Nov, 09 2022 | Microsoft | Link |
WAGO 750-81xx Packet os command injection | (9.6) | Nov, 09 2022 | WAGO | Link |
AccuSoft ImageGear PICT Parser pctwread_14841 out-of-bounds write | (7.9) | Nov, 09 2022 | AccuSoft | Link |
InHand InRouter302 Incomplete Fix access control | (7.8) | Nov, 09 2022 | InHand | Link |
WAGO 750-81xx Packet buffer overflow | (9.3) | Nov, 09 2022 | WAGO | Link |
WAGO 750-81xx Packet out-of-bounds | (7.6) | Nov, 09 2022 | WAGO | Link |
Cisco ASA/Firepower Threat Defense Dynamic Access Policy memory corruption | (7.8) | Nov, 09 2022 | Cisco | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 10 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 10 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 10 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 10 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 10 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 10 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 10 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 10 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 10 2022 | Huawei | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 11 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 11 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 11 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 11 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 11 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 11 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 11 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 11 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 11 2022 | Huawei | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 12 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 12 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 12 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 12 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 12 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 12 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 12 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 12 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 12 2022 | Huawei | Link |
Zoho ManageEngine Password Manager Pro/PAM360/Access Manager Plus sql injection | (7.9) | Nov, 12 2022 | Zoho | Link |
Pi-Star_DV_Dash Privilege Escalation | (7.5) | Nov, 12 2022 | Pi-Star_DV_Dash | Link |
Intel DCM protection mechanism | (8.7) | Nov, 12 2022 | Intel | Link |
Intel NUC Kit BIOS Firmware improper authentication | (7.6) | Nov, 12 2022 | Intel | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 13 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 13 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 13 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 13 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 13 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 13 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 13 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 13 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 13 2022 | Huawei | Link |
Zoho ManageEngine Password Manager Pro/PAM360/Access Manager Plus sql injection | (7.9) | Nov, 13 2022 | Zoho | Link |
Pi-Star_DV_Dash Privilege Escalation | (7.5) | Nov, 13 2022 | Pi-Star_DV_Dash | Link |
Intel DCM protection mechanism | (8.7) | Nov, 13 2022 | Intel | Link |
Intel NUC Kit BIOS Firmware improper authentication | (7.6) | Nov, 13 2022 | Intel | Link |
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection | (7.9) | Nov, 13 2022 | Pingkon | Link |
Pingkon HMS-PHP adminlogin.php sql injection | (7.9) | Nov, 13 2022 | Pingkon | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 14 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 14 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 14 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 14 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 14 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 14 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 14 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 14 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 14 2022 | Huawei | Link |
Zoho ManageEngine Password Manager Pro/PAM360/Access Manager Plus sql injection | (7.9) | Nov, 14 2022 | Zoho | Link |
Pi-Star_DV_Dash Privilege Escalation | (7.5) | Nov, 14 2022 | Pi-Star_DV_Dash | Link |
Intel DCM protection mechanism | (8.7) | Nov, 14 2022 | Intel | Link |
Intel NUC Kit BIOS Firmware improper authentication | (7.6) | Nov, 14 2022 | Intel | Link |
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection | (7.9) | Nov, 14 2022 | Pingkon | Link |
Pingkon HMS-PHP adminlogin.php sql injection | (7.9) | Nov, 14 2022 | Pingkon | Link |
kareadita kavita authentication bypass | (8.7) | Nov, 14 2022 | kareadita | Link |
Silicon Labs Ember ZNet memory corruption | (7.6) | Nov, 14 2022 | Silicon | Link |
WPForms Pro Plugin csv injection | (7.5) | Nov, 14 2022 | WPForms | Link |
tagDiv Composer Plugin Facebook Login improper authentication | (7.6) | Nov, 14 2022 | tagDiv | Link |
Apache SOAP RPCRouterServlet deserialization | (8.5) | Nov, 14 2022 | Apache | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 15 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 15 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 15 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 15 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 15 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 15 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 15 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 15 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 15 2022 | Huawei | Link |
Zoho ManageEngine Password Manager Pro/PAM360/Access Manager Plus sql injection | (7.9) | Nov, 15 2022 | Zoho | Link |
Pi-Star_DV_Dash Privilege Escalation | (7.5) | Nov, 15 2022 | Pi-Star_DV_Dash | Link |
Intel DCM protection mechanism | (8.7) | Nov, 15 2022 | Intel | Link |
Intel NUC Kit BIOS Firmware improper authentication | (7.6) | Nov, 15 2022 | Intel | Link |
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection | (7.9) | Nov, 15 2022 | Pingkon | Link |
Pingkon HMS-PHP adminlogin.php sql injection | (7.9) | Nov, 15 2022 | Pingkon | Link |
kareadita kavita authentication bypass | (8.7) | Nov, 15 2022 | kareadita | Link |
Silicon Labs Ember ZNet memory corruption | (7.6) | Nov, 15 2022 | Silicon | Link |
WPForms Pro Plugin csv injection | (7.5) | Nov, 15 2022 | WPForms | Link |
tagDiv Composer Plugin Facebook Login improper authentication | (7.6) | Nov, 15 2022 | tagDiv | Link |
Apache SOAP RPCRouterServlet deserialization | (8.5) | Nov, 15 2022 | Apache | Link |
JAPEX Plugin XML Parser xml external entity reference | (7.6) | Nov, 15 2022 | JAPEX | Link |
OSF Builder Suite XML Linter Plugin XML Parser xml external entity reference | (7.6) | Nov, 15 2022 | OSF | Link |
CCCC Plugin XML Parser xml external entity reference | (7.6) | Nov, 15 2022 | CCCC | Link |
ceph Crash Service Local Privilege Escalation | (7.5) | Nov, 15 2022 | ceph | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 16 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 16 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 16 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 16 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 16 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 16 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 16 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 16 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 16 2022 | Huawei | Link |
Zoho ManageEngine Password Manager Pro/PAM360/Access Manager Plus sql injection | (7.9) | Nov, 16 2022 | Zoho | Link |
Pi-Star_DV_Dash Privilege Escalation | (7.5) | Nov, 16 2022 | Pi-Star_DV_Dash | Link |
Intel DCM protection mechanism | (8.7) | Nov, 16 2022 | Intel | Link |
Intel NUC Kit BIOS Firmware improper authentication | (7.6) | Nov, 16 2022 | Intel | Link |
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection | (7.9) | Nov, 16 2022 | Pingkon | Link |
Pingkon HMS-PHP adminlogin.php sql injection | (7.9) | Nov, 16 2022 | Pingkon | Link |
kareadita kavita authentication bypass | (8.7) | Nov, 16 2022 | kareadita | Link |
Silicon Labs Ember ZNet memory corruption | (7.6) | Nov, 16 2022 | Silicon | Link |
WPForms Pro Plugin csv injection | (7.5) | Nov, 16 2022 | WPForms | Link |
tagDiv Composer Plugin Facebook Login improper authentication | (7.6) | Nov, 16 2022 | tagDiv | Link |
Apache SOAP RPCRouterServlet deserialization | (8.5) | Nov, 16 2022 | Apache | Link |
JAPEX Plugin XML Parser xml external entity reference | (7.6) | Nov, 16 2022 | JAPEX | Link |
OSF Builder Suite XML Linter Plugin XML Parser xml external entity reference | (7.6) | Nov, 16 2022 | OSF | Link |
CCCC Plugin XML Parser xml external entity reference | (7.6) | Nov, 16 2022 | CCCC | Link |
ceph Crash Service Local Privilege Escalation | (7.5) | Nov, 16 2022 | ceph | Link |
SeaCms index.php sql injection | (7.9) | Nov, 16 2022 | SeaCms | Link |
Hoosk PHP File attachments unrestricted upload | (7.5) | Nov, 16 2022 | Hoosk | Link |
Human Resource Management System login.php sql injection | (7.9) | Nov, 16 2022 | Human | Link |
Sophos Mobile Managed On-Premises XML server-side request forgery | (8.5) | Nov, 16 2022 | Sophos | Link |
mastodon excessive authentication | (7.7) | Nov, 16 2022 | mastodon | Link |
Micrium uC-HTTP HTTP Request heap-based overflow | (8.7) | Nov, 16 2022 | Micrium | Link |
Apache Mina SSHD Java deserialization | (7.5) | Nov, 16 2022 | Apache | Link |
Wiesemann & Theis AT-Modem-Emulator/Com-Server HTTP GET Request missing authentication | (8.4) | Nov, 16 2022 | Wiesemann | Link |
Canteen Management System save_user.php unrestricted upload | (7.6) | Nov, 16 2022 | Canteen | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 17 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 17 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 17 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 17 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 17 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 17 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 17 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 17 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 17 2022 | Huawei | Link |
Zoho ManageEngine Password Manager Pro/PAM360/Access Manager Plus sql injection | (7.9) | Nov, 17 2022 | Zoho | Link |
Pi-Star_DV_Dash Privilege Escalation | (7.5) | Nov, 17 2022 | Pi-Star_DV_Dash | Link |
Intel DCM protection mechanism | (8.7) | Nov, 17 2022 | Intel | Link |
Intel NUC Kit BIOS Firmware improper authentication | (7.6) | Nov, 17 2022 | Intel | Link |
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection | (7.9) | Nov, 17 2022 | Pingkon | Link |
Pingkon HMS-PHP adminlogin.php sql injection | (7.9) | Nov, 17 2022 | Pingkon | Link |
kareadita kavita authentication bypass | (8.7) | Nov, 17 2022 | kareadita | Link |
Silicon Labs Ember ZNet memory corruption | (7.6) | Nov, 17 2022 | Silicon | Link |
WPForms Pro Plugin csv injection | (7.5) | Nov, 17 2022 | WPForms | Link |
tagDiv Composer Plugin Facebook Login improper authentication | (7.6) | Nov, 17 2022 | tagDiv | Link |
Apache SOAP RPCRouterServlet deserialization | (8.5) | Nov, 17 2022 | Apache | Link |
JAPEX Plugin XML Parser xml external entity reference | (7.6) | Nov, 17 2022 | JAPEX | Link |
OSF Builder Suite XML Linter Plugin XML Parser xml external entity reference | (7.6) | Nov, 17 2022 | OSF | Link |
CCCC Plugin XML Parser xml external entity reference | (7.6) | Nov, 17 2022 | CCCC | Link |
ceph Crash Service Local Privilege Escalation | (7.5) | Nov, 17 2022 | ceph | Link |
SeaCms index.php sql injection | (7.9) | Nov, 17 2022 | SeaCms | Link |
Hoosk PHP File attachments unrestricted upload | (7.5) | Nov, 17 2022 | Hoosk | Link |
Human Resource Management System login.php sql injection | (7.9) | Nov, 17 2022 | Human | Link |
Sophos Mobile Managed On-Premises XML server-side request forgery | (8.5) | Nov, 17 2022 | Sophos | Link |
mastodon excessive authentication | (7.7) | Nov, 17 2022 | mastodon | Link |
Micrium uC-HTTP HTTP Request heap-based overflow | (8.7) | Nov, 17 2022 | Micrium | Link |
Apache Mina SSHD Java deserialization | (7.5) | Nov, 17 2022 | Apache | Link |
Wiesemann & Theis AT-Modem-Emulator/Com-Server HTTP GET Request missing authentication | (8.4) | Nov, 17 2022 | Wiesemann | Link |
Canteen Management System save_user.php unrestricted upload | (7.6) | Nov, 17 2022 | Canteen | Link |
Dolibarr API privileges management | (7.7) | Nov, 17 2022 | Dolibarr | Link |
Veritas NetBackup Java Admin Console os command injection | (7.9) | Nov, 17 2022 | Veritas | Link |
Online Diagnostic Lab Management System login.php sql injection | (7.9) | Nov, 17 2022 | Online | Link |
Dreamer CMS sql injection | (8.0) | Nov, 17 2022 | Dreamer | Link |
BACKCLICK Professional sql injection | (7.9) | Nov, 17 2022 | BACKCLICK | Link |
BACKCLICK Professional CORBA Management Services missing authentication | (7.5) | Nov, 17 2022 | BACKCLICK | Link |
Vela Server/Worker/UI privileges management | (9.0) | Nov, 18 2022 | Vela | Link |
Hualing Agentflow BPM URL unrestricted upload | (8.4) | Nov, 18 2022 | Hualing | Link |
UPSMON Pro Login improper authentication | (8.4) | Nov, 18 2022 | UPSMON | Link |
AyaCMS fst_upload.inc.php unrestricted upload | (7.6) | Nov, 18 2022 | AyaCMS | Link |
xterm OSC 50 Response command injection | (7.5) | Nov, 18 2022 | xterm | Link |
Huawei HarmonyOS System Framework Layer deserialization | (7.6) | Nov, 18 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 18 2022 | Huawei | Link |
Huawei HarmonyOS AMS Module deserialization | (7.6) | Nov, 18 2022 | Huawei | Link |
Huawei HarmonyOS iAware Module Privilege Escalation | (7.6) | Nov, 18 2022 | Huawei | Link |
Zoho ManageEngine Password Manager Pro/PAM360/Access Manager Plus sql injection | (7.9) | Nov, 18 2022 | Zoho | Link |
Pi-Star_DV_Dash Privilege Escalation | (7.5) | Nov, 18 2022 | Pi-Star_DV_Dash | Link |
Intel DCM protection mechanism | (8.7) | Nov, 18 2022 | Intel | Link |
Intel NUC Kit BIOS Firmware improper authentication | (7.6) | Nov, 18 2022 | Intel | Link |
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection | (7.9) | Nov, 18 2022 | Pingkon | Link |
Pingkon HMS-PHP adminlogin.php sql injection | (7.9) | Nov, 18 2022 | Pingkon | Link |
kareadita kavita authentication bypass | (8.7) | Nov, 18 2022 | kareadita | Link |
Silicon Labs Ember ZNet memory corruption | (7.6) | Nov, 18 2022 | Silicon | Link |
WPForms Pro Plugin csv injection | (7.5) | Nov, 18 2022 | WPForms | Link |
tagDiv Composer Plugin Facebook Login improper authentication | (7.6) | Nov, 18 2022 | tagDiv | Link |
Apache SOAP RPCRouterServlet deserialization | (8.5) | Nov, 18 2022 | Apache | Link |
JAPEX Plugin XML Parser xml external entity reference | (7.6) | Nov, 18 2022 | JAPEX | Link |
OSF Builder Suite XML Linter Plugin XML Parser xml external entity reference | (7.6) | Nov, 18 2022 | OSF | Link |
CCCC Plugin XML Parser xml external entity reference | (7.6) | Nov, 18 2022 | CCCC | Link |
ceph Crash Service Local Privilege Escalation | (7.5) | Nov, 18 2022 | ceph | Link |
SeaCms index.php sql injection | (7.9) | Nov, 18 2022 | SeaCms | Link |
Hoosk PHP File attachments unrestricted upload | (7.5) | Nov, 18 2022 | Hoosk | Link |
Human Resource Management System login.php sql injection | (7.9) | Nov, 18 2022 | Human | Link |
Sophos Mobile Managed On-Premises XML server-side request forgery | (8.5) | Nov, 18 2022 | Sophos | Link |
mastodon excessive authentication | (7.7) | Nov, 18 2022 | mastodon | Link |
Micrium uC-HTTP HTTP Request heap-based overflow | (8.7) | Nov, 18 2022 | Micrium | Link |
Apache Mina SSHD Java deserialization | (7.5) | Nov, 18 2022 | Apache | Link |
Wiesemann & Theis AT-Modem-Emulator/Com-Server HTTP GET Request missing authentication | (8.4) | Nov, 18 2022 | Wiesemann | Link |
Canteen Management System save_user.php unrestricted upload | (7.6) | Nov, 18 2022 | Canteen | Link |
Dolibarr API privileges management | (7.7) | Nov, 18 2022 | Dolibarr | Link |
Veritas NetBackup Java Admin Console os command injection | (7.9) | Nov, 18 2022 | Veritas | Link |
Online Diagnostic Lab Management System login.php sql injection | (7.9) | Nov, 18 2022 | Online | Link |
Dreamer CMS sql injection | (8.0) | Nov, 18 2022 | Dreamer | Link |
BACKCLICK Professional sql injection | (7.9) | Nov, 18 2022 | BACKCLICK | Link |
BACKCLICK Professional CORBA Management Services missing authentication | (7.5) | Nov, 18 2022 | BACKCLICK | Link |
drachtio server request-handler.cpp event_cb use after free | (7.6) | Nov, 18 2022 | drachtio | Link |
D-Link DIR3060 buffer overflow | (7.5) | Nov, 18 2022 | D-Link | Link |
Webvendome GET Request sql injection | (7.5) | Nov, 18 2022 | Webvendome | Link |
BACKCLICK Professional CORBA Back-End Services improper authentication | (7.9) | Nov, 18 2022 | BACKCLICK | Link |
wpForo Forum Plugin unrestricted upload | (8.3) | Nov, 18 2022 | wpForo | Link |
Carel Boss Mini access control | (7.6) | Nov, 19 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 19 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 19 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 19 2022 | Permalink | Link |
Carel Boss Mini access control | (7.6) | Nov, 20 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 20 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 20 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 20 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 20 2022 | librenms | Link |
Carel Boss Mini access control | (7.6) | Nov, 21 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 21 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 21 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 21 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 21 2022 | librenms | Link |
Trend Micro Apex One Change Prevention Service memory corruption | (7.5) | Nov, 21 2022 | Trend | Link |
Trend Micro Apex One out-of-bounds | (7.5) | Nov, 21 2022 | Trend | Link |
Trend Micro Apex One exceptional condition | (8.1) | Nov, 21 2022 | Trend | Link |
Trend Micro Apex One Security Agent pathname traversal | (8.1) | Nov, 21 2022 | Trend | Link |
Tenda AC18 formSetWifiGuestBasic buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Tenda AC18 addWifiMacFilter buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Tenda AC18 formWifiWpsOOB buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Tenda AC18 fromSetRouteStatic buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Tenda AC18 formSetMacFilterCfg buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Tenda AC18 formSetDeviceName buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Tenda AC18 R7WebsSecurityHandler buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Tenda AC18 form_fast_setting_wifi_set buffer overflow | (7.5) | Nov, 21 2022 | Tenda | Link |
Insyde Kernel UEFI Variable stack-based overflow | (7.8) | Nov, 21 2022 | Insyde | Link |
Carel Boss Mini access control | (7.6) | Nov, 22 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 22 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 22 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 22 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 22 2022 | librenms | Link |
Trend Micro Apex One Change Prevention Service memory corruption | (7.5) | Nov, 22 2022 | Trend | Link |
Trend Micro Apex One out-of-bounds | (7.5) | Nov, 22 2022 | Trend | Link |
Trend Micro Apex One exceptional condition | (8.1) | Nov, 22 2022 | Trend | Link |
Trend Micro Apex One Security Agent pathname traversal | (8.1) | Nov, 22 2022 | Trend | Link |
Tenda AC18 formSetWifiGuestBasic buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Tenda AC18 addWifiMacFilter buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Tenda AC18 formWifiWpsOOB buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Tenda AC18 fromSetRouteStatic buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Tenda AC18 formSetMacFilterCfg buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Tenda AC18 formSetDeviceName buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Tenda AC18 R7WebsSecurityHandler buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Tenda AC18 form_fast_setting_wifi_set buffer overflow | (7.5) | Nov, 22 2022 | Tenda | Link |
Insyde Kernel UEFI Variable stack-based overflow | (7.8) | Nov, 22 2022 | Insyde | Link |
ZTE PON OLT access control | (8.0) | Nov, 22 2022 | ZTE | Link |
Billing System Project fetchOrderData.php sql injection | (7.5) | Nov, 22 2022 | Billing | Link |
D-Link DIR-882 webGetVarString buffer overflow | (7.5) | Nov, 22 2022 | D-Link | Link |
D-Link DIR-882 buffer overflow | (7.5) | Nov, 22 2022 | D-Link | Link |
D-Link DIR-882 websRedirect buffer overflow | (7.5) | Nov, 22 2022 | D-Link | Link |
D-Link DIR-878 access control | (7.5) | Nov, 22 2022 | D-Link | Link |
D-Link DIR878 buffer overflow | (7.5) | Nov, 22 2022 | D-Link | Link |
D-Link DIR823G command injection | (7.5) | Nov, 22 2022 | D-Link | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P wan_dns1_pri buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 22 2022 | Netgear | Link |
D-Link DIR-823G HNAP API HNAP1 command injection | (7.6) | Nov, 22 2022 | D-Link | Link |
Linux Kernel Local Privilege io_uring use after free | (8.1) | Nov, 22 2022 | Linux | Link |
Carel Boss Mini access control | (7.6) | Nov, 23 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 23 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 23 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 23 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 23 2022 | librenms | Link |
Trend Micro Apex One Change Prevention Service memory corruption | (7.5) | Nov, 23 2022 | Trend | Link |
Trend Micro Apex One out-of-bounds | (7.5) | Nov, 23 2022 | Trend | Link |
Trend Micro Apex One exceptional condition | (8.1) | Nov, 23 2022 | Trend | Link |
Trend Micro Apex One Security Agent pathname traversal | (8.1) | Nov, 23 2022 | Trend | Link |
Tenda AC18 formSetWifiGuestBasic buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Tenda AC18 addWifiMacFilter buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Tenda AC18 formWifiWpsOOB buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Tenda AC18 fromSetRouteStatic buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Tenda AC18 formSetMacFilterCfg buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Tenda AC18 formSetDeviceName buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Tenda AC18 R7WebsSecurityHandler buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Tenda AC18 form_fast_setting_wifi_set buffer overflow | (7.5) | Nov, 23 2022 | Tenda | Link |
Insyde Kernel UEFI Variable stack-based overflow | (7.8) | Nov, 23 2022 | Insyde | Link |
ZTE PON OLT access control | (8.0) | Nov, 23 2022 | ZTE | Link |
Billing System Project fetchOrderData.php sql injection | (7.5) | Nov, 23 2022 | Billing | Link |
D-Link DIR-882 webGetVarString buffer overflow | (7.5) | Nov, 23 2022 | D-Link | Link |
D-Link DIR-882 buffer overflow | (7.5) | Nov, 23 2022 | D-Link | Link |
D-Link DIR-882 websRedirect buffer overflow | (7.5) | Nov, 23 2022 | D-Link | Link |
D-Link DIR-878 access control | (7.5) | Nov, 23 2022 | D-Link | Link |
D-Link DIR878 buffer overflow | (7.5) | Nov, 23 2022 | D-Link | Link |
D-Link DIR823G command injection | (7.5) | Nov, 23 2022 | D-Link | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P wan_dns1_pri buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 23 2022 | Netgear | Link |
D-Link DIR-823G HNAP API HNAP1 command injection | (7.6) | Nov, 23 2022 | D-Link | Link |
Linux Kernel Local Privilege io_uring use after free | (8.1) | Nov, 23 2022 | Linux | Link |
TOTOLINK LR350 setIpPortFilterRules buffer overflow | (7.5) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK LR350 setParentalRules buffer overflow | (7.5) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK LR350 setTracerouteCfg buffer overflow | (7.5) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK LR350 setOpModeCfg buffer overflow | (7.5) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK LR350 buffer overflow | (8.0) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK LR350 setSmsCfg buffer overflow | (7.5) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUploadSetting command injection | (7.6) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUssd command injection | (7.6) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setOpModeCfg command injection | (7.6) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK NR1800X UploadFirmwareFile command injection | (7.6) | Nov, 23 2022 | TOTOLINK | Link |
TOTOLINK LR350 setDiagnosisCfg improper authentication | (7.5) | Nov, 23 2022 | TOTOLINK | Link |
yii unserialize deserialization | (7.8) | Nov, 23 2022 | yii | Link |
rizalafani cms-php login_manager.php get_user sql injection | (7.6) | Nov, 23 2022 | rizalafani | Link |
oretnom23 Apartment Visitor Management System index.php sql injection | (7.5) | Nov, 23 2022 | oretnom23 | Link |
Linux Kernel Bluetooth l2cap_core.c’s l2cap_le_connect_req use after free | (8.0) | Nov, 23 2022 | Linux | Link |
quarkus Dev UI Config Editor code injection | (8.0) | Nov, 23 2022 | quarkus | Link |
Carel Boss Mini access control | (7.6) | Nov, 24 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 24 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 24 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 24 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 24 2022 | librenms | Link |
Trend Micro Apex One Change Prevention Service memory corruption | (7.5) | Nov, 24 2022 | Trend | Link |
Trend Micro Apex One out-of-bounds | (7.5) | Nov, 24 2022 | Trend | Link |
Trend Micro Apex One exceptional condition | (8.1) | Nov, 24 2022 | Trend | Link |
Trend Micro Apex One Security Agent pathname traversal | (8.1) | Nov, 24 2022 | Trend | Link |
Tenda AC18 formSetWifiGuestBasic buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Tenda AC18 addWifiMacFilter buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Tenda AC18 formWifiWpsOOB buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Tenda AC18 fromSetRouteStatic buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Tenda AC18 formSetMacFilterCfg buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Tenda AC18 formSetDeviceName buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Tenda AC18 R7WebsSecurityHandler buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Tenda AC18 form_fast_setting_wifi_set buffer overflow | (7.5) | Nov, 24 2022 | Tenda | Link |
Insyde Kernel UEFI Variable stack-based overflow | (7.8) | Nov, 24 2022 | Insyde | Link |
ZTE PON OLT access control | (8.0) | Nov, 24 2022 | ZTE | Link |
Billing System Project fetchOrderData.php sql injection | (7.5) | Nov, 24 2022 | Billing | Link |
D-Link DIR-882 webGetVarString buffer overflow | (7.5) | Nov, 24 2022 | D-Link | Link |
D-Link DIR-882 buffer overflow | (7.5) | Nov, 24 2022 | D-Link | Link |
D-Link DIR-882 websRedirect buffer overflow | (7.5) | Nov, 24 2022 | D-Link | Link |
D-Link DIR-878 access control | (7.5) | Nov, 24 2022 | D-Link | Link |
D-Link DIR878 buffer overflow | (7.5) | Nov, 24 2022 | D-Link | Link |
D-Link DIR823G command injection | (7.5) | Nov, 24 2022 | D-Link | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P wan_dns1_pri buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 24 2022 | Netgear | Link |
D-Link DIR-823G HNAP API HNAP1 command injection | (7.6) | Nov, 24 2022 | D-Link | Link |
Linux Kernel Local Privilege io_uring use after free | (8.1) | Nov, 24 2022 | Linux | Link |
TOTOLINK LR350 setIpPortFilterRules buffer overflow | (7.5) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK LR350 setParentalRules buffer overflow | (7.5) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK LR350 setTracerouteCfg buffer overflow | (7.5) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK LR350 setOpModeCfg buffer overflow | (7.5) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK LR350 buffer overflow | (8.0) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK LR350 setSmsCfg buffer overflow | (7.5) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUploadSetting command injection | (7.6) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUssd command injection | (7.6) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setOpModeCfg command injection | (7.6) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK NR1800X UploadFirmwareFile command injection | (7.6) | Nov, 24 2022 | TOTOLINK | Link |
TOTOLINK LR350 setDiagnosisCfg improper authentication | (7.5) | Nov, 24 2022 | TOTOLINK | Link |
yii unserialize deserialization | (7.8) | Nov, 24 2022 | yii | Link |
rizalafani cms-php login_manager.php get_user sql injection | (7.6) | Nov, 24 2022 | rizalafani | Link |
oretnom23 Apartment Visitor Management System index.php sql injection | (7.5) | Nov, 24 2022 | oretnom23 | Link |
Linux Kernel Bluetooth l2cap_core.c’s l2cap_le_connect_req use after free | (8.0) | Nov, 24 2022 | Linux | Link |
quarkus Dev UI Config Editor code injection | (8.0) | Nov, 24 2022 | quarkus | Link |
Moxa UC-8100A-ME-T unnecessary privileges | (8.1) | Nov, 24 2022 | Moxa | Link |
GE CIMPLICITY out-of-bounds write | (8.3) | Nov, 24 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer untrusted pointer dereference | (8.8) | Nov, 24 2022 | GE | Link |
GE CIMPLICITY heap-based overflow | (8.3) | Nov, 24 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer uninitialized pointer | (8.3) | Nov, 24 2022 | GE | Link |
GE CIMPLICITY CGmmiRootOptionTable uninitialized pointer | (8.3) | Nov, 24 2022 | GE | Link |
AVEVA Edge StADOSvr.exe access control | (9.4) | Nov, 24 2022 | AVEVA | Link |
Pilz PASvisu Server ZIP Configuration File path traversal | (8.1) | Nov, 24 2022 | Pilz | Link |
qmpaas leadshop routine | (8.5) | Nov, 24 2022 | qmpaas | Link |
rickxy Stock Management System processlogin.php sql injection | (7.9) | Nov, 24 2022 | rickxy | Link |
iTerm2 DECRQSS Response Privilege Escalation | (7.5) | Nov, 24 2022 | iTerm2 | Link |
Boa sql injection | (7.5) | Nov, 24 2022 | Boa | Link |
SolarWinds Network Performance Monitor WebUserSettingsCrudHandler input validation | (8.6) | Nov, 24 2022 | SolarWinds | Link |
SolarWinds Network Performance Monitor DeserializeFromStrippedXml deserialization | (8.4) | Nov, 24 2022 | SolarWinds | Link |
Carel Boss Mini access control | (7.6) | Nov, 25 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 25 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 25 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 25 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 25 2022 | librenms | Link |
Trend Micro Apex One Change Prevention Service memory corruption | (7.5) | Nov, 25 2022 | Trend | Link |
Trend Micro Apex One out-of-bounds | (7.5) | Nov, 25 2022 | Trend | Link |
Trend Micro Apex One exceptional condition | (8.1) | Nov, 25 2022 | Trend | Link |
Trend Micro Apex One Security Agent pathname traversal | (8.1) | Nov, 25 2022 | Trend | Link |
Tenda AC18 formSetWifiGuestBasic buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Tenda AC18 addWifiMacFilter buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Tenda AC18 formWifiWpsOOB buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Tenda AC18 fromSetRouteStatic buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Tenda AC18 formSetMacFilterCfg buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Tenda AC18 formSetDeviceName buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Tenda AC18 R7WebsSecurityHandler buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Tenda AC18 form_fast_setting_wifi_set buffer overflow | (7.5) | Nov, 25 2022 | Tenda | Link |
Insyde Kernel UEFI Variable stack-based overflow | (7.8) | Nov, 25 2022 | Insyde | Link |
ZTE PON OLT access control | (8.0) | Nov, 25 2022 | ZTE | Link |
Billing System Project fetchOrderData.php sql injection | (7.5) | Nov, 25 2022 | Billing | Link |
D-Link DIR-882 webGetVarString buffer overflow | (7.5) | Nov, 25 2022 | D-Link | Link |
D-Link DIR-882 buffer overflow | (7.5) | Nov, 25 2022 | D-Link | Link |
D-Link DIR-882 websRedirect buffer overflow | (7.5) | Nov, 25 2022 | D-Link | Link |
D-Link DIR-878 access control | (7.5) | Nov, 25 2022 | D-Link | Link |
D-Link DIR878 buffer overflow | (7.5) | Nov, 25 2022 | D-Link | Link |
D-Link DIR823G command injection | (7.5) | Nov, 25 2022 | D-Link | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P wan_dns1_pri buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 25 2022 | Netgear | Link |
D-Link DIR-823G HNAP API HNAP1 command injection | (7.6) | Nov, 25 2022 | D-Link | Link |
Linux Kernel Local Privilege io_uring use after free | (8.1) | Nov, 25 2022 | Linux | Link |
TOTOLINK LR350 setIpPortFilterRules buffer overflow | (7.5) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK LR350 setParentalRules buffer overflow | (7.5) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK LR350 setTracerouteCfg buffer overflow | (7.5) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK LR350 setOpModeCfg buffer overflow | (7.5) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK LR350 buffer overflow | (8.0) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK LR350 setSmsCfg buffer overflow | (7.5) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUploadSetting command injection | (7.6) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUssd command injection | (7.6) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setOpModeCfg command injection | (7.6) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK NR1800X UploadFirmwareFile command injection | (7.6) | Nov, 25 2022 | TOTOLINK | Link |
TOTOLINK LR350 setDiagnosisCfg improper authentication | (7.5) | Nov, 25 2022 | TOTOLINK | Link |
yii unserialize deserialization | (7.8) | Nov, 25 2022 | yii | Link |
rizalafani cms-php login_manager.php get_user sql injection | (7.6) | Nov, 25 2022 | rizalafani | Link |
oretnom23 Apartment Visitor Management System index.php sql injection | (7.5) | Nov, 25 2022 | oretnom23 | Link |
Linux Kernel Bluetooth l2cap_core.c’s l2cap_le_connect_req use after free | (8.0) | Nov, 25 2022 | Linux | Link |
quarkus Dev UI Config Editor code injection | (8.0) | Nov, 25 2022 | quarkus | Link |
Moxa UC-8100A-ME-T unnecessary privileges | (8.1) | Nov, 25 2022 | Moxa | Link |
GE CIMPLICITY out-of-bounds write | (8.3) | Nov, 25 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer untrusted pointer dereference | (8.8) | Nov, 25 2022 | GE | Link |
GE CIMPLICITY heap-based overflow | (8.3) | Nov, 25 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer uninitialized pointer | (8.3) | Nov, 25 2022 | GE | Link |
GE CIMPLICITY CGmmiRootOptionTable uninitialized pointer | (8.3) | Nov, 25 2022 | GE | Link |
AVEVA Edge StADOSvr.exe access control | (9.4) | Nov, 25 2022 | AVEVA | Link |
Pilz PASvisu Server ZIP Configuration File path traversal | (8.1) | Nov, 25 2022 | Pilz | Link |
qmpaas leadshop routine | (8.5) | Nov, 25 2022 | qmpaas | Link |
rickxy Stock Management System processlogin.php sql injection | (7.9) | Nov, 25 2022 | rickxy | Link |
iTerm2 DECRQSS Response Privilege Escalation | (7.5) | Nov, 25 2022 | iTerm2 | Link |
Boa sql injection | (7.5) | Nov, 25 2022 | Boa | Link |
SolarWinds Network Performance Monitor WebUserSettingsCrudHandler input validation | (8.6) | Nov, 25 2022 | SolarWinds | Link |
SolarWinds Network Performance Monitor DeserializeFromStrippedXml deserialization | (8.4) | Nov, 25 2022 | SolarWinds | Link |
Badaso unrestricted upload | (8.5) | Nov, 25 2022 | Badaso | Link |
Epson TM-C3500/TM-C7500 improper authentication | (7.7) | Nov, 25 2022 | Epson | Link |
activerecord Gem YAML deserialization | (8.4) | Nov, 25 2022 | activerecord | Link |
Linux Kernel dvbdev.c dvb_register_device use after free | (8.8) | Nov, 25 2022 | Linux | Link |
Mitsubishi Electric GX Works3 hard-coded key | (7.8) | Nov, 25 2022 | Mitsubishi | Link |
Carel Boss Mini access control | (7.6) | Nov, 26 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 26 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 26 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 26 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 26 2022 | librenms | Link |
Trend Micro Apex One Change Prevention Service memory corruption | (7.5) | Nov, 26 2022 | Trend | Link |
Trend Micro Apex One out-of-bounds | (7.5) | Nov, 26 2022 | Trend | Link |
Trend Micro Apex One exceptional condition | (8.1) | Nov, 26 2022 | Trend | Link |
Trend Micro Apex One Security Agent pathname traversal | (8.1) | Nov, 26 2022 | Trend | Link |
Tenda AC18 formSetWifiGuestBasic buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Tenda AC18 addWifiMacFilter buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Tenda AC18 formWifiWpsOOB buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Tenda AC18 fromSetRouteStatic buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Tenda AC18 formSetMacFilterCfg buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Tenda AC18 formSetDeviceName buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Tenda AC18 R7WebsSecurityHandler buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Tenda AC18 form_fast_setting_wifi_set buffer overflow | (7.5) | Nov, 26 2022 | Tenda | Link |
Insyde Kernel UEFI Variable stack-based overflow | (7.8) | Nov, 26 2022 | Insyde | Link |
ZTE PON OLT access control | (8.0) | Nov, 26 2022 | ZTE | Link |
Billing System Project fetchOrderData.php sql injection | (7.5) | Nov, 26 2022 | Billing | Link |
D-Link DIR-882 webGetVarString buffer overflow | (7.5) | Nov, 26 2022 | D-Link | Link |
D-Link DIR-882 buffer overflow | (7.5) | Nov, 26 2022 | D-Link | Link |
D-Link DIR-882 websRedirect buffer overflow | (7.5) | Nov, 26 2022 | D-Link | Link |
D-Link DIR-878 access control | (7.5) | Nov, 26 2022 | D-Link | Link |
D-Link DIR878 buffer overflow | (7.5) | Nov, 26 2022 | D-Link | Link |
D-Link DIR823G command injection | (7.5) | Nov, 26 2022 | D-Link | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P wan_dns1_pri buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 26 2022 | Netgear | Link |
D-Link DIR-823G HNAP API HNAP1 command injection | (7.6) | Nov, 26 2022 | D-Link | Link |
Linux Kernel Local Privilege io_uring use after free | (8.1) | Nov, 26 2022 | Linux | Link |
TOTOLINK LR350 setIpPortFilterRules buffer overflow | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK LR350 setParentalRules buffer overflow | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK LR350 setTracerouteCfg buffer overflow | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK LR350 setOpModeCfg buffer overflow | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK LR350 buffer overflow | (8.0) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK LR350 setSmsCfg buffer overflow | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUploadSetting command injection | (7.6) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUssd command injection | (7.6) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setOpModeCfg command injection | (7.6) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK NR1800X UploadFirmwareFile command injection | (7.6) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK LR350 setDiagnosisCfg improper authentication | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
yii unserialize deserialization | (7.8) | Nov, 26 2022 | yii | Link |
rizalafani cms-php login_manager.php get_user sql injection | (7.6) | Nov, 26 2022 | rizalafani | Link |
oretnom23 Apartment Visitor Management System index.php sql injection | (7.5) | Nov, 26 2022 | oretnom23 | Link |
Linux Kernel Bluetooth l2cap_core.c’s l2cap_le_connect_req use after free | (8.0) | Nov, 26 2022 | Linux | Link |
quarkus Dev UI Config Editor code injection | (8.0) | Nov, 26 2022 | quarkus | Link |
Moxa UC-8100A-ME-T unnecessary privileges | (8.1) | Nov, 26 2022 | Moxa | Link |
GE CIMPLICITY out-of-bounds write | (8.3) | Nov, 26 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer untrusted pointer dereference | (8.8) | Nov, 26 2022 | GE | Link |
GE CIMPLICITY heap-based overflow | (8.3) | Nov, 26 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer uninitialized pointer | (8.3) | Nov, 26 2022 | GE | Link |
GE CIMPLICITY CGmmiRootOptionTable uninitialized pointer | (8.3) | Nov, 26 2022 | GE | Link |
AVEVA Edge StADOSvr.exe access control | (9.4) | Nov, 26 2022 | AVEVA | Link |
Pilz PASvisu Server ZIP Configuration File path traversal | (8.1) | Nov, 26 2022 | Pilz | Link |
qmpaas leadshop routine | (8.5) | Nov, 26 2022 | qmpaas | Link |
rickxy Stock Management System processlogin.php sql injection | (7.9) | Nov, 26 2022 | rickxy | Link |
iTerm2 DECRQSS Response Privilege Escalation | (7.5) | Nov, 26 2022 | iTerm2 | Link |
Boa sql injection | (7.5) | Nov, 26 2022 | Boa | Link |
SolarWinds Network Performance Monitor WebUserSettingsCrudHandler input validation | (8.6) | Nov, 26 2022 | SolarWinds | Link |
SolarWinds Network Performance Monitor DeserializeFromStrippedXml deserialization | (8.4) | Nov, 26 2022 | SolarWinds | Link |
Badaso unrestricted upload | (8.5) | Nov, 26 2022 | Badaso | Link |
Epson TM-C3500/TM-C7500 improper authentication | (7.7) | Nov, 26 2022 | Epson | Link |
activerecord Gem YAML deserialization | (8.4) | Nov, 26 2022 | activerecord | Link |
Linux Kernel dvbdev.c dvb_register_device use after free | (8.8) | Nov, 26 2022 | Linux | Link |
Mitsubishi Electric GX Works3 hard-coded key | (7.8) | Nov, 26 2022 | Mitsubishi | Link |
PyTorch torch.jit.annotations.parse_type_line command injection | (7.5) | Nov, 26 2022 | PyTorch | Link |
TOTOLINK A7100RU setOpenVpnCfg command injection | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
TOTOLINK A7100RU setOpenVpnClientCfg the command injection | (7.5) | Nov, 26 2022 | TOTOLINK | Link |
Jeecg-boot updateNullByEmptyString sql injection | (7.6) | Nov, 26 2022 | Jeecg-boot | Link |
Jeecg-boot check sql injection | (7.6) | Nov, 26 2022 | Jeecg-boot | Link |
Moodle LTI Provider Library server-side request forgery | (7.5) | Nov, 26 2022 | Moodle | Link |
Kyungrinara ERP Solution sERP Server hard-coded credentials | (8.7) | Nov, 26 2022 | Kyungrinara | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (7.5) | Nov, 26 2022 | PaddlePaddle | Link |
Carel Boss Mini access control | (7.6) | Nov, 27 2022 | Carel | Link |
WatchTowerHQ Plugin denial of service | (7.7) | Nov, 27 2022 | WatchTowerHQ | Link |
Api2Cart Bridge Connector Plugin unrestricted upload | (8.4) | Nov, 27 2022 | Api2Cart | Link |
Permalink Manager Lite Plugin access control | (7.8) | Nov, 27 2022 | Permalink | Link |
librenms deserialization | (7.7) | Nov, 27 2022 | librenms | Link |
Trend Micro Apex One Change Prevention Service memory corruption | (7.5) | Nov, 27 2022 | Trend | Link |
Trend Micro Apex One out-of-bounds | (7.5) | Nov, 27 2022 | Trend | Link |
Trend Micro Apex One exceptional condition | (8.1) | Nov, 27 2022 | Trend | Link |
Trend Micro Apex One Security Agent pathname traversal | (8.1) | Nov, 27 2022 | Trend | Link |
Tenda AC18 formSetWifiGuestBasic buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Tenda AC18 addWifiMacFilter buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Tenda AC18 formWifiWpsOOB buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Tenda AC18 fromSetRouteStatic buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Tenda AC18 formSetMacFilterCfg buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Tenda AC18 formSetDeviceName buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Tenda AC18 R7WebsSecurityHandler buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Tenda AC18 form_fast_setting_wifi_set buffer overflow | (7.5) | Nov, 27 2022 | Tenda | Link |
Insyde Kernel UEFI Variable stack-based overflow | (7.8) | Nov, 27 2022 | Insyde | Link |
ZTE PON OLT access control | (8.0) | Nov, 27 2022 | ZTE | Link |
Billing System Project fetchOrderData.php sql injection | (7.5) | Nov, 27 2022 | Billing | Link |
D-Link DIR-882 webGetVarString buffer overflow | (7.5) | Nov, 27 2022 | D-Link | Link |
D-Link DIR-882 buffer overflow | (7.5) | Nov, 27 2022 | D-Link | Link |
D-Link DIR-882 websRedirect buffer overflow | (7.5) | Nov, 27 2022 | D-Link | Link |
D-Link DIR-878 access control | (7.5) | Nov, 27 2022 | D-Link | Link |
D-Link DIR878 buffer overflow | (7.5) | Nov, 27 2022 | D-Link | Link |
D-Link DIR823G command injection | (7.5) | Nov, 27 2022 | D-Link | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P wan_dns1_pri buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
Netgear R7000P httpd buffer overflow | (7.5) | Nov, 27 2022 | Netgear | Link |
D-Link DIR-823G HNAP API HNAP1 command injection | (7.6) | Nov, 27 2022 | D-Link | Link |
Linux Kernel Local Privilege io_uring use after free | (8.1) | Nov, 27 2022 | Linux | Link |
TOTOLINK LR350 setIpPortFilterRules buffer overflow | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK LR350 setParentalRules buffer overflow | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK LR350 setTracerouteCfg buffer overflow | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK LR350 setOpModeCfg buffer overflow | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK LR350 buffer overflow | (8.0) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK LR350 setSmsCfg buffer overflow | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUploadSetting command injection | (7.6) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setUssd command injection | (7.6) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK NR1800X setOpModeCfg command injection | (7.6) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK NR1800X UploadFirmwareFile command injection | (7.6) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK LR350 setDiagnosisCfg improper authentication | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
yii unserialize deserialization | (7.8) | Nov, 27 2022 | yii | Link |
rizalafani cms-php login_manager.php get_user sql injection | (7.6) | Nov, 27 2022 | rizalafani | Link |
oretnom23 Apartment Visitor Management System index.php sql injection | (7.5) | Nov, 27 2022 | oretnom23 | Link |
Linux Kernel Bluetooth l2cap_core.c’s l2cap_le_connect_req use after free | (8.0) | Nov, 27 2022 | Linux | Link |
quarkus Dev UI Config Editor code injection | (8.0) | Nov, 27 2022 | quarkus | Link |
Moxa UC-8100A-ME-T unnecessary privileges | (8.1) | Nov, 27 2022 | Moxa | Link |
GE CIMPLICITY out-of-bounds write | (8.3) | Nov, 27 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer untrusted pointer dereference | (8.8) | Nov, 27 2022 | GE | Link |
GE CIMPLICITY heap-based overflow | (8.3) | Nov, 27 2022 | GE | Link |
GE CIMPLICITY CGmmiOptionContainer uninitialized pointer | (8.3) | Nov, 27 2022 | GE | Link |
GE CIMPLICITY CGmmiRootOptionTable uninitialized pointer | (8.3) | Nov, 27 2022 | GE | Link |
AVEVA Edge StADOSvr.exe access control | (9.4) | Nov, 27 2022 | AVEVA | Link |
Pilz PASvisu Server ZIP Configuration File path traversal | (8.1) | Nov, 27 2022 | Pilz | Link |
qmpaas leadshop routine | (8.5) | Nov, 27 2022 | qmpaas | Link |
rickxy Stock Management System processlogin.php sql injection | (7.9) | Nov, 27 2022 | rickxy | Link |
iTerm2 DECRQSS Response Privilege Escalation | (7.5) | Nov, 27 2022 | iTerm2 | Link |
Boa sql injection | (7.5) | Nov, 27 2022 | Boa | Link |
SolarWinds Network Performance Monitor WebUserSettingsCrudHandler input validation | (8.6) | Nov, 27 2022 | SolarWinds | Link |
SolarWinds Network Performance Monitor DeserializeFromStrippedXml deserialization | (8.4) | Nov, 27 2022 | SolarWinds | Link |
Badaso unrestricted upload | (8.5) | Nov, 27 2022 | Badaso | Link |
Epson TM-C3500/TM-C7500 improper authentication | (7.7) | Nov, 27 2022 | Epson | Link |
activerecord Gem YAML deserialization | (8.4) | Nov, 27 2022 | activerecord | Link |
Linux Kernel dvbdev.c dvb_register_device use after free | (8.8) | Nov, 27 2022 | Linux | Link |
Mitsubishi Electric GX Works3 hard-coded key | (7.8) | Nov, 27 2022 | Mitsubishi | Link |
PyTorch torch.jit.annotations.parse_type_line command injection | (7.5) | Nov, 27 2022 | PyTorch | Link |
TOTOLINK A7100RU setOpenVpnCfg command injection | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
TOTOLINK A7100RU setOpenVpnClientCfg the command injection | (7.5) | Nov, 27 2022 | TOTOLINK | Link |
Jeecg-boot updateNullByEmptyString sql injection | (7.6) | Nov, 27 2022 | Jeecg-boot | Link |
Jeecg-boot check sql injection | (7.6) | Nov, 27 2022 | Jeecg-boot | Link |
Moodle LTI Provider Library server-side request forgery | (7.5) | Nov, 27 2022 | Moodle | Link |
Kyungrinara ERP Solution sERP Server hard-coded credentials | (8.7) | Nov, 27 2022 | Kyungrinara | Link |
PaddlePaddle paddle.audio.functional.get_window code injection | (7.5) | Nov, 27 2022 | PaddlePaddle | Link |
Botan OCSP Response certificate validation | (7.5) | Nov, 27 2022 | Botan | Link |
Linux Kernel l2cap_config_req Packet l2cap_core.c integer overflow | (7.7) | Nov, 27 2022 | Linux | Link |
Linux Kernel dvb_ca_en50221.c dvb_ca_en50221_io_release use after free | (7.7) | Nov, 27 2022 | Linux | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Nov, 28 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Nov, 28 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Nov, 28 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Nov, 28 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Nov, 28 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Nov, 28 2022 | Acer | Link |
School Management System sql injection | (7.7) | Nov, 28 2022 | School | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Nov, 29 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Nov, 29 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Nov, 29 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Nov, 29 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Nov, 29 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Nov, 29 2022 | Acer | Link |
School Management System sql injection | (7.7) | Nov, 29 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Nov, 29 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Nov, 29 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Nov, 29 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Nov, 29 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Nov, 29 2022 | PuneethReddyHC | Link |
oretnom23 Purchase Order Management System unrestricted upload | (9.3) | Nov, 30 2022 | oretnom23 | Link |
AVS Audio Converter buffer overflow | (7.9) | Nov, 30 2022 | AVS | Link |
crewjam saml Assertion Element improper authentication | (8.0) | Nov, 30 2022 | crewjam | Link |
Online Tours & Travels Management System file.php unrestricted upload | (9.3) | Nov, 30 2022 | Online | Link |
Poultry Farm Management System category.php sql injection | (7.5) | Nov, 30 2022 | Poultry | Link |
Acer Notebook HQSwSmiDxe Driver default permission | (7.7) | Nov, 30 2022 | Acer | Link |
School Management System sql injection | (7.7) | Nov, 30 2022 | School | Link |
GPAC unquantize.c Q_IsTypeOn use after free | (7.5) | Nov, 30 2022 | GPAC | Link |
ghost Newsletter access control | (7.8) | Nov, 30 2022 | ghost | Link |
Squirrly SEO Plugin unrestricted upload | (7.9) | Nov, 30 2022 | Squirrly | Link |
Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation | (7.7) | Nov, 30 2022 | Russound | Link |
PuneethReddyHC online-shopping-system-advanced product.php sql injection | (7.5) | Nov, 30 2022 | PuneethReddyHC | Link |
Microsoft Edge GPU heap-based overflow | (7.8) | Nov, 30 2022 | Microsoft | Link |
Tribal Systems Zenario CMS Privilege Escalation | (8.0) | Nov, 30 2022 | Tribal | Link |
oretnom23 Simple Inventory Management System login.php sql injection | (7.5) | Nov, 30 2022 | oretnom23 | Link |
SourceCodester Book Store Management System index.php access control | (7.9) | Nov, 30 2022 | SourceCodester | Link |
owncast sql injection | (8.2) | Nov, 30 2022 | owncast | Link |
Book Store Management System Admin Panel hard-coded credentials | (7.9) | Nov, 30 2022 | Book | Link |
Sanitization Management System Admin Panel hard-coded credentials | (7.9) | Nov, 30 2022 | Sanitization | Link |
OP-TEE Trusted OS cleanup_shm_refs array index | (7.8) | Nov, 30 2022 | OP-TEE | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
Cisco SD-WAN CLI path traversal | (8.1) | Oct 1, 2022 | Cisco SD-WAN CLI | Link |
Cisco SD-WAN CLI path traversal | (8.1) | Oct 1, 2022 | Cisco SD-WAN CLI | Link |
Veritas NetBackup NBFSMCLIENT Service sql injection | (8.1) | Oct 3, 2022 | Veritas NetBackup | Link |
Axiomatic Bento4 mp4mux ReadBit out-of-bounds write | (7.5) | Oct 3, 2022 | Axiomatic Bento4 | Link |
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow | (9.4) | Oct 5, 2022 | Aruba InstantOS | Link |
BD Totalys MultiProcessor hard-coded credentials | (7.7) | Oct 5, 2022 | BD Totalys | Link |
Cisco TelePresence CE Version Control unknown vulnerability | (8.4) | Oct 6, 2022 | Cisco Telepresence | Link |
Generex CS141 Web Interface gxserve-update.sh run_update Privilege Escalation | (8.0) | Oct 6, 2022 | Generex CS141 | Link |
Fortinet FortiOS/FortiProxy Administrative Interface improper authorization | (9.4) | Oct 7, 2022 | Fortinet FotiOS | Link |
ToolJet Invite privileges management | (8.4) | Oct 7, 2022 | ToolJet | Link |
Panini Everest Engine Everest.exe untrusted search path | (8.5) | Oct 8, 2022 | Panini Everest | Link |
Trend Micro Apex One Security Agent certificate validation | (8.4) | Oct 8, 2022 | Trend Micro | Link |
puppetlabs-apt os command injection | (7.6) | Oct 8, 2022 | Puppetlabs-apt | Link |
puppetlabs-mysql os command injection | (7.6) | Oct 8, 2022 | Puppetlabs-mysql | Link |
Fortinet FortiOS CLI Command os command injection | (8.9) | Oct 10, 2022 | Fortinet FotiOS | Link |
Dell Container Storage Modules goiscsi/gobrick os command injection | (9.8) | Oct 11, 2022 | Dell Container | Link |
Dell Container Storage Modules goiscsi/gobrick os command injection | (8.8) | Oct 11, 2022 | Dell Container | Link |
Microsoft Windows Local Security Authority Privilege Escalation | (8.2) | Oct 11, 2022 | Microsoft Windows Local Security | Link |
Microsoft Windows ODBC Driver Remote Code Execution | (7.7) | Oct 11, 2022 | Microsoft Windows ODBC | Link |
Microsoft Windows Server Service Privilege Escalation | (7.7) | Oct 11, 2022 | Microsoft Windows Server | Link |
Array Networks ArrayOS command injection | (8.4) | Oct 13, 2022 | Array Networks | Link |
Dell GeoDrive unquoted search path | (7.6) | Oct 13, 2022 | Dell GeoDrive | Link |
PerFact OpenVPN Client Config Command unknown vulnerability | (8.6) | Oct 14, 2022 | Perfect Openvpn | Link |
Huawei HarmonyOS MPTCP Module out-of-bounds write | (7.8) | Oct 14, 2022 | Huawei HarmonyOS | Link |
Google Android HTBLogKM out-of-bounds write | (7.5) | Oct 14, 2022 | Google Android | Link |
Adobe ColdFusion stack-based overflow | (8.4) | Oct 15, 2022 | Adobe | Link |
Adobe ColdFusion heap-based overflow | (8.4) | Oct 15, 2022 | Adobe | Link |
OpenHarmony Startup Subsystem improper authentication | (8.1) | Oct 15, 2022 | OpenHarmony | Link |
Fortinet FortiTester Telnet Login os command injection | (9.8) | Oct 18, 2022 | Fortinet FortiTester | Link |
Fortinet FortiTester SSH Login os command injection | (9.8) | Oct 18, 2022 | Fortinet | Link |
D-Link Router lighttpd stack-based overflow | (9.4) | Oct 18, 2022 | D-Link | Link |
D-Link DIR-2150 xupnpd command injection | (9.4) | Oct 18, 2022 | D-Link | Link |
D-Link DIR-2150 xupnpd_generic command injection | (9.4) | Oct 18, 2022 | D-Link | Link |
Windscribe uncontrolled search path | (8.4) | Oct 18, 2022 | Windscribe | Link |
Linux Kernel nft_object use after free | (8.4) | Oct 18, 2022 | Linux Kernel | Link |
D-Link DIR-2150 xupnpd ui_upload command injection | (8.4) | Oct 18, 2022 | D-Link | Link |
D-Link DIR-2150 anweb websocket_data_handler stack-based overflow | (8.4) | Oct 18, 2022 | D-Link | Link |
AVEVA Edge uncontrolled search path | (8.4) | Oct 18, 2022 | AVEVA | Link |
AVEVA Edge SetBytesToManagedControl deserialization | (8.4) | Oct 18, 2022 | AVEVA | Link |
OPC Labs QuickOPC deserialization | (8.4) | Oct 18, 2022 | OPC | Link |
Apple macOS Remote Event memory corruption | (7.7) | Oct 18, 2022 | Apple Macos | Link |
D-Link DIR-2150 anweb action_handler stack-based overflow | (7.6) | Oct 18, 2022 | D-Link | Link |
Qualcomm Snapdragon Auto WLAN memory corruption | (9.6) | Oct 19, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto WLAN integer overflow | (9.6) | Oct 19, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Mobile Multimedia use after free | (7.9) | Oct 19, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Mobile BTHOST memory corruption | (7.9) | Oct 19, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto Automotive Multimedia memory corruption | (7.9) | Oct 19, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto Metadata memory corruption | (7.9) | Oct 19, 2022 | Qualcomm | Link |
Nginx Plus ngx_http_hls_module out-of-bounds write | (7.7) | Oct 20, 2022 | Nginx | Link |
ORing IAP-420 Telnet Server hard-coded credentials | (9.2) | Oct 21, 2022 | ORing | Link |
Linux Kernel API io_uring Privilege Escalation | (8.4) | Oct 21, 2022 | Linux | Link |
Aethon TUG Home Base Server authorization | (7.6) | Oct 21, 2022 | Aethon | Link |
Aethon TUG Home Base Server channel accessible | (7.6) | Oct 21, 2022 | Aethon | Link |
Aethon TUG Home Base Server authorization | (7.6) | Oct 21, 2022 | Aethon | Link |
Lanner IAC-AST2500A spx_restservice Login_handler_func out-of-bounds write | (9.9) | Oct 24, 2022 | Lanner | Link |
Lanner IAC-AST2500A spx_restservice SubNet_handler_func out-of-bounds write | (9.9) | Oct 24, 2022 | Lanner | Link |
Lanner IAC-AST2500A spx_restservice KillDupUsr_func out-of-bounds write | (9.8) | Oct 24, 2022 | Lanner | Link |
Lanner IAC-AST2500A spx_restservice Login_handler_func stack-based overflow | (9.8) | Oct 24, 2022 | Lanner | Link |
Lanner IAC-AST2500A spx_restservice modifyUserb_func stack-based overflow | (9.4) | Oct 24, 2022 | Lanner | Link |
Apache Heron Log injection | (8.4) | Oct 24, 2022 | Apache | Link |
pikepdf PDF XMP Metadata Parser xml external entity reference | (8.4) | Oct 24, 2022 | Pikepdf | Link |
Sony Content Transfer untrusted search path | (8.2) | Oct 24, 2022 | Sony | Link |
Lanner IAC-AST2500A session fixiation | (7.6) | Oct 24, 2022 | Lanner | Link |
Abode iota All-In-One Security Kit XCMD stack-based overflow | (9.7) | Oct 25, 2022 | Abode | Link |
Abode iota All-In-One Security Kit Telnet hard-coded credentials | (9.6) | Oct 25, 2022 | Abode | Link |
Abode iota All-In-One Security Kit XCMD getVarHA format string | (8.4) | Oct 25, 2022 | Abode | Link |
Dataease MySQL Connection Parameter JdbcProvider.java deserialization | (8.4) | Oct 25, 2022 | Dataease MySQL | Link |
Abode iota All-In-One Security Kit HTTP Request wirelessConnect os command injection | (8.0) | Oct 25, 2022 | Abode | Link |
Microsoft Azure CLI code injection | (7.7) | Oct 25, 2022 | Microsoft Azure | Link |
Abode iota All-In-One Security Kit XCMD ghome_process_control_packet format string | (7.6) | Oct 25, 2022 | Abode | Link |
Abode iota All-In-One Security Kit XCMD testWifiAP format string | (7.6) | Oct 25, 2022 | Abode | Link |
Socket.io JS Library Attachment Parser sql injection | (8.5) | Oct 26, 2022 | Socket.io | Link |
OX Software OX App Suite Ghostscript os command injection | (8.4) | Oct 26, 2022 | OX Software | Link |
Zalando Skipper server-side request forgery | (7.9) | Oct 26, 2022 | Zalando | Link |
Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation pathname traversal | (9.4) | Oct 27, 2022 | Delta Electronics | Link |
Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode improper authentication | (9.4) | Oct 27, 2022 | Delta Electronics | Link |
Delta Electronics InfraSuite Device Master CheckLoadingStartupConfig pathname traversal | (9.4) | Oct 27, 2022 | Delta Electronics | Link |
Delta Electronics InfraSuite Device Master Device-Gateway Service deserialization | (9.4) | Oct 27, 2022 | Delta Electronics | Link |
Delta Electronics InfraSuite Device Master AddNewUser improper authentication | (9.4) | Oct 27, 2022 | Delta Electronics | Link |
Delta Electronics InfraSuite Device Master Device-DataCollect Service deserialization | (9.0) | Oct 27, 2022 | Delta Electronics | Link |
Delta Electronics InfraSuite Device Master DeSerializeBinary deserialization | (8.4) | Oct 27, 2022 | Delta Electronics | Link |
Delta Electronics InfraSuite Device Master ModifyPrivByID improper authentication | (8.4) | Oct 27, 2022 | Delta Electronics | Link |
Pimcore Twig Template code injection | (8.4) | Oct 27, 2022 | Pimcore | Link |
OpenBMC bmcweb multipart_parser heap-based overflow | (7.7) | Oct 27, 2022 | OpenBMC | Link |
OpenBMC bmcweb HTTP Header multipart_parser memory corruption | (7.7) | Oct 27, 2022 | OpenBMC | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
AutomationDirect DirectLOGIC Installation uncontrolled search path | (8.1) | Sep 1, 2022 | AutomationDirect | Link |
Contiki-NG IPv6 Packet uipbuf.c uipbuf_get_next_header buffer overflow | (7.7) | Sep 1, 2022 | Contiki-NG | Link |
Qualcomm Snapdragon Connectivity/Snapdragon Mobile Bluetooth Host stack-based overflow | (8.4) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto IO Space xPUs permission | (8.2) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto Multimedia memory corruption | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto DSP Service out-of-bounds write | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Connectivity ELF Header memory corruption | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto Video File Parser out-of-bounds | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto PCM Routing Process memory corruption | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Consumer IOT Graphic Driver use after free | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto Multimedia Driver memory corruption | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto Multimedia memory corruption | (7.9) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto RPMB cryptographic issues | (7.6) | Sep 2, 2022 | Qualcomm | Link |
Qualcomm Snapdragon Auto APR Routing Table memory corruption | (7.6) | Sep 2, 2022 | Qualcomm | Link |
SFTPGo Two-factor Authentication improper authentication | (7.6) | Sep 2, 2022 | SFTPGo | Link |
ZyXEL NAS326/NAS540/NAS542 UDP Packet format string | (9.6) | Sep 6, 2022 | ZyXEL | Link |
BitDefender GravityZone Console On-Premise Message deserialization | (8.6) | Sep 6, 2022 | BitDefender | Link |
Indy Node pool-upgrade Request improper authentication | (7.9) | Sep 6, 2022 | Indy | Link |
Outbyte PC Repair Installation File iertutil.dll uncontrolled search path | (8.5) | Sep 7, 2022 | Outbyte PC Repair | Link |
ActivityWatch authentication spoofing | (7.9) | Sep 7, 2022 | ActivityWatch | Link |
phpfusion unverified password change | (7.8) | Sep 7, 2022 | Phpfusion | Link |
QNAP QTS Photo Station external reference | (9.7) | Sep 8, 2022 | QNAP QTS | Link |
ikus060 rdiffweb improper restriction of rendered ui layers | (8.0) | Sep 9, 2022 | ikus060 | Link |
Wiki UI Main Wiki code injection | (7.9) | Sep 9, 2022 | Wiki Ul Main | Link |
XWiki Platform Applications Tag code injection | (7.9) | Sep 9, 2022 | XWiki | Link |
cruddl Schema special elements in data query logic | (7.9) | Sep 9, 2022 | Cruddl | Link |
Fortinet FortiSOAR HTTP GET Request os command injection | (7.8) | Sep 9, 2022 | Fortinet | Link |
XWiki Platform Web Templates Email Verification authentication bypass | (7.7) | Sep 9, 2022 | XWiki | Link |
MZ Automation libIEC61850 memcpy stack-based overflow | (9.4) | Sep 10, 2022 | Automation libIEC61850 | Link |
MZ Automation libIEC61850 stack-based overflow | (9.4) | Sep 10, 2022 | Automation libIEC61850 | Link |
Microsoft Windows Enterprise App Management Service Privilege Escalation | (7.8) | Sep 13, 2022 | Microsoft Windows | Link |
Microsoft Windows ODBC Driver Remote Code Execution | (7.7) | Sep 13, 2022 | Microsoft Windows | Link |
Microsoft Windows OLE DB Provider for SQL Server Remote Code Execution | (7.7) | Sep 13, 2022 | Microsoft Windows | Link |
Microsoft Dynamics CRM Privilege Escalation | (7.7) | Sep 13, 2022 | Microsoft Windows | Link |
Microsoft SharePoint Server Privilege Escalation | (7.7) | Sep 13, 2022 | Microsoft Windows | Link |
Onedev Docker Socket docker.sock external reference | (9.1) | Sep 14, 2022 | Onedev Docker | Link |
Crestron AirMedia Installation permission | (8.8) | Sep 14, 2022 | Crestron AirMedia | Link |
ionicabizau parse-url server-side request forgery | (8.0) | Sep 14, 2022 | İonicabizau | Link |
EZVIZ CS-CV248 Motion Detection stack-based overflow | (9.1) | Sep 15, 2022 | EZVIZ CS-CV248 | Link |
ionicabizau parse-url interpretation input | (8.2) | Sep 15, 2022 | İonicabizau | Link |
Qualcomm Snapdragon Connectivity/Snapdragon Mobile WLAN Key Parser memory corruption | (9.6) | Sep 16, 2022 | Qualcomm Snapdragon | Link |
Zoom On-Premise Meeting Connector MMR access control | (7.6) | Sep 17, 2022 | Zoom | Link |
Suprema Bio Star PUT Request access control | (8.8) | Sep 20, 2022 | Suprema Bio | Link |
Kayrasoft sql injection | (8.2) | Sep 20, 2022 | Kayrasoft | Link |
ForgeRock IDM/Java Remote Connector Server LDAP Connector access control | (7.6) | Sep 20, 2022 | ForgeRock | Link |
Aruba ClearPass Policy Manager OnGuard Agent Privilege Escalation | (8.8) | Sep 21, 2022 | Aruba ClearPass | Link |
UI Desktop access control | (8.8) | Sep 23, 2022 | UI Desktop | Link |
Sophos Firewall User Portal/Webadmin code injection | (8.5) | Sep 23, 2022 | Sophos Firewall | Link |
FFmpeg build_open_gop_key_points heap-based overflow | (7.5) | Sep 23, 2022 | FFmpeg | Link |
Grandstream GSD3710 strcopy stack-based overflow | (9.3) | Sep 24, 2022 | Grandstream | Link |
Measuresoft ScadaPro Server access control | (8.2) | Sep 24, 2022 | Measuresoft | Link |
Synacor Zimbra Collaboration Suite Nginx permission | (8.8) | Sep 26, 2022 | Synacor | Link |
Contec FXA3200 Wireless LAN Manager Interface mnt_cmd.cgi permission | (8.0) | Sep 26, 2022 | Contec FXA3200 | Link |
NuProcess Command Line Argument Java_java_lang_UNIXProcess_forkAndExec command injection | (8.4) | Sep 27, 2022 | NuProcess | Link |
Qualcomm Snapdragon Auto ION use after free | (7.9) | Sep 27, 2022 | Qualcomm Snapdragon | Link |
Mist Command-Line Interface permission | (7.5) | Sep 27, 2022 | Mist Command-Line | Link |
Carlo Gavazzi UWP/CPY Car Park Server path traversal | (9.6) | Sep 28, 2022 | Carlo Gavazzi | Link |
Carlo Gavazzi UWP/CPY Car Park Server hard-coded credentials | (9.6) | Sep 28, 2022 | Carlo Gavazzi | Link |
Carlo Gavazzi UWP/CPY Car Park Server hard-coded credentials | (9.6) | Sep 28, 2022 | Carlo Gavazzi | Link |
Carlo Gavazzi UWP/CPY Car Park Server API missing authentication | (9.6) | Sep 28, 2022 | Carlo Gavazzi | Link |
Carlo Gavazzi UWP/CPY Car Park Server API Parameter os command injection | (9.6) | Sep 28, 2022 | Carlo Gavazzi | Link |
Check Point ZoneAlarm Extreme Security Updates permission | (8.4) | Sep 28, 2022 | Check Point | Link |
Mozilla Firefox Maintenance Service toctou | (8.4) | Sep 29, 2022 | Mozilla Firefox | Link |
Mozilla Thunderbird Maintenance Service toctou | (8.4) | Sep 29, 2022 | Mozilla Thunderbird | Link |
matrix-js-sdk Verification key exchange without entity authentication | (7.8) | Sep 29, 2022 | matrix-js-sdk | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
kromitgmbh titra improper authorization | (8.4) | Aug 1, 2022 | Kromitgmbh titra | Link |
Shescape Regular Expression escapeAll injection | (8.4) | Aug 2, 2022 | Shescape | Link |
fs2 certificate validation | (8.0) | Aug 2, 2022 | fs2 certificate | Link |
CVAT server-side request forgery | (7.8) | Aug 2, 2022 | CVAT | Link |
VMware Workspace ONE Access improper authentication | (9.4) | Aug 3, 2022 | VMware Workspace | Link |
monorepo-build Remote Code Execution | (8.4) | Aug 3, 2022 | Monorepo | Link |
image-tiler Remote Code Execution | (8.4) | Aug 3, 2022 | İmage-tiler | Link |
tooljet access control | (8.4) | Aug 3, 2022 | Tooljet | Link |
gitblame gitblame.js injection | (8.2) | Aug 3, 2022 | Gitblame | Link |
heroku-env get.js injection | (8.2) | Aug 3, 2022 | Heroku | Link |
npos-tesseract ocr.js injection | (8.2) | Aug 3, 2022 | npos-tesseract | Link |
NHI Card Network Packet stack-based overflow | (7.7) | Aug 3, 2022 | NHI Card Network | Link |
OMICARD EDM hard-coded credentials | (9.6) | Aug 4, 2022 | OMICARD | Link |
DevExpress SafeBinaryFormatter deserialization | (8.6) | Aug 4, 2022 | DevExpress | Link |
Vinchin Backup and Recovery hard-coded credentials | (8.5) | Aug 4, 2022 | Vinchin | Link |
Sante PACS Server sql injection | (8.4) | Aug 4, 2022 | Sante PACS | Link |
OMICARD EDM API Function sql injection | (8.4) | Aug 4, 2022 | OMICARD EDM API | Link |
Sante DICOM Viewer Pro J2K File Parser out-of-bounds write | (8.3) | Aug 4, 2022 | Sante DICOM | Link |
KVM use after free | (7.8) | Aug 5, 2022 | KVM | Link |
Samsung Baseband heap-based overflow | (7.8) | Aug 5, 2022 | Samsung | Link |
Ethermint exposure of resource | (7.6) | Aug 5, 2022 | Ethermint | Link |
TCL LinkHub Mesh Wi-Fi MS1G Configuration logserver GetValue buffer overflow | (9.2) | Aug 6, 2022 | TCL LinkHub | Link |
TCL LinkHub Mesh Wi-Fi MS1G Network ucloud_del_node access control | (9.2) | Aug 6, 2022 | TCL LinkHub | Link |
TCL LinkHub Mesh Wi-Fi MS1G Network Packet addTimeGroup stack-based overflow | (8.8) | Aug 6, 2022 | TCL LinkHub | Link |
TCL LinkHub Mesh Wi-Fi MS1G Network confctl_set_guest_wlan denial of service | (8.8) | Aug 6, 2022 | TCL LinkHub | Link |
Microsoft Windows SMB Remote Code Execution | (7.7) | Aug 9, 2022 | Microsoft Wİndows | Link |
KUKA V-KSS Robot Configuration missing authentication | (9.6) | Aug 10, 2022 | KUKA V-KSS | Link |
Cisco Small Business RV345 buffer overflow | (9.4) | Aug 10, 2022 | Cisco Small | Link |
Siemens SCALANCE XR-500 injection | (8.4) | Aug 10, 2022 | Siemens | Link |
Cisco Small Business RV345 buffer overflow | (8.3) | Aug 10, 2022 | Cisco Small | Link |
Cisco Small Business RV345 buffer overflow | (8.3) | Aug 10, 2022 | Cisco Small | Link |
ClamAV Antivirus Regex Module out-of-bounds | (8.3) | Aug 10, 2022 | ClamAV | Link |
mc-kill-port kill Local Privilege Escalation | (7.6) | Aug 10, 2022 | mc-kill-port | Link |
B&R Studio input validation | (8.2) | Aug 11, 2022 | B&R | Link |
Zoom Client for Meetings URL Parser input validation | (7.8) | Aug 11, 2022 | Zoom | Link |
loopback-connector-postgresql sql injection | (7.6) | Aug 13, 2022 | Postgrsql | Link |
Cockpit authentication bypass | (8.4) | Aug 15, 2022 | Cockbit | Link |
nameless missing critical step in authentication | (8.4) | Aug 15, 2022 | Nameless | Link |
Zoom Client for Meetings signature verification | (8.6) | Aug 16, 2022 | Zoom | Link |
oxyno-zeta react-editable-json-tree neutralization of directives | (7.7) | Aug 16, 2022 | Oxyno-zeta | Link |
Emerson ControlWave BSAP-IP Protocol integrity check | (9.6) | Aug 17, 2022 | Emerson ControlWave | Link |
GOG Galaxy GOG.com permission | (8.8) | Aug 17, 2022 | GOG Galaxy | Link |
Sequi PortBloque S Requests improper authorization | (8.0) | Aug 17, 2022 | Sequi PortBloque | Link |
Sequi PortBloque S improper authentication | (7.8) | Aug 17, 2022 | Sequi PortBloque | Link |
Device42 CMDB db_optimize os command injection | (7.6) | Aug 17, 2022 | Device42 CMDB | Link |
Zoom Rooms for Conference Rooms signature verification | (8.4) | Aug 18, 2022 | Zoom | Link |
Qualys Cloud Agent access control | (8.4) | Aug 18, 2022 | Qualys Cloud Agent | Link |
Cisco Secure Web Appliance HTTP os command injection | (8.4) | Aug 19, 2022 | Cisco Secure | Link |
Project-Nexus sql injection | (8.5) | Aug 20, 2022 | Project-Nexus | Link |
IBM MQ XML Data xml external entity reference | (7.6) | Aug 20, 2022 | IBM MQ | Link |
MA Lighting grandMA2 Light hard-coded credentials | (8.8) | Aug 21, 2022 | MA Lighting | Link |
Linux Kernel eBPF out-of-bounds write | (8.6) | Aug 24, 2022 | Linux Kernel | Link |
mySCADA myPRO command injection | (8.4) | Aug 24, 2022 | mySCADA myPRO | Link |
Measuresoft ScadaPro Server ActiveX Control out-of-bounds write | (8.4) | Aug 24, 2022 | Measuresoft Scada Pro | Link |
Linux Kernel NILFS File System inode.c security_inode_alloc use after free | (8.4) | Aug 24, 2022 | Linux Kernel | Link |
Linksys MR8300 DDNS Service os command injection | (7.7) | Aug 24, 2022 | Linksys MR8300 | Link |
Cisco NX-OS/FXOS Discovery Protocol Packet stack-based overflow | (8.6) | Aug 25, 2022 | Cisco | Link |
Linux Kernel Pipe Buffer pipe_resize_ring locking | (8.4) | Aug 25, 2022 | Linux Kernel | Link |
Linux Kernel LightNVM Subsystem heap-based overflow | (8.4) | Aug 25, 2022 | Linux Kernel | Link |
RPM link following | (8.4) | Aug 26, 2022 | RPM | Link |
Linux Kernel SUID/GUID begin_new_exec permission | (8.4) | Aug 26, 2022 | Linux Kernel | Link |
Linux Kernel PLP Rose rose_bind use after free | (8.5) | Aug 29, 2022 | Linux Kernel | Link |
Linux Kernel io_uring Subsystem io_uring.c io_register_personality use after free | (8.4) | Aug 29, 2022 | Linux Kernel | Link |
Hytec Inter HWL-2511-SS Command Line Interface command injection | (8.5) | Aug 30, 2022 | Hytec | Link |
Le-yan Personnel and Salary Management System hard-coded credentials | (8.4) | Aug 30, 2022 | Le-yan | Link |
Patlite NH-FB Firmware unrestricted upload | (7.7) | Aug 30, 2022 | Patlite | Link |
Dell Container Storage Modules goiscsi/gobrick os command injection | (8.8) | Aug 31, 2022 | Dell | Link |
Dell EMC SmartFabric os command injection | (7.9) | Aug 31, 2022 | Dell | Link |
Dell Container Storage Modules goiscsi/gobrick path traversal | (7.5) | Aug 31, 2022 | Dell | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
OpenSSL RSA Private Key rsaz_exp_x2.c ossl_rsaz_mod_exp_avx512_x2 memory corruption | (9.4) | July 1, 2022 | OpenSSL | Link |
SaltStack Salt improper authorization | (8.0) | July 1, 2022 | SaltStack | Link |
Distributed Data Systems WebHMI os command injection | (8.0) | July 2, 2022 | Distrubuted Data System | Link |
Nokia DGX A100 BiosCfgTool memory corruption | (8.0) | July 2, 2022 | Nokia | Link |
GitLab Project Import Privilege Escalation | (7.9) | July 2, 2022 | GitLab | Link |
git-clone command injection | (7.6) | July 2, 2022 | git-clone | Link |
Home Spot Cube2 DHCP Server Reply os command injection | (8.5) | July 3, 2022 | Home Spot Cube2 | Link |
Linux Kernel User Namespace nf_tables_api.c nft_set_elem_init type confusion | (8.4) | July 5, 2022 | Linux Kernel | Link |
IOBit Advanced System Care/Action Download Center Asc.exe permission | (8.5) | July 6, 2022 | IOBit | Link |
MediaTek MT8797 Modem out-of-bounds write | (8.4) | July 6, 2022 | MediaTek | Link |
IOBit Advanced System Care/Driver Booster Update Procedure data authenticity | (7.8) | July 6, 2022 | IOBit | Link |
MediaTek MT8797 Modem 2G RR out-of-bounds write | (7.7) | July 6, 2022 | MediaTek | Link |
CWP command injection | (7.7) | July 7, 2022 | CWP | Link |
Dell EMC Storage Cloud Mobility Remote Code Execution | (8.9) | July 8, 2022 | Dell EMC | Link |
atoms183 CMS product_admin.php sql injection | (8.0) | July 8, 2022 | Atoms183 CMS | Link |
HPE IceWall SSO sql injection | (7.9) | July 8, 2022 | HPE | Link |
Dell EMC PowerProtect Cyber Recovery access control | (7.6) | July 8, 2022 | Dell EMC | Link |
Keycloak authorization | (7.6) | July 8, 2022 | Keycloak | Link |
Hap-WI Roxy-WI options.py subprocess_execute os command injection | (9.4) | July 9, 2022 | Hap-WI Roxy-WI | Link |
rpc.py HTTP Header deserialization | (8.2) | July 9, 2022 | Rpc | Link |
Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification missing critical step in authentication | (9.6) | July 11, 2022 | Lenze cabinet | Link |
Microsoft Azure Site Recovery VMWare to Azure Remote Code Execution | (8.1) | July 12, 2022 | Microsoft Azure | Link |
Microsoft Windows Shell Privilege Escalation | (7.8) | July 12, 2022 | Microsoft Windows Shell | Link |
Kubernetes aws-iam-authenticator access control | (7.7) | July 12, 2022 | Kubernetes | Link |
Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation | (7.6) | July 12, 2022 | Microsoft AZure | Link |
Pyramid EtherNet-IP Adapter Development Kit Packet out-of-bounds write | (9.1) | July 13, 2022 | Pyramid EtherNet-IP | Link |
Verizon 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtcmode.sh enable_ssh os command injection | (8.5) | July 14, 2022 | Verizon 5G Home | Link |
5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtc.lua crtcreadpartition os command injection | (8.5) | July 14, 2022 | 5G Home | Link |
Verizon 5G Home LVSKIHP OutDoorUnit crtcrpc JSON Listener rpc.lua crtcswitchsimprofile os command injection | (8.5) | July 14, 2022 | Verizon 5G Home | Link |
Verizon 5G Home LVSKIHP OutDoorUnit RPC Endpoint wnc_crtc_fw.sh crtc_fw_upgrade Privilege Escalation | (8.0) | July 14, 2022 | Verizon 5G Home | Link |
Verizon 5G Home LVSKIHP InDoorUnit RPC Endpoint crtc.lua crtcfwimage unrestricted upload | (8.0) | July 14, 2022 | Verizon 5G Home | Link |
Verizon 5G Home LVSKIHP OutDoorUnit Settings Page settings.lua os command injection | (7.7) | July 14, 2022 | Verizon 5G Home | Link |
Hap-WI Roxy-WI options.py subprocess_execute command injection | (8.5) | July 16, 2022 | Hap-WI Roxy-WI | Link |
Parallels Desktop HDAudio Virtual Device buffer overflow | (7.7) | July 16, 2022 | Parallels Desktop HDAudio | Link |
Infiray IRAY-A8Z3 strcpy buffer overflow | (8.0) | July 18, 2022 | Infiray IRAY | Link |
QVIS NVR DVR sudo Configuration access control | (7.6) | July 18, 2022 | QVIS NVR DVR | Link |
AnyDesk symlink | (8.5) | July 19, 2022 | AnyDesk | Link |
Feed Them Social Plugin deserialization | (8.4) | July 19, 2022 | Feed Them Social Plugin | Link |
Parallels Desktop permission assignment | (8.3) | July 19, 2022 | Parallels Desktop | Link |
Parallels Access uncontrolled search path | (8.3) | July 19, 2022 | Parallels Desktop | Link |
Fortinet FortiClient FortiESNAC Service path traversal | (8.3) | July 19, 2022 | Fortinet | Link |
Parallels Access Desktop Control Agent service uncontrolled search path | (8.3) | July 19, 2022 | Parallels Access Desktop | Link |
Parallels Desktop ACPI Virtual Device out-of-bounds | (7.7) | July 19, 2022 | Parallels Desktop ACPI | Link |
Zyxel USG ZyWALL CLI Command privileges management | (7.6) | July 19, 2022 | Zyxel | Link |
Yokogawa Passage Drive Interprocess Communication os command injection | (8.8) | July 20, 2022 | Yokogawa | Link |
Pega Platform JMX Interface deserialization | (8.5) | July 20, 2022 | Pega Platform | Link |
Digiwin BPM sql injection | (8.4) | July 20, 2022 | Digiwin | Link |
openSUSE Tumbleweed keylime symlink | (7.8) | July 20, 2022 | openSUSE | Link |
Fortinet FortiAP-U CLI CLI Command path traversal | (7.8) | July 20, 2022 | Fortinet | Link |
Fortinet FortiClientWindows unnecessary privileges | (7.8) | July 20, 2022 | Fortinet | Link |
Apple watchOS AppleAVD buffer overflow | (9.4) | July 21, 2022 | Apple | Link |
Apple watchOS Wi-Fi memory corruption | (9.4) | July 21, 2022 | Apple | Link |
Apple tvOS Wi-Fi Remote Code Execution | (8.4) | July 21, 2022 | Apple | Link |
Advantech iView command injection | (9.6) | July 22, 2022 | Advantech iView | Link |
Apple macOS Wi-Fi Remote Code Execution | (9.4) | July 22, 2022 | Apple | Link |
Apple macOS Wi-Fi Remote Code Execution | (9.4) | July 22, 2022 | Apple | Link |
Advantech iView sql injection | (7.6) | July 22, 2022 | Advantech iView | Link |
Advantech iView missing authentication | (7.6) | July 22, 2022 | Advantech iView | Link |
convert-svg-core SVG File code injection | (7.9) | July 23, 2022 | SVG File | Link |
Atos Unify OpenScape SBC/OpenScape Branch/OpenScape BCF Remote Code Execution | (8.4) | July 25, 2022 | Atos Unify OpenScape | Link |
ffmpeg-sdk index.js injection | (8.2) | July 25, 2022 | – | Link |
Osamaesh WP Visitor Statistics Plugin sql injection | (8.2) | July 25, 2022 | Osamaesh WP Visitor | Link |
Pega improper authorization | (8.5) | July 26, 2022 | Pega | Link |
hestiacp os command injection | (7.9) | July 27, 2022 | Hestiacp | Link |
Veritas NetBackup OpsCenter Java Classloader code injection | (9.8) | July 28, 2022 | Veritas | Link |
Synology Media Server CGI buffer overflow | (9.7) | July 28, 2022 | Synology Media server | Link |
Veritas NetBackup access control | (9.3) | July 28, 2022 | Veritas | Link |
Veritas NetBackup access control | (9.2) | July 28, 2022 | Veritas | Link |
Veritas NetBackup OpsCenter VxSS Subsystem hard-coded credentials | (8.8) | July 28, 2022 | Veritas | Link |
Veritas NetBackup OpsCenter Remote Code Execution | (8.7) | July 28, 2022 | Veritas | Link |
Veritas NetBackup OpsCenter Local Privilege Escalation | (8.5) | July 28, 2022 | Veritas | Link |
Veritas NetBackup OpsCenter User Account access control | (8.1) | July 28, 2022 | Veritas | Link |
Veritas Netbackup access control | (7.9) | July 28, 2022 | Veritas | Link |
AVEVA Platform Common Services uncontrolled search path | (7.9) | July 28, 2022 | AVEVA Platform | Link |
Veritas NetBackup access control | (7.8) | July 28, 2022 | Veritas | Link |
Veritas NetBackup Privilege Escalation | (7.7) | July 28, 2022 | Veritas | Link |
PHP libmagic finfo_buffer free of memory not on the heap | (7.7) | July 28, 2022 | PHP | Link |
SonicWALL Analytics On-Prem sql injection | (9.4) | July 29, 2022 | SonicWall | Link |
IBM PowerVM VIOS Remote Code Execution | (9.3) | July 29, 2022 | IBM PowerVM | Link |
Ovarro TBox TG2 Configuration code injection | (8.6) | July 29, 2022 | Ovarro TBox | Link |
Ovarro TBox TG2 Configuration File permission assignment | (8.6) | July 29, 2022 | Ovarro TBox | Link |
Inavitas Solar Log sql injection | (8.3) | July 29, 2022 | Inavitas Solar | Link |
HPE iLO 5 Remote Code Execution | (8.4) | July 31, 2022 | HPE iLO 5 | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
Sofia-SIP SDP Message Parser heap-based overflow | (8.0) | June 1, 2022 | Sofia-SIP | Link |
ramank775 Chat Server Access Token Validator this.authProvider.verifyAccessKey improper authentication | (8.0) | June 1, 2022 | Ramank775 | Link |
Schneider Electric Wiser Smart missing encryption | (7.7) | June 3, 2022 | Schneider Electric | Link |
eG Agent permission | (7.6) | June 3, 2022 | eG Agent | Link |
Atlassian Confluence Server/Data Center OGNL injection | (9.4) | June 4, 2022 | Atlassian Confluence Server | Link |
Dominion Democracy Suite Voting System ImageCast X certificate validation | (8.1) | June 5, 2022 | Dominion Democracy Suite Voting System | Link |
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow | (9.7) | June 6, 2022 | HID Mercury | Link |
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Hostname protection mechanism | (9.5) | June 6, 2022 | HID Mercury | Link |
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Route edit_route.cgi os command injection | (8.6) | June 6, 2022 | HID Mercury | Link |
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Firmware Binary direct request | (8.5) | June 6, 2022 | HID Mercury | Link |
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 path traversal | (8.0) | June 6, 2022 | HID Mercury | Link |
3CX Phone System PhoneSystem Terminal improper authentication | (8.8) | June 7, 2022 | 3CX Phone System | Link |
emicklei go-restful authorization | (8.1) | June 8, 2022 | Emicklei | Link |
ToaruOS Kernel access control | (7.7) | June 8, 2022 | ToaruOS | Link |
ITarian SAAS/On-Premise procedures security check for standard | (9.1) | June 9, 2022 | ITarian | Link |
Linux Kernel File System Notification copy_event_to_user use after free | (8.4) | June 9, 2022 | Linux Kernel File System | Link |
PJSIP STUN buffer overflow | (8.4) | June 9, 2022 | PJSIP | Link |
ITarian Endpoint Manage Communication Client OpenSSL Configuration openssl.conf permission | (8.1) | June 9, 2022 | ITarian | Link |
Firejail User Namespace join.c access control | (7.9) | June 9, 2022 | Firejail | Link |
gogs os command injection | (8.5) | June 10, 2022 | gogs | Link |
gogs path traversal | (8.5) | June 10, 2022 | gogs | Link |
jgraph drawio code injection | (8.3) | June 10, 2022 | jgraph | Link |
ToolJet Remote Code Execution | (7.6) | June 10, 2022 | ToolJet | Link |
RealVNC VNC Server Installer Repair access control | (8.4) | June 11, 2022 | RealVNC | Link |
Dell SupportAssist Client Consumer uncontrolled search path | (8.3) | June 11, 2022 | Dell Sport Asssist | Link |
Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow | (7.6) | June 11, 2022 | Linux Kernel | Link |
Festo Controller CECC-X-M1 POST Request os command injection | (9.6) | June 13, 2022 | Festo Controller | Link |
NAVER Cloud Explorer privileges management | (8.8) | June 13, 2022 | NAVER Cloud | Link |
Microsoft Windows Network File System Remote Code Execution | (8.9) | June 14, 2022 | Microsoft Windows | Link |
Microsoft Windows LDAP Remote Code Execution | (8.1) | June 14, 2022 | Microsoft Windows | Link |
Microsoft SharePoint Server Privilege Escalation | (8.1) | June 14, 2022 | Microsoft Sharepoint Server | Link |
Microsoft SharePoint Server Privilege Escalation | (8.1) | June 14, 2022 | Microsoft Sharepoint Server | Link |
Microsoft Windows LDAP Remote Code Execution | (8.1) | June 14, 2022 | Microsoft Windows LDAP | Link |
Microsoft Windows Kerberos AppContainer Privilege Escalation | (8.0) | June 14, 2022 | Microsoft Windows Kerberos | Link |
Microsoft Windows Kerberos Privilege Escalation | (7.7) | June 14, 2022 | Microsoft Windows Kerberos | Link |
Microsoft System Center Operations Manager Privilege Escalation | (7.6) | June 14, 2022 | Microsoft System Center Operations Manager | Link |
Splunk Enterprise Forwarder Bundle access control | (8.3) | June 15, 2022 | Splunk | Link |
PHP Parametrized Query uninitialized pointer | (7.7) | June 16, 2022 | PHP | Link |
Anker Eufy Homebase mips_collector use after free | (8.0) | June 17, 2022 | Anker Eufy Hombase | Link |
Parse Server Apple Game Center Auth Adapter improper authentication | (7.8) | June 17, 2022 | Apple Game Center | Link |
polonel trudesk API incorrect privileged apis | (8.5) | June 20, 2022 | Polonel Trudesk | Link |
polonel trudesk unrestricted upload | (8.3) | June 20, 2022 | Polonel Trudesk | Link |
McAfee Consumer Product Removal Tool Configuration File permission | (8.2) | June 20, 2022 | McAfee | Link |
McAfee Consumer Product Removal Tool uncontrolled search path | (8.2) | June 20, 2022 | McAfee | Link |
Phoenix Contact Product data authenticity | (9.6) | June 21, 2022 | Phoenix | Link |
Comodo Antivirus Quarantine access control | (8.8) | June 22, 2022 | Comodo Antivirus | Link |
Red Hat Enterprise Linux Kernel hard-coded key | (8.4) | June 22, 2022 | RedHat Enterprise Linux | Link |
Tenable Nessus PowerShell cmdlet Check access control | (8.4) | June 22, 2022 | Tenable Nessus | Link |
SiHAS SGW-300/ACM-300/GCM-300 Firmware improper authentication | (9.2) | June 23, 2022 | SiHAS SGW-300/ACM-300/GCM-300 Firmware | Link |
Pure Storage Purity FA/Purity FB Management Interface hard-coded credentials | (8.4) | June 23, 2022 | Pure Storage | Link |
Pure Storage Purity FA/Purity FB Restricted Shell access control | (7.6) | June 23, 2022 | Pure Storage | Link |
CODESYS Products Request unexpected sign extension | (9.8) | June 24, 2022 | CODESYS Products | Link |
CODESYS PLCWinNT and Runtime Toolkit 32 Password Protection insecure default initialization of resource | (9.6) | June 24, 2022 | CODESYS PLCWinNT | Link |
CODESYS Products Request heap-based overflow | (8.8) | June 24, 2022 | CODESYS Products | Link |
CODESYS Products Local File out-of-range pointer offset | (8.8) | June 24, 2022 | CODESYS Products | Link |
MELAG FTP Server unnecessary privileges | (8.1) | June 24, 2022 | Melag FTP | Link |
Illumina Local Run Manager unrestricted upload | (9.7) | June 25, 2022 | Illumina | Link |
Secheron SEPCOS behavioral workflow | (9.4) | June 25, 2022 | Secheron SEPCOS | Link |
EagleGet Downloader luminati_net_updater_win_eagleget_com Privilege Escalation | (8.8) | June 25, 2022 | EagleGet | Link |
Illumina Local Run Manager path traversal | (8.5) | June 25, 2022 | Illumina | Link |
Secheron SEPCOS FTP Server access control | (8.4) | June 25, 2022 | Secheron SEPCOS | Link |
Illumina Local Run Manager improper authorization | (8.0) | June 25, 2022 | Illumina | Link |
ionicabizau parse-url server-side request forgery | (8.2) | June 27, 2022 | İonicabizau | Link |
Douzone NeoRS ActiveX Module origin validation | (8.1) | June 28, 2022 | Douzone NeoRS | Link |
LDAP Account Manager injection | (7.6) | June 28, 2022 | LDAP | Link |
Clever underscore.deep deepFromFlat prototype pollution | (7.6) | June 28, 2022 | Clever DeepFromFlat | Link |
Vulnerability | CVSSv3 | Release Date | Products | References |
Bender CC612 SSH hard-coded password (CVE-2021-34601) | (9.8) | Apr 28, 2022 | Bender CC612 | Link |
Bender CC612/CC613/ICC15xx/ICC16xx ifplugd unnecessary privileges (CVE-2021-34591) | (7.6) | Apr 28, 2022 | Bender CC612/CC613/ICC15xx/ICC16xx | Link |
cifs-utils mount.cifs stack-based overflow (CVE-2022-27239) | (7.5) | Apr 28, 2022 | cifs-utils | Link |
Bender CC612/CC613/ICC15xx/ICC16xx Web Interface os command injection (CVE-2021-34602) | (8.6) | Apr 28, 2022 | Bender CC612/CC613/ICC15xx/ICC16xx | Link |
FreeRDP NTLM Authentication improper authentication ( CVE-2022-24882) | (9.3) | Apr 26, 2022 | FreeRDP up to 2.6.x | Link |
Solana rBPF sdiv Instruction calculation (CVE-2022-23066) | (9.3) | May 9, 2022 | SOLANA RBPF | Link |
Tecson Tankspion Endpoint improper authentication (CVE-2019-12254) | (8.4) | May 7, 2022 | TECSON TANKSPION ENDPOINT | Link |
Splunk Enterprise Search Parameter injection (CVE-2022-26889) | (7.9) | May 7, 2022 | Splunk Enterprise | Link |
QNAP QVR command injection (CVE-2022-27588) | (9.6) | May 6, 2022 | QNAP QVR PRIOR 5.1.6 | Link |
ecdsautils CLI Command ecdsa_verify_list_legacy signature verification (CVE-2022-24884) | (8.5) | May 6, 2022 | ECDSAUTILS | Link |
Flux/kustomize-controller kustomization.yaml path traversal (CVE-2022-24887) | (7.9) | May 6, 2022 | FLUX/KUSTOMIZE-CONTROLLER | Link |
python-libnmap Remote Code Execution (CVE-2022-30284) | (8.5) | May 5, 2022 | Python | Link |
clinical-genomics scout server-side request forgery (CVE-2022-1592) | (8.2) | May 5, 2022 | CLINICAL-GENOMICS SCOUT | Link |
YetiForce CRM unrestricted upload (CVE-2022-1411) | (7.5) | May 5, 2022 | YETIFORCE CRM | Link |
TIBCO Managed File Transfer Command Center DOM XML Parser/SAX XML Parser xml external entity reference (CVE-2022-22774) | (7.9) | May 10, 2022 | TIBCO | Link |
D-Link DIR-882 Blink command injection (CVE-2022-28901) | (8.0) | May 10, 2022 | D-Link | Link |
D-Link DIR-882 SubnetMask command injection (CVE-2022-28896) | (8.0) | May 10, 2022 | D-Link | Link |
D-Link DIR-882 IPAddress command injection (CVE-2022-28895) | (7.7) | May 10, 2022 | D-Link | Link |
alextselegidis easyappointments API privileges management (CVE-2022-1397) | (8.6) | May 10, 2022 | alextselegidis | Link |
InHand InRouter302 Console Factory stack-based overflow (CVE-2022-26002) | (8.1) | May 12, 2022 | InHand | Link |
InHand InRouter302 httpd libnvram.so nvram_import input validation (CVE-2022-26782) | (9.3) | May 12, 2022 | InHand | Link |
InHand InRouter302 Network Request infactory_net os command injection (CVE-2022-26518) | (9.3) | May 12, 2022 | InHand | Link |
InHand InRouter302 Console infactory_port os command injection (CVE-2022-26420) | (9.3) | May 12, 2022 | InHand | Link |
InHand InRouter302 Console infactory_wlan os command injection (CVE-2022-26075) | (9.3) | May 12, 2022 | InHand | Link |
Weintek cMT code injection (CVE-2021-27446) | (9.7) | May 17, 2022 | Weintek | Link |
Trend Micro Password Manager link following (CVE-2022-30523) | (8.8) | May 17, 2022 | Trend Micro | Link |
Weintek cMT access control (CVE-2021-27444) | (8.4) | May 17, 2022 | Weintek | Link |
Linux Kernel sched Privilege Escalation (CVE-2022-29581) | (8.1) | May 17, 2022 | Linux kernel | Link |
Linux Kernel io_uring integer overflow (CVE-2022-1116) | (8.1) | May 17, 2022 | Linux kernel | Link |
Fidelis Network and Deception Web Interface os command injection (CVE-) | (8.6) | May 18, 2022 | Fidelis | Link |
Fidelis Network and Deception CLI cert_utils os command injection | (8.6) | May 18, 2022 | Fidelis | Link |
Fidelis Network and Deception CLI remote_text_file os command injection | (8.6) | May 18, 2022 | Fidelis | Link |
Fidelis Network and Deception Web Interface os command injection | (8.6) | May 18, 2022 | Fidelis | Link |
NVIDIA GPU Display Driver Kernel Mode Layer out-of-bounds read | (8.1) | May 18, 2022 | NVIDIA | Link |
FlyteConsole Web User Interface server-side request forgery | (8.0) | May 18, 2022 | FlyteConsole | Link |
Lenovo System Interface Foundation IMController toctou | (7.5) | May 20, 2022 | Lenova | Link |
Lenovo System Interface Foundation IMController toctou | (7.5) | May 20, 2022 | Lenova | Link |
Snow License Manager unquoted search path | (7.5) | May 20, 2022 | Snow | Link |
Mitsubishi Electric Factory Automation Engineering permission | (7.7) | May 20, 2022 | Mitsubishi Electric | Link |
Vmware Workspace ONE Access access control | (8.4) | May 21, 2022 | Vmware Workspace | Link |
Vmware Workspace ONE Access improper authentication | (9.4) | May 21, 2022 | Vmware Workspace | Link |
Nokogiri XML Parser/HTML4 SAX Parser #to_s memory corruption | (7.6) | May 21, 2022 | Nokogiri | Link |
Rundeck hard-coded key | (8.0) | May 21, 2022 | Rundeck | Link |
Argo CD improper authentication | (8.5) | May 21, 2022 | Argo CD | Link |
Cilium default permission | (8.6) | May 21, 2022 | Cilium | Link |
SOOTEWAY Wi-Fi Range Extender Telnet Service hard-coded credentials | (9.8) | May 21, 2022 | SOOTEWAY Wifi | Link |
publify access control | (7.9) | May 22, 2022 | Publify | Link |
publify unrestricted upload | (7.5) | May 24, 2022 | Publify | Link |
Zyxel USG/ZyWALL packet-trace argument injection | (7.8) | May 24, 2022 | Zyxel | Link |
Cognex In-Sight OPC Server deserialization | (8.4) | May 24, 2022 | Cognex | Link |
Annke N48PBB stack-based overflow | (9.4) | May 24, 2022 | Annke | Link |
Microsoft Azure RTOS USBX ux_device_class_dfu_control_request buffer overflow | (9.6) | May 25, 2022 | Microsoft Azure | Link |
Open Automation OAS SecureTransferFiles missing authentication | (8.2) | May 26, 2022 | Open Automation | Link |
Open Automation OAS REST API missing authentication | (8.1) | May 26, 2022 | Open Automation | Link |
Archer Platform SSO ADFS access control | (9.5) | May 27, 2022 | Archer Platform | Link |
protobufjs code injection | (7.6) | May 28, 2022 | Protobufjs | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Zero-Day Remote code Execution Vulnerability in Palo Alto Firewalls Utilising the GlobalProtect VPN Component CVE-2021-3064 | Unknown | 9.8 | Nov 10, 2021 | Palo Alto Firewall Operating System PAN-OS 8.1 prior to 8.1.17 | Link |
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability discovered by MSTIC CVE-2021-42321 | Exploited in the Tianfu Cup | 8.8 | Nov 9, 2021 | Microsoft Exchange Server | Link |
Microsoft Excel Security Feature Bypass Vulnerability discovered by MSTIC CVE-2021-42292 | In-the-wild | 7.8 | Nov 9, 2021 | Microsoft Office | Link |
Critical Citrix Unauthenticated Denial of Service (DDoS) Bug Shuting Down Network, Cloud App Access CVE-2021-22955 | Ongoing exploitation | N/A | Nov 9, 2021 | Citrix ADC | Citrix Gateway | Link |
Critical Remote Code Execution (RCE) in the Transparent Inter Process Communication (TIPC) Module of the Linux Kernel CVE-2021-43267 | Unknown | 9.8 | Nov 2, 2021 | Linux Kernel Versions between 5.10 and 5.15 | Link |
Google Android Zero-Day Use-After-Free (UAF) Bug Leading to a Local Escalation of Privilege in the Kernel CVE-2021-1048 | In-the-wild | 7.8 | Nov 1, 2021 | Android Kernel | Link |
‘Trojan Source’ Bugs of Unicode Bidirectional Algorithm (BiDi) CVE-2021-42574 | CVE-2021-42694 | POC Exploit Code Available | 9.8 | Nov 1, 2021 | Unicode Bidirectional Algorithm (BiDi) through Version 14.0 | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Cisco SD-WAN High-Severity Privilege Escalation Vulnerability Leading to Arbitrary Code Execution in the IOS IE Operating System
CVE-2021-1529 |
Unknown | 7.8 | Oct 20, 2021 | Cisco IOS XE Software | Cisco IOS XE SD-WAN Software | Link |
RCE Vulnerability in The Trial Version of WinRAR
CVE-2021-35052 |
Unknown | N/A | Oct 20, 2021 | WinRAR Version 5.70 | Link |
Google Chrome Critical Heap-Buffer-Overflow and Use-After-Free (UAF) Vulnerabilities
CVE-2021-37981 | CVE-2021-37984 | CVE-2021-37982 | CVE-2021-37983 | CVE-2021-37985 |
Unknown | N/A | Oct 19, 2021 | Google Chrome | Link |
Microsoft Exchange Server Remote Code (RCE) Vulnerability found by NSA
CVE-2021-26427 |
Unknown | 9.0 | Oct 12, 2021 | Microsoft Exchange Server | Link |
Windows Win32k Elevation of Privilege Zero-Day Vulnerability Used By MysterySnail RAT
CVE-2021-40449 |
In-the-wild | 7.8 | Oct 12, 2021 | All Supported Versions of Windows | Link |
RCE Vulnerabilities on Microsoft SharePoint and Windows DNS Servers
CVE-2021-40487 | CVE-2021-40469 |
Unknown | 8.1 | Oct 12, 2021 | Microsoft SharePoint Versions | Windows DNS Server Versions | Link
Link |
Apple iOS Remote Code Execution (RCE) Zero-Day Bug
CVE-2021-30883 |
In-the-wild | N/A | Oct 11, 2021 | iOS 15.0.2 and iPadOS 15.0.2 | Link |
Path Traversal Zero Day and File Disclosure Vulnerability in Apache HTTP Server
CVE-2021-41773 | CVE-2021-42013 |
In-the-wild | 7.5 | Oct 4, 2021 | Apache HTTP Server 2.4.49 | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Second Pair of Google Chrome Use-after-free Zero Day Bugs in September CVE-2021-37975 | CVE-2021-37976 | In-the-wild | N/A | Sep 30, 2021 | Google Chrome | Link |
Unpatched Stored XSS Zero-Day Vulnerability in Apple AirTag N/A | Unknown | N/A | Sep 29, 2021 | Apple AirTag | Link |
Cisco Unauthenticated Remote-code-execution (RCE) and Denial-of-service (DoS) Vulnerability CVE-2021-34770 | Unknown | 10 | Sep 22, 2021 | Cisco Catalyst 9000 Family of Wireless Controllers | Link |
Critical Software-buffer-overflow and Authentication-bypass Bugs in Cisco CVE-2021-34727 | CVE-2021-1619 | Unknown | 9.8 | Sep 22, 2021 | Cisco SD-WAN Software | Cisco IOS XE Software | Link Link |
VMware Ransomware-Friendly Arbitrary File Upload Bug in vCenter Server CVE-2021-22005 | POC exploit code available | 9.8 | Sep 21, 2021 | VMware vCenter Server | Link |
Zero-day Security Vulnerability in Apple’s macOS Finder System No CVE assigned | Unknown | N/A | Sep 21, 2021 | macOS Big Sur and Prior | Link |
Netgear SOHO Security Bug allowing RCE via A Man-in-the-middle (MiTM) Attack CVE-2021-40847 | POC exploit code available | 8.1 | Sep 20, 2021 | Netgear Small Office/Home Office (SOHO) Routers | Link |
Adobe Arbitrary Code Execution Vulnerability Affecting Its Core Products CVE-2021-39863 | Unknown | 8.8 | Sep 14, 2021 | Adobe Reader DC | Adobe Acrobat Reader DC | Link |
OMIGOD Microsoft Zero-day RCE Vulnerability in the Azure Cloud Platform CVE-2021-38647 | POC exploit code available | 9.8 | Sep 14, 2021 | Microsoft Azure Cloud | Link |
ForcedEntry Apple Zero-day Bugs Exploited by NSO Group CVE-2021-30858 | CVE-2021-30860 | Zero-click exploit available | 8.8 | Sep 13, 2021 | iPhone | iPad | Mac | Apple Watch | Link |
Google Chrome Use-After-Free (UAF) Zero-Day Bugs CVE-2021-30632 | CVE-2021-30633 | In-the-wild | N/A | Sep 13, 2021 | Google Chrome | Link |
Zero-Day RCE Vulnerability in Microsoft MSHTML CVE-2021-40444 | Ongoing exploitation | 8.8 | Sep 7, 2021 | Microsoft Windows | Link |
An Authentication Bypass Bug in the ManageEngine ADSelfService Plus Platform CVE-2021-40539 | Ongoing exploitation | N/A | Sep 7, 2021 | Zoho ManageEngine ADSelfService Plus | Link |
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability CVE-2021-34746 | POC exploit code available | 9.8 | Sep 1, 2021 | Cisco Enterprise NFVIS | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Critical Microsoft Azure Cosmos DB Bug
No CVE assigned |
Unknown | N/A | Aug 26, 2021 | Microsoft Azure Cosmos DB | Jupyter Notebook | Link |
Critical Vulnerability in the Atlassian Confluence Server Platform
CVE-2021-26084 |
Ongoing exploitation | 9.8 | Aug 25, 2021 | Atlassian Confluence Server and Data Center | Link |
Sudo Bug Privilege Escalation Vulnerability for HPE Aruba
CVE-2021-3156 |
POC exploit code available | 7.8 | Aug 25, 2021 | HPE Aruba AirWave Management Platform | Link |
Parallels Desktop Privilege Escalation Bug
CVE-2021-34864 |
Unknown | 8.8 | Aug 25, 2021 | Parallels Desktop | Link |
A Consensus Vulnerability in Go-Ethereum (Geth) EVM Causing a Node to Reject the Canonical Chain
CVE-2021-39137 |
In-the-wild | 7.5 | Aug 24, 2021 | All Geth Versions Supporting the London Hard Fork | Link |
OpenSSL Bug in the Implementation of the SM2 Decryption Code Leading to a Buffer Overflow when Calling the API Function to Decrypt SM2 Encrypted Data
CVE-2021-3711 |
Unknown | 9.8 | Aug 24, 2021 | OpenSSL versions 1.1.1k and earlier 1.1.1x | Link |
ThroughTek Critical Bug Allowing Remote Compromise, Control of Millions of IoT devices
CVE-2021-28372 |
Unknown | 8.3 | Aug 17, 2021 | ThroughTek’s Kalay Platform 2.0 | Link |
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36958 |
Unknown | 7.8 | Aug 11, 2021 | Windows Server | Link |
Realtek Jungle SDK Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-35395 |
Ongoing exploitation | 9.8 | Aug 11, 2021 | Realtek SDK | Realtek “Jungle” SDK | Realtek “Luna” SDK | Link |
Pulse Connect Secure Vulnerability Allowing an Authenticated Administrator to Perform a File Write via a Maliciously Crafted Archive Uploaded in the Administrator Web Interface
CVE-2021-22937 |
Unknown | 9.1 | Aug 5, 2021 | Pulse Connect Secure before 9.1R12 | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Apple Zero-Day Local Privilege Escalation Vulnerability in the IOMobileFrameBuffer
CVE-2021-30807 |
In-the-wild | 7.8 | Jul 26, 2021 | iOS 14.7.1 | iPadOS 14.7.1 | macOS Big Sur 11.5.1 | watchOS 7.6.1 | Link Link Link |
Jira Remote Code Execution (RCE) Missing Authentication Bug in Atlassian
CVE-2020-36239 |
Unknown | 9.8 | Jul 21, 2021 | Jira Data Center | Jira Service Management Data Center | Link |
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-34481 |
Unknown | 8.8 | Jul 15, 2021 | Windows Server | Link |
Type Confusion Bug in V8 in Google Chrome
CVE-2021-30563 |
In-the-wild | 8.8 | Jul 15, 2021 | Google Chrome prior to 91.0.4472.164 | Link |
Remote Code Execution (RCE) Vulnerability in the SolarWinds Serv-U Product
CVE-2021-35211 |
Zero-Day Exploit | 10.0 | Jul 13, 2021 | SolarWinds Serv-U Managed File Transfer | Serv-U Secure FTP for Windows before 15.2.3 HF2 | Link |
Microsoft Exchange Information Disclosure Vulnerability
CVE-2021-33766 |
Unknown | 7.5 | Jul 13, 2021 | Microsoft Exchange Server | Link |
Linux Kernel Netfilter Heap Out-Of-Bounds Write Denial-of-Service (DoS) Bug
CVE-2021-22555 |
POC Exploit Code Available | 8.3 | Jul 7, 2021 | Linux since v2.6.19-rc1 | Link |
Microsoft Exchange Server Remote Code Execution ProxyShell Vulnerability
CVE-2021-34473 |
Unknown | 9.1 | Jul 2, 2021 | Microsoft Exchange Server | Link |
Windows Print Spooler Remote Code Execution PrintNightmare Vulnerability Leading System Privileges and Running Commands on PCs
CVE-2021-34527 |
POC Exploit Code Available | 8.8 | Jul 1, 2021 | Windows Server | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
ForgeRock AM Pre-Auth Remote Code Execution (RCE) Vulnerability via the Java Deserialization in the Jato Framework
CVE-2021-35464 |
POC Exploit Code Available | 9.8 | Jun 29, 2021 | ForgeRock AM server before 7.0 | Link |
NVIDIA Trusty Driver Buffer Overflow Vulnerability
CVE‑2021‑34372 |
Unknown | 8.2 | Jun 22, 2021 | NVIDIA Jetson | Link |
Google Chrome Use After Free Bug in BFCache
CVE-2021-30544 |
Unknown | 9.8 | Jun 9, 2021 | Google Chrome prior to 91.0.4472.101 | Link |
Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31956 |
In-the-wild | 7.8 | Jun 8, 2021 | Windows Server | Link |
Windows MSHTML Platform Remote Code Execution (RCE) Vulnerability
CVE-2021-33742 |
In-the-wild | 8.8 | Jun 8, 2021 | Windows Server | Link |
Local Privilege Escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d)
CVE-2021-24489 |
Unknown | 8.8 | Jun 8, 2021 | Intel Core Processors | Intel Pentium Processors | Intel Celeron Processors | Intel Atom Processors | Link |
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-33739 |
In-the-wild | 8.4 | Jun 8, 2021 | Windows 10 | Link |
Windows NTLM Elevation of Privilege Vulnerability
CVE-2021-31958 |
Unknown | 8.8 | Jun 8, 2021 | Windows Server | Link |
Android System Out of Bounds Read and Write due to a Use After Free Elevation-of-Privilege (EoP) Bug
CVE-2021-0516 |
Unknown | 9.8 | Jun 2, 2021 | AOSP versions 8.1, 9, 10, 11 | Link |
Windows Print Spooler Remote Code Execution (RCE) Vulnerability
CVE-2021-1675 |
Unknown | 8.8 | Jun 1, 2021 | Windows Server | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Apache Dubbo Pre-Auth Remote Code Execution (RCE) Bug via Java Deserialization in the Generic filter
CVE-2021-30179 |
POC Exploit Code Available | 9.8 | May 31, 2021 | Dubbo all 2.5.x, 2.6.x and 2.7.x versions | Link |
Privilege Escalation Vulnerability in Dell DBUtil Driver
CVE-2021-21551 |
In-the-wild | 7.8 | May 31, 2021 | DBUtil: 2.3 | Link |
VMware vCenter Server Remote Code Execution and Authentication Vulnerabilities in vSphere Client (HTML5)
CVE-2021-21985 | CVE-2021-21986 |
POC Exploit Code Available | 9.8 | May 26, 2021 | VMware vCenter Server | VMware Cloud Foundation | Link |
Apple Multiple Memory Corruption Vulnerability
CVE-2021-30734 |
POC Exploit Code Available | 8.8 | May 24, 2021 | iOS 14.6 | iPadOS 14.6 | macOS Big Sur 11.5.1 | Safari 14.1.1 | Link Link Link |
Pulse Connect Secure Buffer Overflow Arbitrary Code Execution (ACE) Bug in Windows File Resource Profiles in 9.X
CVE-2021-22908 |
Unknown | 8.8 | May 24, 2021 | Pulse Connect Secure versions 9.0Rx and 9.1Rx | Link |
McAfee Arbitrary Process Execution Privilege Escalation Bugs
CVE-2021-23873 | CVE-2021-23874 | CVE-2021-23875 | CVE-2021-23876 |
POC Exploit Code Available | 7.8 | May 24, 2021 | McAfee Total Protection Prior to 16.0.30 | Link |
Microsoft Critical Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476 |
Unknown | 9.9 | May 11, 2021 | Windows Server | Link |
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166 |
Unknown | 9.8 | May 11, 2021 | Windows 10 | Link |
Adobe Critical Use After Free Arbitrary code execution Vulnerabilities
CVE-2021-28562 | CVE-2021-28550 | CVE-2021-28553 |
In-the-wild | 8.8 | May 11, 2021 | Acrobat Reader DC | Link |
Privilege Escalation Vulnerability in Linux kernel
CVE-2021-3490 |
POC Exploit Code Available | 7.8 | May 10, 2021 | Linux kernel Operating System | Link |
Critical Authentication Bypass Vulnerability on Python
CVE-2021-29921 |
Unknown | 9.8 | May 6, 2021 | Python 3.10 | Python 3.9 | Python 3.8 | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Buffalo Path Traversal Vulnerability in the Web Interfaces Leading to Bypass Authentication
CVE-2021-20090 |
In-the-wild | 9.8 | Apr 29, 2021 | Buffalo WSR-2533DHPL2 firmware version <= 1.02 | WSR-2533DHP3 firmware version <= 1.24 | Link |
Unauthenticated Arbitrary Remote Code Execution Use After Free Bug via License Services in Pulse Connect Secure
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 |
In-the-wild | 10.0 | Apr 23, 2021 | Pulse Connect Secure before 9.1R11.4 | Link |
Google Out of Bounds Memory Access Vulnerability Allowing a Remote Attacker to Exploit Heap Corruption via a Crafted HTML Page
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 |
Unknown | 8.8 | Apr 22, 2021 | V8 in Google Chrome prior to 90.0.4430.85 | Link |
Critical Unauthenticated Remote Code Execution (RCE) Bug in Apache Tapestry Bypass of the Fix for CVE-2019-0195
CVE-2021-27850 |
POC Exploit Code Available | 9.8 | Apr 15, 2021 | Apache Tapestry versions 5.4.5, 5.5.0, 5.6.2 and 5.7.0 | Link |
Denial of Service (DoS) Arbitrary Code Execution (ACE) Bugs in Ubuntu Linux Kernels
CVE-2021-3492 | CVE-2021-3493 |
Unknown | 7.8 | Apr 15, 2021 | Linux | Link |
Multiple Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480 | CVE-2021-28481 | CVE-2021-28482 | CVE-2021-28483 |
POC Exploit Code Available | 9.8 | Apr 13, 2021 | Microsoft Exchange Server | Link |
Windows Zero-Day Win32k Elevation of Privilege Vulnerability in Desktop Window Manager
CVE-2021-28310 |
In-the-wild | 7.8 | Apr 13, 2021 | Windows 10 | Link |
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415 |
POC Exploit Code Available | 7.8 | Apr 13, 2021 | Windows Server | Link |
Arbitrary File Write Vulnerability in vRealize Operations Manager API
CVE-2021-21975 |
POC Exploit Code Available | 7.5 | Apr 13, 2021 | VMware vRealize Operations | Link |
WhatsApp Cache Configuration Vulnerability
CVE-2021-24027 |
POC Exploit Code Available | 7.5 | Apr 6, 2021 | WhatsApp for Android v2.21.4.18 | WhatsApp Business for Android v2.21.4.18 | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Remote Code Execution Vulnerability in Apache OFBiz via Java Deserialization
CVE-2021-26295 |
POC Exploit Code Available | 9.8 | Mar 22, 2021 | Apache OFBiz | Link |
Google Chrome Use After Free and Heap Buffer Overflow Bugs in WebRTC and in Blink
CVE-2021-21191 | CVE-2021-21192 | CVE-2021-21193 |
In-the-wild | 8.8 | Mar 12, 2021 | Google Chrome prior to 89.0.4389.90 | Link |
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868 |
Unknown | 7.8 | Mar 9, 2021 | Windows 10 | Link |
Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411 |
In-the-wild | 8.8 | Mar 9, 2021 | Internet Explorer | Microsoft Edge | Link |
Microsoft ProxyLogon Exchange Server Remote Code Execution Vulnerabilities
CVE-2021-26855 | CVE-2021-26857 | CVE-2021-26858 | CVE-2021-27065 |
In-the-wild | 9.8 | Mar 2, 2021 | Microsoft Exchange Server | Link Link Link Link |
VMware Remote Code Execution (RCE) Vulnerability Leading to Arbitrary File Upload in Logupload Web Application
CVE-2021-22987 |
Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link |
BIG-IP Appliance Mode TMUI Authenticated Remote Command Execution Bug
CVE-2021-22987 |
Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Windows TCP/IP Denial of Service (DoS) Vulnerability
CVE-2021-24086 |
POC Exploit Code Available | 7.5 | Feb 29, 2021 | Windows 10 | Link |
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
CVE-2021- 1361 |
Unknown | 9.1 | Feb 24, 2021 | Cisco NX-OS Software 9.3(5) and 9.3(6) | Link |
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-21972 | CVE-2021-21973 | CVE-2021-21974 |
POC Exploit Code Available | 9.8 | Feb 23, 2021 | VMware ESXi | VMware vCenter Server | VMware Cloud Foundation | Link |
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-27101 | CVE-2021-27102 | CVE-2021-27103 | CVE-2021-27104 |
Unknown | 9.8 | Feb 16, 2021 | Accellion FTA 9_12_370 and earlier | Link |
Adobe Heap-Based Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-21017 |
In-the-wild | 8.8 | Feb 11, 2021 | Acrobat Reader DC | Link |
VMware Post-Authentication OS Command Injection Remote Code execution (RCE) Bug
CVE-2021-21976 |
Unknown | 7.2 | Feb 11, 2021 | vSphere Replication | Link |
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074 | CVE-2021-24094 |
POC Exploit Code Available | 9.8 | Feb 9, 2021 | Windows 10 | Link Link |
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1732 |
In-the-wild | 7.8 | Feb 9, 2021 | Windows 10 | Link |
Google Chrome Heap Buffer Overflow Remote Code execution (RCE) Vulnerability
CVE-2021-21148 |
In-the-wild | 8.8 | Feb 9, 2021 | Google Chrome prior to 88.0.4324.150 | Link |
Remote Code Execution (RCE) Bug in SAP Commerce
CVE-2021-21477 |
Unknown | 9.9 | Feb 9, 2021 | SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 | Link |
Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Sudo Off-by-One Heap-Based Buffer Overflow Privilege Escalation Bug
CVE-2021-3156 |
In-the-wild | 7.8 | Jan 29, 2021 | Sudo before 1.9.5p2 | Link |
Apache Druid Arbitrary User-Provided JavaScript Code Execution Bug
CVE-2021-25646 |
POC Exploit Code Available | 8.8 | Jan 29, 2021 | Apache Druid | Link |
Oracle Fusion Middleware Easily Exploitable Bug Leading Network Access via HTTP to Compromise Oracle WebLogic Server
CVE-2021-2109 |
POC Exploit Code Available | 7.2 | Jan 20, 2021 | Oracle WebLogic Server | Link |
Python 3 Heap Buffer Overflow Remote Code execution (RCE) Bug
CVE-2021-3177 |
Unknown | 8.8 | Jan 19, 2021 | Python 3.10, 3.9, 3.8, 3.7, 3.6 | Link |
Cisco Connected Mobile Experiences (CMX) Privilege Escalation Vulnerability
CVE-2021-1144 |
Unknown | 8.8 | Jan 13, 2021 | Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2 | Link |
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647 |
In-the-wild | 7.8 | Jan 12, 2021 | Windows Defender | Link |
Lavarel Ignition Unauthenticated Arbitrary Remote Code Execution Vulnerability
CVE-2021-3129 |
POC Exploit Code Available | 9.8 | Jan 12, 2021 | Laravel before 8.4.2 | Link |
Android Out of Bounds Write Remote Code Execution Vulnerability
CVE-2021-3007 |
Unknown | 9.8 | Jan 4, 2021 | AOSP 8.0, 8.1, 9, 10, 11 | Link |