Critical Vulnerabilities
SOCRadar, the Extended Cyber Threat Intelligence (XTI) platform, provides vulnerability intelligence for the security operations team, who can search for recent critical vulnerabilities exploited in the wild by the threat actors. SOCRadar also provides an External Attack Surface Management suite that helps cybersecurity teams to identify vulnerable assets in their internet-facing network. We select and display critical vulnerabilities below that are popular in the hacker community.
Get free access to SOCRadar XTI to start using vulnerability intelligence now.
2025
2024
2023
January
February
March
April
May
June
July
August
September
October
November
December
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Path traversal allowing arbitrary file read, modify, or execution on server | 9.1 | Atheos (prior to v600) | 01/2025 | Link | ||
| Argument injection allowing arbitrary values to git-upload-pack flags | 9.1 | go-git (prior to v5.13.0) | 01/2025 | Link | ||
| Network access allowing arbitrary code execution with elevated privileges | 10 | FLXEON (9.3.4 and older) | 01/2025 | Link | ||
| Improper neutralization of POST requests allowing arbitrary command execution | 9.8 | mySCADA myPRO | 01/2025 | Link | ||
| OS command injection allowing arbitrary code execution | 9.8 | Moxa cellular routers, secure routers, network security appliances | 01/2025 | Link | ||
| Deserialization of untrusted data due to missing whitelist/blacklist configuration | 9.8 | Apache OpenMeetings (2.1.0 before 8.0.0) | 01/2025 | Link | ||
| Injection attacks via FetchVerse and FetchPassage functions | 9.1 | Bible Module for ROBLOX (prior to 0.0.3) | 01/2025 | Link | ||
| Remote code execution due to lack of input sanitation | 9.8 | Product name not specified | 01/2025 | Link | ||
| SQL Injection in adicionar_raca.php endpoint allowing database dump | 9.8 | WeGIA (prior to 3.2.10) | 01/2025 | Link | ||
| Remote device takeover via cloud RPC command handling vulnerability | 9.8 | Product name not specified | 01/2025 | Link | ||
| Out-of-bounds write via UDP requests leading to remote code execution | 9.8 | Contec Health CMS8000 Patient Monitor | 01/2025 | Link | ||
| Malicious prover can convince verifier of finality of arbitrary headers | 9.8 | Hyperbridge ismp-grandpa crate (prior to 15.0.1) | 01/2025 | Link | ||
| Improper neutralization of POST requests allowing arbitrary command execution | 9.8 | mySCADA myPRO | 01/2025 | Link | ||
| Weak encryption methodology allowing password extraction | 9.1 | Rockwell Automation FactoryTalk AssetCentre (prior to V15.00.001) | 01/2025 | Link | ||
| Password reset vulnerability allowing account takeover | 9.1 | NamelessMC (prior to 2.1.3) | 01/2025 | Link | ||
| Passphrase for release signing keys included in published jar | 9.1 | PMD and PMD Designer | 01/2025 | Link | ||
| Authentication bypass via authorization mechanism flaws | 9.1 | Moxa Ethernet switch | 01/2025 | Link | ||
| SQL Injection in adicionar_cor.php endpoint allowing database dump | 9.8 | WeGIA (prior to 3.2.10) | 01/2025 | Link | ||
| SQL Injection in adicionar_especie.php endpoint allowing database dump | 9.8 | WeGIA (prior to 3.2.10) | 01/2025 | Link | ||
| Authentication bypass allowing unauthorized access | 9.8 | DataEase (prior to 2.10.4) | 01/2025 | Link | ||
| Path traversal in ZipUtils.unzip and TarUtils.untar allowing arbitrary file writes | 9.1 | Deep Java Library (DJL) | 01/2025 | Link |
Vulnerability
Path traversal allowing arbitrary file read, modify, or execution on server
CVSSv3
9.1
Products
Atheos (prior to v600)
Release Date
01/2025
References
Link
Vulnerability
Argument injection allowing arbitrary values to git-upload-pack flags
CVSSv3
9.1
Products
go-git (prior to v5.13.0)
Release Date
01/2025
References
Link
Vulnerability
Network access allowing arbitrary code execution with elevated privileges
CVSSv3
10
Products
FLXEON (9.3.4 and older)
Release Date
01/2025
References
Link
Vulnerability
Improper neutralization of POST requests allowing arbitrary command execution
CVSSv3
9.8
Products
mySCADA myPRO
Release Date
01/2025
References
Link
Vulnerability
OS command injection allowing arbitrary code execution
CVSSv3
9.8
Products
Moxa cellular routers, secure routers, network security appliances
Release Date
01/2025
References
Link
Vulnerability
Deserialization of untrusted data due to missing whitelist/blacklist configuration
CVSSv3
9.8
Products
Apache OpenMeetings (2.1.0 before 8.0.0)
Release Date
01/2025
References
Link
Vulnerability
Injection attacks via FetchVerse and FetchPassage functions
CVSSv3
9.1
Products
Bible Module for ROBLOX (prior to 0.0.3)
Release Date
01/2025
References
Link
Vulnerability
Remote code execution due to lack of input sanitation
CVSSv3
9.8
Products
Product name not specified
Release Date
01/2025
References
Link
Vulnerability
SQL Injection in adicionar_raca.php endpoint allowing database dump
CVSSv3
9.8
Products
WeGIA (prior to 3.2.10)
Release Date
01/2025
References
Link
Vulnerability
Remote device takeover via cloud RPC command handling vulnerability
CVSSv3
9.8
Products
Product name not specified
Release Date
01/2025
References
Link
Vulnerability
Out-of-bounds write via UDP requests leading to remote code execution
CVSSv3
9.8
Products
Contec Health CMS8000 Patient Monitor
Release Date
01/2025
References
Link
Vulnerability
Malicious prover can convince verifier of finality of arbitrary headers
CVSSv3
9.8
Products
Hyperbridge ismp-grandpa crate (prior to 15.0.1)
Release Date
01/2025
References
Link
Vulnerability
Improper neutralization of POST requests allowing arbitrary command execution
CVSSv3
9.8
Products
mySCADA myPRO
Release Date
01/2025
References
Link
Vulnerability
Weak encryption methodology allowing password extraction
CVSSv3
9.1
Products
Rockwell Automation FactoryTalk AssetCentre (prior to V15.00.001)
Release Date
01/2025
References
Link
Vulnerability
Password reset vulnerability allowing account takeover
CVSSv3
9.1
Products
NamelessMC (prior to 2.1.3)
Release Date
01/2025
References
Link
Vulnerability
Passphrase for release signing keys included in published jar
CVSSv3
9.1
Products
PMD and PMD Designer
Release Date
01/2025
References
Link
Vulnerability
Authentication bypass via authorization mechanism flaws
CVSSv3
9.1
Products
Moxa Ethernet switch
Release Date
01/2025
References
Link
Vulnerability
SQL Injection in adicionar_cor.php endpoint allowing database dump
CVSSv3
9.8
Products
WeGIA (prior to 3.2.10)
Release Date
01/2025
References
Link
Vulnerability
SQL Injection in adicionar_especie.php endpoint allowing database dump
CVSSv3
9.8
Products
WeGIA (prior to 3.2.10)
Release Date
01/2025
References
Link
Vulnerability
Authentication bypass allowing unauthorized access
CVSSv3
9.8
Products
DataEase (prior to 2.10.4)
Release Date
01/2025
References
Link
Vulnerability
Path traversal in ZipUtils.unzip and TarUtils.untar allowing arbitrary file writes
CVSSv3
9.1
Products
Deep Java Library (DJL)
Release Date
01/2025
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Orthanc server does not enable basic authentication by default when remote access enabled | 9.8 | Orthanc | 02/2025 | Link | ||
| Time-based blind SQL injection in EditEventTypes functionality | 9.1 | ChurchCRM | 02/2025 | Link | ||
| SQL Injection in familiar_docfamiliar.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| Relative path traversal vulnerability allowing parameter injection | 9.1 | Ping Identity PingAM Java Policy Agent | 02/2025 | Link | ||
| SQL Injection in personalizacao_upload.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| SQL Injection in restaurar_produto_desocultar.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| Function with bounds checks that can be skipped leading to DoS or RCE | 9.8 | AutomationDirect C-more EA9 HMI | 02/2025 | Link | ||
| Authentication bypass allowing unauthorized password management access | 9.8 | Multiple Elber products | 02/2025 | Link | ||
| Remote execution of arbitrary Python code via IPDS pipeline | 9.8 | IBL Software Engineering Visual Weather | 02/2025 | Link | ||
| Default credentials not requiring change on initial configuration | 9.1 | Hirsch Enterphone MESH | 02/2025 | Link | ||
| SQL Injection in documento_excluir.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| SQL Injection in dependente_docdependente.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| OS Command Injection in importar_dump.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| SQL injection in ExeSQL component | 9.8 | RAGFlow | 02/2025 | Link | ||
| SQL Injection in get_detalhes_socio.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| SQL Injection in get_codigobarras_cobranca.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| OS command injection allowing privilege escalation and code execution | 9.8 | Vinci Protocol Analyzer | 02/2025 | Link | ||
| SQL Injection in historico_paciente.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| OS Command Injection in gerenciar_backup.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| Authentication bypass allowing direct navigation to main page | 9.1 | Dingtian DT-R0 Series | 02/2025 | Link | ||
| Web interface accessible without authentication | 9.3 | mySCADA myPRO Manager | 02/2025 | Link | ||
| Remote Code Execution via improper JSON parsing using eval() | 9.3 | DocsGPT | 02/2025 | Link | ||
| Use of hard-coded credentials | 9.8 | ABB ASPECT-Enterprise, NEXUS Series, MATRIX Series | 02/2025 | Link | ||
| Brute force attack possible on password change endpoint | 9.1 | CyberArk Endpoint Privilege Manager | 02/2025 | Link | ||
| Remote Code Execution due to improper input sanitization | 9.8 | jsonpath-plus | 02/2025 | Link | ||
| Deserialization of vulnerable objects allowing arbitrary code execution | 9.8 | Apache Ignite | 02/2025 | Link | ||
| SQL Injection in get_detalhes_cobranca.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| OS command injection allowing arbitrary OS command execution | 9.3 | mySCADA myPRO Manager | 02/2025 | Link | ||
| SQL Injection in remover_produto.php endpoint | 9.8 | WeGIA | 02/2025 | Link | ||
| SQL Injection in informacao_adicional.php endpoint | 9.8 | WeGIA | 02/2025 | Link |
Vulnerability
Orthanc server does not enable basic authentication by default when remote access enabled
CVSSv3
9.8
Products
Orthanc
Release Date
02/2025
References
Link
Vulnerability
Time-based blind SQL injection in EditEventTypes functionality
CVSSv3
9.1
Products
ChurchCRM
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in familiar_docfamiliar.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
Relative path traversal vulnerability allowing parameter injection
CVSSv3
9.1
Products
Ping Identity PingAM Java Policy Agent
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in personalizacao_upload.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in restaurar_produto_desocultar.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
Function with bounds checks that can be skipped leading to DoS or RCE
CVSSv3
9.8
Products
AutomationDirect C-more EA9 HMI
Release Date
02/2025
References
Link
Vulnerability
Authentication bypass allowing unauthorized password management access
CVSSv3
9.8
Products
Multiple Elber products
Release Date
02/2025
References
Link
Vulnerability
Remote execution of arbitrary Python code via IPDS pipeline
CVSSv3
9.8
Products
IBL Software Engineering Visual Weather
Release Date
02/2025
References
Link
Vulnerability
Default credentials not requiring change on initial configuration
CVSSv3
9.1
Products
Hirsch Enterphone MESH
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in documento_excluir.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in dependente_docdependente.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
OS Command Injection in importar_dump.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
SQL injection in ExeSQL component
CVSSv3
9.8
Products
RAGFlow
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in get_detalhes_socio.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in get_codigobarras_cobranca.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
OS command injection allowing privilege escalation and code execution
CVSSv3
9.8
Products
Vinci Protocol Analyzer
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in historico_paciente.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
OS Command Injection in gerenciar_backup.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
Authentication bypass allowing direct navigation to main page
CVSSv3
9.1
Products
Dingtian DT-R0 Series
Release Date
02/2025
References
Link
Vulnerability
Web interface accessible without authentication
CVSSv3
9.3
Products
mySCADA myPRO Manager
Release Date
02/2025
References
Link
Vulnerability
Remote Code Execution via improper JSON parsing using eval()
CVSSv3
9.3
Products
DocsGPT
Release Date
02/2025
References
Link
Vulnerability
Use of hard-coded credentials
CVSSv3
9.8
Products
ABB ASPECT-Enterprise, NEXUS Series, MATRIX Series
Release Date
02/2025
References
Link
Vulnerability
Brute force attack possible on password change endpoint
CVSSv3
9.1
Products
CyberArk Endpoint Privilege Manager
Release Date
02/2025
References
Link
Vulnerability
Remote Code Execution due to improper input sanitization
CVSSv3
9.8
Products
jsonpath-plus
Release Date
02/2025
References
Link
Vulnerability
Deserialization of vulnerable objects allowing arbitrary code execution
CVSSv3
9.8
Products
Apache Ignite
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in get_detalhes_cobranca.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
OS command injection allowing arbitrary OS command execution
CVSSv3
9.3
Products
mySCADA myPRO Manager
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in remover_produto.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in informacao_adicional.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Stack-based buffer overflow in check_dws_cookie function | 9.8 | D-Link DAP-1620 | 02/2025 | Link | ||
| SQL injection in pagedescription parameter | 9.8 | 101news | 02/2025 | Link | ||
| SQL injection in description parameter | 9.8 | 101news | 02/2025 | Link | ||
| Password change without old password verification | 9.1 | WeGIA | 02/2025 | Link | ||
| SQL Injection in id_funcionario parameter | 9.8 | WeGIA | 02/2025 | Link | ||
| SQL injection in pagetitle and pagedescription parameters | 9.8 | 101news | 02/2025 | Link | ||
| SQL injection in category and subcategory parameters | 9.8 | 101news | 02/2025 | Link | ||
| Remote code execution via dependency confusion attack | 9.8 | conda-forge-metadata | 02/2025 | Link | ||
| Heap buffer overflow in Crypto_TC_ApplySecurity function | 9.8 | CryptoLib | 02/2025 | Link | ||
| Authentication bypass in exposed web management service | 9.8 | Optigo Networks Visual BACnet Capture Tool | 02/2025 | Link | ||
| OS command injection in client parameter | 9.8 | e-solutions e-management | 02/2025 | Link | ||
| Arbitrary file upload vulnerability | 9.8 | FlowiseAI Flowise | 02/2025 | Link | ||
| Missing authorization allowing forceful browsing | 9.1 | Drupal OAuth2 Server | 02/2025 | Link | ||
| Unsafe deserialization in model_blender.py | 9.8 | Applio | 02/2025 | Link | ||
| SQL injection in searchtitle parameter | 9.8 | 101news | 02/2025 | Link | ||
| Heap buffer overflow in Crypto_TC_Prep_AAD function | 9.8 | CryptoLib | 02/2025 | Link | ||
| Arbitrary code execution via JavaScript sandbox escape | 9.8 | Integrated Scripting for Minecraft | 02/2025 | Link | ||
| Code injection in AprolCreateReport component | 9.8 | B&R APROL | 02/2025 | Link | ||
| Stack-based buffer overflow in Cookie Handler | 9.8 | D-Link DAP-1620 | 02/2025 | Link | ||
| Server-Side Template Injection allowing arbitrary code execution | 9.8 | Spacy-LLM | 02/2025 | Link | ||
| SAML authentication bypass via forged assertions | 9.8 | fleetdm/fleet | 02/2025 | Link | ||
| Authentication bypass with administrative username | 9.1 | GMOD Apollo | 02/2025 | Link | ||
| Path traversal in file upload via archive extraction | 9.1 | GMOD Apollo | 02/2025 | Link | ||
| Prototype pollution via set() method | 9.8 | janryWang depath and cool-path | 02/2025 | Link | ||
| Unsafe deserialization in infer.py | 9.8 | Applio | 02/2025 | Link | ||
| SAML authentication bypass via parser differential | 9.8 | ruby-saml | 02/2025 | Link | ||
| Remote code execution via crafted requests | 9.8 | Edimax IC-7100 | 02/2025 | Link | ||
| SQL injection in username parameter | 9.8 | 101news | 02/2025 | Link | ||
| SQL injection in multiple parameters | 9.8 | IcProgreso Innovación y Cualificación | 02/2025 | Link | ||
| Insecure permissions allowing service account token access | 9.1 | pipecd | 02/2025 | Link |
Vulnerability
Stack-based buffer overflow in check_dws_cookie function
CVSSv3
9.8
Products
D-Link DAP-1620
Release Date
02/2025
References
Link
Vulnerability
SQL injection in pagedescription parameter
CVSSv3
9.8
Products
101news
Release Date
02/2025
References
Link
Vulnerability
SQL injection in description parameter
CVSSv3
9.8
Products
101news
Release Date
02/2025
References
Link
Vulnerability
Password change without old password verification
CVSSv3
9.1
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
SQL Injection in id_funcionario parameter
CVSSv3
9.8
Products
WeGIA
Release Date
02/2025
References
Link
Vulnerability
SQL injection in pagetitle and pagedescription parameters
CVSSv3
9.8
Products
101news
Release Date
02/2025
References
Link
Vulnerability
SQL injection in category and subcategory parameters
CVSSv3
9.8
Products
101news
Release Date
02/2025
References
Link
Vulnerability
Remote code execution via dependency confusion attack
CVSSv3
9.8
Products
conda-forge-metadata
Release Date
02/2025
References
Link
Vulnerability
Heap buffer overflow in Crypto_TC_ApplySecurity function
CVSSv3
9.8
Products
CryptoLib
Release Date
02/2025
References
Link
Vulnerability
Authentication bypass in exposed web management service
CVSSv3
9.8
Products
Optigo Networks Visual BACnet Capture Tool
Release Date
02/2025
References
Link
Vulnerability
OS command injection in client parameter
CVSSv3
9.8
Products
e-solutions e-management
Release Date
02/2025
References
Link
Vulnerability
Arbitrary file upload vulnerability
CVSSv3
9.8
Products
FlowiseAI Flowise
Release Date
02/2025
References
Link
Vulnerability
Missing authorization allowing forceful browsing
CVSSv3
9.1
Products
Drupal OAuth2 Server
Release Date
02/2025
References
Link
Vulnerability
Unsafe deserialization in model_blender.py
CVSSv3
9.8
Products
Applio
Release Date
02/2025
References
Link
Vulnerability
SQL injection in searchtitle parameter
CVSSv3
9.8
Products
101news
Release Date
02/2025
References
Link
Vulnerability
Heap buffer overflow in Crypto_TC_Prep_AAD function
CVSSv3
9.8
Products
CryptoLib
Release Date
02/2025
References
Link
Vulnerability
Arbitrary code execution via JavaScript sandbox escape
CVSSv3
9.8
Products
Integrated Scripting for Minecraft
Release Date
02/2025
References
Link
Vulnerability
Code injection in AprolCreateReport component
CVSSv3
9.8
Products
B&R APROL
Release Date
02/2025
References
Link
Vulnerability
Stack-based buffer overflow in Cookie Handler
CVSSv3
9.8
Products
D-Link DAP-1620
Release Date
02/2025
References
Link
Vulnerability
Server-Side Template Injection allowing arbitrary code execution
CVSSv3
9.8
Products
Spacy-LLM
Release Date
02/2025
References
Link
Vulnerability
SAML authentication bypass via forged assertions
CVSSv3
9.8
Products
fleetdm/fleet
Release Date
02/2025
References
Link
Vulnerability
Authentication bypass with administrative username
CVSSv3
9.1
Products
GMOD Apollo
Release Date
02/2025
References
Link
Vulnerability
Path traversal in file upload via archive extraction
CVSSv3
9.1
Products
GMOD Apollo
Release Date
02/2025
References
Link
Vulnerability
Prototype pollution via set() method
CVSSv3
9.8
Products
janryWang depath and cool-path
Release Date
02/2025
References
Link
Vulnerability
Unsafe deserialization in infer.py
CVSSv3
9.8
Products
Applio
Release Date
02/2025
References
Link
Vulnerability
SAML authentication bypass via parser differential
CVSSv3
9.8
Products
ruby-saml
Release Date
02/2025
References
Link
Vulnerability
Remote code execution via crafted requests
CVSSv3
9.8
Products
Edimax IC-7100
Release Date
02/2025
References
Link
Vulnerability
SQL injection in username parameter
CVSSv3
9.8
Products
101news
Release Date
02/2025
References
Link
Vulnerability
SQL injection in multiple parameters
CVSSv3
9.8
Products
IcProgreso Innovación y Cualificación
Release Date
02/2025
References
Link
Vulnerability
Insecure permissions allowing service account token access
CVSSv3
9.1
Products
pipecd
Release Date
02/2025
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Protocol allowlist validation flaw in “open” endpoint enables dangerous protocol handling leading to RCE | 9.8 | Tauri shell plugin | 04/2025 | Link | ||
| SQL injection in dashboard executorCount endpoint could lead to code execution | 9.8 | vipshop Saturn | 04/2025 | Link | ||
| Improper exception handling lets low-privileged user bypass enforced browser policy rules (restriction bypass) | 9 | Palo Alto Networks Prisma Access Browser | 04/2025 | Link | ||
| Order/sort parameter injection in TypeORM adapter allows SQL injection | 8.8 | crud-query-parser | 04/2025 | Link | ||
| Improper verification of communication channel allows command execution via unauthorized Agent service access | 9.8 | Work Desktop for Mac | 03/2025 | Link | ||
| Authenticated RCE via backend JDBC link handling | 9.8 | DataEase | 04/2025 | Link | ||
| Unauthenticated HQL context escape enables blind SQL injection against database backend | 9.8 | XWiki | 04/2025 | Link | ||
| LFI in render function can be abused to exfiltrate sensitive files and potentially reach host compromise | 9.8 | Formulatrix Rock Maker Web | 02/2025 | Link | ||
| Unauthenticated command injection enables read/modify of device data | 9.8 | UNI-NMS-Lite | 05/2025 | Link | ||
| Unrestricted file upload enables arbitrary PHP execution (RCE) | 9.8 | ShowDoc | 02/2025 | Link | ||
| Model loading path allows remote command execution even with weights_only=True | 9.8 | PyTorch | 04/2025 | Link | ||
| Missing authentication allows attacker to create administrator account | 9.8 | WGS-80HPT-V2; WGS-4215-8T2S | 05/2025 | Link | ||
| Schema parsing in parquet-avro enables arbitrary code execution | 10 | Apache Parquet | 04/2025 | Link | ||
| Unauthenticated OS command injection enables command execution on host system | 9.8 | WGS-80HPT-V2; WGS-4215-8T2S | 05/2025 | Link | ||
| Unsafe handling of malicious files and sandbox bypass allows execution of untrusted code | 9.8 | TERR (security mechanism / product unspecified) | 03/2025 | Link | ||
| Critical settings tampering could disable ATG monitoring and disrupt fuel monitoring operations | 9 | ATG monitoring system / fuel monitoring solution (vendor unspecified) | 03/2025 | Link | ||
| Command injection via NTP settings in admin web interface can lead to reboot loop (DoS) and connectivity impact | 9.8 | Network device web interface (vendor/product unspecified) | 02/2025 | Link | ||
| SQL injection via multiple parameters enables database read/write/delete actions | 9.8 | Bookgy | 06/2025 | Link | ||
| Path traversal/middleware chain bypass via crafted path allows routing to unintended backend | 7.8 | Traefik | 04/2025 | Link | ||
| SQL injection in Authenticate method enables auth bypass and code execution as NetworkService | 9.8 | Siemens TeleControl Server Basic | 02/2025 | Link | ||
| Auth bypass via crafted path handling enables unauthorized user creation | 9.8 | Apache Pinot | 11/2024 | Link | ||
| Stored XSS in personal spaces due to missing server-side validation | 9 | Web portal (product unspecified) | 03/2025 | Link | ||
| Improper authentication control allows unauthorized function execution via crafted request | 9.8 | ASUS AiCloud | 02/2025 | Link | ||
| Logic flaw allows authentication bypass and session creation without credentials | 9.8 | Videx CyberAudit-Web | 03/2025 | Link | ||
| Buffer overflow in configuration utility could enable memory corruption / code execution | 9 | iSTAR Configuration Utility | 03/2025 | Link | ||
| Heap buffer overflow in security function enables memory corruption / potential code execution | 9.8 | CryptoLib | 04/2025 | Link | ||
| Auth enforcement weakness on API endpoints under identity federation enables impersonation | 9.8 | Siemens Industrial Edge Device Kit; Siemens Industrial Edge Own Device; Siemens Industrial Edge Virtual Device; SCALANCE LPE9413; SIMATIC IPC BX-39A; SIMATIC IPC BX-59A; SIMATIC IPC127E; SIMATIC IPC227E; SIMATIC IPC427E; SIMATIC IPC847E | 11/2024 | Link | ||
| Pre-auth ZIP upload + path traversal leads to RCE via malicious JSP | 10 | Commvault Command Center | 04/2025 | Link | ||
| SQL injection via reservation parameter enables database manipulation | 9.8 | Bookgy | 06/2025 | Link | ||
| Code/file upload injection weaknesses enable arbitrary code execution | 9.8 | Product unspecified (injection + file upload handling) | 03/2025 | Link |
Vulnerability
Protocol allowlist validation flaw in “open” endpoint enables dangerous protocol handling leading to RCE
CVSSv3
9.8
Products
Tauri shell plugin
Release Date
04/2025
References
Link
Vulnerability
SQL injection in dashboard executorCount endpoint could lead to code execution
CVSSv3
9.8
Products
vipshop Saturn
Release Date
04/2025
References
Link
Vulnerability
Improper exception handling lets low-privileged user bypass enforced browser policy rules (restriction bypass)
CVSSv3
9
Products
Palo Alto Networks Prisma Access Browser
Release Date
04/2025
References
Link
Vulnerability
Order/sort parameter injection in TypeORM adapter allows SQL injection
CVSSv3
8.8
Products
crud-query-parser
Release Date
04/2025
References
Link
Vulnerability
Improper verification of communication channel allows command execution via unauthorized Agent service access
CVSSv3
9.8
Products
Work Desktop for Mac
Release Date
03/2025
References
Link
Vulnerability
Authenticated RCE via backend JDBC link handling
CVSSv3
9.8
Products
DataEase
Release Date
04/2025
References
Link
Vulnerability
Unauthenticated HQL context escape enables blind SQL injection against database backend
CVSSv3
9.8
Products
XWiki
Release Date
04/2025
References
Link
Vulnerability
LFI in render function can be abused to exfiltrate sensitive files and potentially reach host compromise
CVSSv3
9.8
Products
Formulatrix Rock Maker Web
Release Date
02/2025
References
Link
Vulnerability
Unauthenticated command injection enables read/modify of device data
CVSSv3
9.8
Products
UNI-NMS-Lite
Release Date
05/2025
References
Link
Vulnerability
Unrestricted file upload enables arbitrary PHP execution (RCE)
CVSSv3
9.8
Products
ShowDoc
Release Date
02/2025
References
Link
Vulnerability
Model loading path allows remote command execution even with weights_only=True
CVSSv3
9.8
Products
PyTorch
Release Date
04/2025
References
Link
Vulnerability
Missing authentication allows attacker to create administrator account
CVSSv3
9.8
Products
WGS-80HPT-V2; WGS-4215-8T2S
Release Date
05/2025
References
Link
Vulnerability
Schema parsing in parquet-avro enables arbitrary code execution
CVSSv3
10
Products
Apache Parquet
Release Date
04/2025
References
Link
Vulnerability
Unauthenticated OS command injection enables command execution on host system
CVSSv3
9.8
Products
WGS-80HPT-V2; WGS-4215-8T2S
Release Date
05/2025
References
Link
Vulnerability
Unsafe handling of malicious files and sandbox bypass allows execution of untrusted code
CVSSv3
9.8
Products
TERR (security mechanism / product unspecified)
Release Date
03/2025
References
Link
Vulnerability
Critical settings tampering could disable ATG monitoring and disrupt fuel monitoring operations
CVSSv3
9
Products
ATG monitoring system / fuel monitoring solution (vendor unspecified)
Release Date
03/2025
References
Link
Vulnerability
Command injection via NTP settings in admin web interface can lead to reboot loop (DoS) and connectivity impact
CVSSv3
9.8
Products
Network device web interface (vendor/product unspecified)
Release Date
02/2025
References
Link
Vulnerability
SQL injection via multiple parameters enables database read/write/delete actions
CVSSv3
9.8
Products
Bookgy
Release Date
06/2025
References
Link
Vulnerability
Path traversal/middleware chain bypass via crafted path allows routing to unintended backend
CVSSv3
7.8
Products
Traefik
Release Date
04/2025
References
Link
Vulnerability
SQL injection in Authenticate method enables auth bypass and code execution as NetworkService
CVSSv3
9.8
Products
Siemens TeleControl Server Basic
Release Date
02/2025
References
Link
Vulnerability
Auth bypass via crafted path handling enables unauthorized user creation
CVSSv3
9.8
Products
Apache Pinot
Release Date
11/2024
References
Link
Vulnerability
Stored XSS in personal spaces due to missing server-side validation
CVSSv3
9
Products
Web portal (product unspecified)
Release Date
03/2025
References
Link
Vulnerability
Improper authentication control allows unauthorized function execution via crafted request
CVSSv3
9.8
Products
ASUS AiCloud
Release Date
02/2025
References
Link
Vulnerability
Logic flaw allows authentication bypass and session creation without credentials
CVSSv3
9.8
Products
Videx CyberAudit-Web
Release Date
03/2025
References
Link
Vulnerability
Buffer overflow in configuration utility could enable memory corruption / code execution
CVSSv3
9
Products
iSTAR Configuration Utility
Release Date
03/2025
References
Link
Vulnerability
Heap buffer overflow in security function enables memory corruption / potential code execution
CVSSv3
9.8
Products
CryptoLib
Release Date
04/2025
References
Link
Vulnerability
Auth enforcement weakness on API endpoints under identity federation enables impersonation
CVSSv3
9.8
Products
Siemens Industrial Edge Device Kit; Siemens Industrial Edge Own Device; Siemens Industrial Edge Virtual Device; SCALANCE LPE9413; SIMATIC IPC BX-39A; SIMATIC IPC BX-59A; SIMATIC IPC127E; SIMATIC IPC227E; SIMATIC IPC427E; SIMATIC IPC847E
Release Date
11/2024
References
Link
Vulnerability
Pre-auth ZIP upload + path traversal leads to RCE via malicious JSP
CVSSv3
10
Products
Commvault Command Center
Release Date
04/2025
References
Link
Vulnerability
SQL injection via reservation parameter enables database manipulation
CVSSv3
9.8
Products
Bookgy
Release Date
06/2025
References
Link
Vulnerability
Code/file upload injection weaknesses enable arbitrary code execution
CVSSv3
9.8
Products
Product unspecified (injection + file upload handling)
Release Date
03/2025
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| PKCE verification bypass in OAuth provider | 9.8 | workers-oauth-provider | 2025-05-01 | Link | ||
| Authenticated Remote Code Execution via JDBC | 9.8 | DataEase | 2025-05-01 | Link | ||
| Command Injection via Telnet on Tenda AC9 | 9.8 | Tenda AC9 | 2025-05-05 | Link | ||
| Command Injection via devname parameter in reset_wifi | 9.8 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 | 2025-05-05 | Link | ||
| Command Injection via ifname Parameter | 9.8 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 | 2025-05-05 | Link | ||
| Command Injection via ifname in apcli_do_enr_pbc_wps | 9.8 | NETGEAR RAX5 | 2025-05-05 | Link | ||
| Command Injection via ifname Parameter | 9.8 | NETGEAR RAX5 (AX1600 WiFi Router) | 2025-05-05 | Link | ||
| Command Injection via iface Parameter in vif_disable | 9.8 | NETGEAR RAX5 (AX1600 WiFi Router) | 2025-05-05 | Link | ||
| Command Injection via ifname in WiFi Router | 9.8 | NETGEAR RAX5 | 2025-05-05 | Link | ||
| Command Injection via iface in vif_enable | 9.8 | NETGEAR RAX5 WiFi Router | 2025-05-05 | Link | ||
| Remote Code Execution via Manage Customizations and Webhooks | 9.1 | OpenCTI | 2025-05-05 | Link | ||
| Command Injection in Retrieval-based-Voice-Conversion-WebUI | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Command Injection via exp_dir1, np7, f0method8 | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Command Injection Allows Remote Code Execution | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Code Injection via ckpt_path2 leads to RCE | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Unsafe Deserialization Enables Remote Code Execution | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Unsafe deserialization leads to remote code execution | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Unsafe deserialization leads to remote code execution | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Unsafe deserialization leads to remote code execution | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Unsafe deserialization in Retrieval-based Voice Conversion WebUI | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Unsafe deserialization leads to RCE via model path | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Unsafe deserialization RCE in Retrieval-based-Voice-Conversion-WebUI | 9.8 | Retrieval-based-Voice-Conversion-WebUI | 2025-05-05 | Link | ||
| Apple OAuth Authentication Bypass Vulnerability | 9.8 | BuddyBoss Platform Pro | 2025-05-05 | Link | ||
| XMLToolMessage XML parsing leads to DoS and file disclosure | 9.1 | Langroid | 2025-05-05 | Link | ||
| Remote Code Execution via phomebak.php in SeaCMS | 9.8 | SeaCMS | 2025-05-05 | Link | ||
| SQL Injection in admin_manager.php | 9.8 | SeaCMS | 2025-05-05 | Link | ||
| SQL Injection in admin_topic.php component | 9.8 | SeaCMS | 2025-05-05 | Link | ||
| Unauthenticated SQL Injection in ValidateUserAndWS | 9.8 | TCMAN GIM | 2025-05-06 | Link | ||
| Unauthenticated SQL Injection in ValidateUserAndGetData | 9.8 | TCMAN GIM v11 | 2025-05-06 | Link | ||
| SQL Injection in GetLastDatePasswordChange | 9.8 | TCMAN GIM | 2025-05-06 | Link |
Vulnerability
PKCE verification bypass in OAuth provider
CVSSv3
9.8
Products
workers-oauth-provider
Release Date
2025-05-01
References
Link
Vulnerability
Authenticated Remote Code Execution via JDBC
CVSSv3
9.8
Products
DataEase
Release Date
2025-05-01
References
Link
Vulnerability
Command Injection via Telnet on Tenda AC9
CVSSv3
9.8
Products
Tenda AC9
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via devname parameter in reset_wifi
CVSSv3
9.8
Products
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via ifname Parameter
CVSSv3
9.8
Products
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via ifname in apcli_do_enr_pbc_wps
CVSSv3
9.8
Products
NETGEAR RAX5
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via ifname Parameter
CVSSv3
9.8
Products
NETGEAR RAX5 (AX1600 WiFi Router)
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via iface Parameter in vif_disable
CVSSv3
9.8
Products
NETGEAR RAX5 (AX1600 WiFi Router)
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via ifname in WiFi Router
CVSSv3
9.8
Products
NETGEAR RAX5
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via iface in vif_enable
CVSSv3
9.8
Products
NETGEAR RAX5 WiFi Router
Release Date
2025-05-05
References
Link
Vulnerability
Remote Code Execution via Manage Customizations and Webhooks
CVSSv3
9.1
Products
OpenCTI
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection in Retrieval-based-Voice-Conversion-WebUI
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection via exp_dir1, np7, f0method8
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Command Injection Allows Remote Code Execution
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Code Injection via ckpt_path2 leads to RCE
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Unsafe Deserialization Enables Remote Code Execution
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Unsafe deserialization leads to remote code execution
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Unsafe deserialization leads to remote code execution
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Unsafe deserialization leads to remote code execution
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Unsafe deserialization in Retrieval-based Voice Conversion WebUI
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Unsafe deserialization leads to RCE via model path
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Unsafe deserialization RCE in Retrieval-based-Voice-Conversion-WebUI
CVSSv3
9.8
Products
Retrieval-based-Voice-Conversion-WebUI
Release Date
2025-05-05
References
Link
Vulnerability
Apple OAuth Authentication Bypass Vulnerability
CVSSv3
9.8
Products
BuddyBoss Platform Pro
Release Date
2025-05-05
References
Link
Vulnerability
XMLToolMessage XML parsing leads to DoS and file disclosure
CVSSv3
9.1
Products
Langroid
Release Date
2025-05-05
References
Link
Vulnerability
Remote Code Execution via phomebak.php in SeaCMS
CVSSv3
9.8
Products
SeaCMS
Release Date
2025-05-05
References
Link
Vulnerability
SQL Injection in admin_manager.php
CVSSv3
9.8
Products
SeaCMS
Release Date
2025-05-05
References
Link
Vulnerability
SQL Injection in admin_topic.php component
CVSSv3
9.8
Products
SeaCMS
Release Date
2025-05-05
References
Link
Vulnerability
Unauthenticated SQL Injection in ValidateUserAndWS
CVSSv3
9.8
Products
TCMAN GIM
Release Date
2025-05-06
References
Link
Vulnerability
Unauthenticated SQL Injection in ValidateUserAndGetData
CVSSv3
9.8
Products
TCMAN GIM v11
Release Date
2025-05-06
References
Link
Vulnerability
SQL Injection in GetLastDatePasswordChange
CVSSv3
9.8
Products
TCMAN GIM
Release Date
2025-05-06
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Command Injection Leads to Remote Code Execution | 9.8 | HPE StoreOnce Software | 2025-06-02 | Link | ||
| Server-Side Request Forgery in HPE StoreOnce | 9.8 | HPE StoreOnce Software | 2025-06-02 | Link | ||
| Command Injection Remote Code Execution | 9.8 | HPE StoreOnce Software | 2025-06-02 | Link | ||
| Directory Traversal Leads to Information Disclosure | 9.8 | HPE StoreOnce | 2025-06-02 | Link | ||
| Remote Command Injection Allows Code Execution | 9.8 | HPE StoreOnce Software | 2025-06-02 | Link | ||
| Improper JWT Secret Verification Allows Forgery | 9.8 | DataEase | 2025-06-03 | Link | ||
| Case-insensitive Patch Bypass in DataEase | 9.8 | DataEase | 2025-06-03 | Link | ||
| Shared credentials across cloud ISE deployments | 9.9 | Cisco Identity Services Engine (ISE) | 2025-06-04 | Link | ||
| Permission Bypass through SQLite ATTACH Statement | 9.1 | Deno | 2025-06-04 | Link | ||
| Deserialization RCE in Soar Cloud HRD | 9.8 | Soar Cloud HRD Human Resource Management System | 2025-06-06 | Link | ||
| Unrestricted file upload enables command execution | 9.8 | Soar Cloud HRD Human Resource Management System | 2025-06-06 | Link | ||
| Unauthenticated Telnet Access on Quantenna Wi‑Fi | 9.1 | Quantenna Wi‑Fi chipset | 2025-06-08 | Link | ||
| Codepen iframe whitelist allows arbitrary JavaScript execution | 9.8 | Discourse | 2025-06-09 | Link | ||
| Improper Input Validation Allows Remote Command Execution | 9.9 | Avaya Call Management System | 2025-06-10 | Link | ||
| SQL Injection in DM Corporative CMS | 9.8 | DM Corporative CMS | 2025-06-10 | Link | ||
| SQL Injection in DM Corporative CMS antcatalogue.asp | 9.8 | DM Corporative CMS | 2025-06-10 | Link | ||
| SQL Injection via cod parameter in data.asp | 9.8 | DM Corporative CMS | 2025-06-10 | Link | ||
| SQL Injection via codform parameter | 9.8 | DM Corporative CMS | 2025-06-10 | Link | ||
| XXE vulnerability in GeoTools schema parsing | 9.9 | GeoServer | 2025-06-10 | Link | ||
| Oracle SQL Injection via DBMS_XMLGEN in XWiki | 9.8 | XWiki | 2025-06-12 | Link | ||
| Authenticated Password Brute-Force via Change Endpoint | 9.8 | vantage6 | 2025-06-12 | Link | ||
| Path Traversal via Server Admin Portlet | 9.8 | Liferay Portal | 2025-06-16 | Link | ||
| Server-Side Template Injection Enables Remote Code Execution | 9.8 | BeyondTrust Remote Support | 2025-06-16 | Link | ||
| SSRF allowing arbitrary remote image loading via _next/image endpoint | 9.1 | @opennextjs/cloudflare | 2025-06-16 | Link | ||
| Arbitrary Code Execution via unsafe eval in conda-build | 9.8 | conda-build | 2025-06-16 | Link | ||
| Tar Path Traversal Vulnerability in Conda-build | 9.8 | Conda-build | 2025-06-16 | Link | ||
| Namespace hijack allows malicious dependency injection | 9.8 | Conda-build | 2025-06-16 | Link | ||
| 2FA Enforcement Bypass via Path Length Check | 9.1 | CryptPad | 2025-06-18 | Link | ||
| SQL Injection in id parameter of control.php | 9.8 | WeGIA | 2025-06-19 | Link | ||
| Groovy Sandbox Bypass Enables Remote Code Execution | 9.1 | CrafterCMS | 2025-06-19 | Link |
Vulnerability
Command Injection Leads to Remote Code Execution
CVSSv3
9.8
Products
HPE StoreOnce Software
Release Date
2025-06-02
References
Link
Vulnerability
Server-Side Request Forgery in HPE StoreOnce
CVSSv3
9.8
Products
HPE StoreOnce Software
Release Date
2025-06-02
References
Link
Vulnerability
Command Injection Remote Code Execution
CVSSv3
9.8
Products
HPE StoreOnce Software
Release Date
2025-06-02
References
Link
Vulnerability
Directory Traversal Leads to Information Disclosure
CVSSv3
9.8
Products
HPE StoreOnce
Release Date
2025-06-02
References
Link
Vulnerability
Remote Command Injection Allows Code Execution
CVSSv3
9.8
Products
HPE StoreOnce Software
Release Date
2025-06-02
References
Link
Vulnerability
Improper JWT Secret Verification Allows Forgery
CVSSv3
9.8
Products
DataEase
Release Date
2025-06-03
References
Link
Vulnerability
Case-insensitive Patch Bypass in DataEase
CVSSv3
9.8
Products
DataEase
Release Date
2025-06-03
References
Link
Vulnerability
Shared credentials across cloud ISE deployments
CVSSv3
9.9
Products
Cisco Identity Services Engine (ISE)
Release Date
2025-06-04
References
Link
Vulnerability
Permission Bypass through SQLite ATTACH Statement
CVSSv3
9.1
Products
Deno
Release Date
2025-06-04
References
Link
Vulnerability
Deserialization RCE in Soar Cloud HRD
CVSSv3
9.8
Products
Soar Cloud HRD Human Resource Management System
Release Date
2025-06-06
References
Link
Vulnerability
Unrestricted file upload enables command execution
CVSSv3
9.8
Products
Soar Cloud HRD Human Resource Management System
Release Date
2025-06-06
References
Link
Vulnerability
Unauthenticated Telnet Access on Quantenna Wi‑Fi
CVSSv3
9.1
Products
Quantenna Wi‑Fi chipset
Release Date
2025-06-08
References
Link
Vulnerability
Codepen iframe whitelist allows arbitrary JavaScript execution
CVSSv3
9.8
Products
Discourse
Release Date
2025-06-09
References
Link
Vulnerability
Improper Input Validation Allows Remote Command Execution
CVSSv3
9.9
Products
Avaya Call Management System
Release Date
2025-06-10
References
Link
Vulnerability
SQL Injection in DM Corporative CMS
CVSSv3
9.8
Products
DM Corporative CMS
Release Date
2025-06-10
References
Link
Vulnerability
SQL Injection in DM Corporative CMS antcatalogue.asp
CVSSv3
9.8
Products
DM Corporative CMS
Release Date
2025-06-10
References
Link
Vulnerability
SQL Injection via cod parameter in data.asp
CVSSv3
9.8
Products
DM Corporative CMS
Release Date
2025-06-10
References
Link
Vulnerability
SQL Injection via codform parameter
CVSSv3
9.8
Products
DM Corporative CMS
Release Date
2025-06-10
References
Link
Vulnerability
XXE vulnerability in GeoTools schema parsing
CVSSv3
9.9
Products
GeoServer
Release Date
2025-06-10
References
Link
Vulnerability
Oracle SQL Injection via DBMS_XMLGEN in XWiki
CVSSv3
9.8
Products
XWiki
Release Date
2025-06-12
References
Link
Vulnerability
Authenticated Password Brute-Force via Change Endpoint
CVSSv3
9.8
Products
vantage6
Release Date
2025-06-12
References
Link
Vulnerability
Path Traversal via Server Admin Portlet
CVSSv3
9.8
Products
Liferay Portal
Release Date
2025-06-16
References
Link
Vulnerability
Server-Side Template Injection Enables Remote Code Execution
CVSSv3
9.8
Products
BeyondTrust Remote Support
Release Date
2025-06-16
References
Link
Vulnerability
SSRF allowing arbitrary remote image loading via _next/image endpoint
CVSSv3
9.1
Products
@opennextjs/cloudflare
Release Date
2025-06-16
References
Link
Vulnerability
Arbitrary Code Execution via unsafe eval in conda-build
CVSSv3
9.8
Products
conda-build
Release Date
2025-06-16
References
Link
Vulnerability
Tar Path Traversal Vulnerability in Conda-build
CVSSv3
9.8
Products
Conda-build
Release Date
2025-06-16
References
Link
Vulnerability
Namespace hijack allows malicious dependency injection
CVSSv3
9.8
Products
Conda-build
Release Date
2025-06-16
References
Link
Vulnerability
2FA Enforcement Bypass via Path Length Check
CVSSv3
9.1
Products
CryptPad
Release Date
2025-06-18
References
Link
Vulnerability
SQL Injection in id parameter of control.php
CVSSv3
9.8
Products
WeGIA
Release Date
2025-06-19
References
Link
Vulnerability
Groovy Sandbox Bypass Enables Remote Code Execution
CVSSv3
9.1
Products
CrafterCMS
Release Date
2025-06-19
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| JDBC SSL Factory Parameter Bypass | 9.8 | DataEase | 2025-07-01 | Link | ||
| Authentication Bypass via Insecure Proxy in Kerio Control | 9.8 | GFI Kerio Control | 2025-07-02 | Link | ||
| Unauthenticated Remote Access via GFIAgent Proxy | 9.8 | GFI Kerio Control | 2025-07-02 | Link | ||
| Remote Code Execution via unsigned firmware upgrade | 9.8 | GFI Kerio Control | 2025-07-02 | Link | ||
| Improper SSL parameter handling leads to exploitation | 9.8 | DataEase | 2025-07-02 | Link | ||
| Directory Traversal Arbitrary File Deletion | 9.1 | Marvell QConvergeConsole | 2025-07-07 | Link | ||
| Directory Traversal Leads to Arbitrary File Deletion | 9.1 | Marvell QConvergeConsole | 2025-07-07 | Link | ||
| Time-Based Blind SQL Injection via almox | 9.8 | WeGIA | 2025-07-07 | Link | ||
| SQL injection via id_concesion in VerFacturaPDF | 9.8 | Quiter Gateway | 2025-07-08 | Link | ||
| SQL injection via id_concesion parameter | 9.8 | Quiter Gateway | 2025-07-08 | Link | ||
| SQL Injection via campo parameter in FacturaE | 9.8 | Quiter Gateway | 2025-07-08 | Link | ||
| SQL Injection in id_factura parameter | 9.8 | Quiter Gateway | 2025-07-08 | Link | ||
| SQL Injection in Quiter Gateway mensaje endpoint | 9.8 | Quiter Gateway | 2025-07-08 | Link | ||
| SQL Injection via Suceso.contenido in Quiter Gateway | 9.8 | Quiter Gateway | 2025-07-08 | Link | ||
| SQL Injection in Quiter Gateway API | 9.8 | Quiter Gateway | 2025-07-08 | Link | ||
| Unauthenticated Zip Slip Path Traversal Vulnerability | 9.1 | Chall-Manager | 2025-07-10 | Link | ||
| ZIP bomb vulnerability leading to unchecked decompression | 9.8 | Chall-Manager | 2025-07-10 | Link | ||
| Authentication Bypass in AXIS Camera Station Server | 9.8 | AXIS Camera Station Server | 2025-07-11 | Link | ||
| SQL Injection via unsanitized sortField parameter | 9.8 | parameterMeterSphere | 2025-07-14 | Link | ||
| Unauthenticated preview deployment allows code execution | 9.4 | Dokploy | 2025-07-14 | Link | ||
| Unauthenticated Arbitrary File Deletion Vulnerability | 9.1 | HT Contact Form Widget | 2025-07-15 | Link | ||
| Arbitrary file move enabling remote code execution | 9.1 | HT Contact Form Widget for Elementor Page Builder & Gutenberg Blocks & Form Builder | 2025-07-15 | Link | ||
| Unauthenticated arbitrary file upload in Tiki Wiki | 9.8 | Tiki Wiki CMS Groupware | 2025-07-15 | Link | ||
| Aggregate term overflow leads to memory corruption | 9.8 | SQLite | 2025-07-15 | Link | ||
| Persistent JWT token remains valid after logout | 9.8 | File Browser | 2025-07-15 | Link | ||
| IAM Authenticator Bypass via Header Manipulation | 9.8 | Conjur | 2025-07-15 | Link | ||
| Authentication request rerouting via misconfigured network device | 9.8 | Secrets Manager, Self-Hosted | 2025-07-15 | Link | ||
| Command injection in GPT-SoVITS-WebUI open_slice | 9.8 | GPT-SoVITS-WebUI | 2025-07-15 | Link | ||
| Command Injection in GPT-SoVITS-WebUI open_denoise | 9.8 | GPT-SoVITS-WebUI | 2025-07-15 | Link | ||
| Command Injection in open_asr function | 9.8 | GPT-SoVITS-WebUI | 2025-07-15 | Link |
Vulnerability
JDBC SSL Factory Parameter Bypass
CVSSv3
9.8
Products
DataEase
Release Date
2025-07-01
References
Link
Vulnerability
Authentication Bypass via Insecure Proxy in Kerio Control
CVSSv3
9.8
Products
GFI Kerio Control
Release Date
2025-07-02
References
Link
Vulnerability
Unauthenticated Remote Access via GFIAgent Proxy
CVSSv3
9.8
Products
GFI Kerio Control
Release Date
2025-07-02
References
Link
Vulnerability
Remote Code Execution via unsigned firmware upgrade
CVSSv3
9.8
Products
GFI Kerio Control
Release Date
2025-07-02
References
Link
Vulnerability
Improper SSL parameter handling leads to exploitation
CVSSv3
9.8
Products
DataEase
Release Date
2025-07-02
References
Link
Vulnerability
Directory Traversal Arbitrary File Deletion
CVSSv3
9.1
Products
Marvell QConvergeConsole
Release Date
2025-07-07
References
Link
Vulnerability
Directory Traversal Leads to Arbitrary File Deletion
CVSSv3
9.1
Products
Marvell QConvergeConsole
Release Date
2025-07-07
References
Link
Vulnerability
Time-Based Blind SQL Injection via almox
CVSSv3
9.8
Products
WeGIA
Release Date
2025-07-07
References
Link
Vulnerability
SQL injection via id_concesion in VerFacturaPDF
CVSSv3
9.8
Products
Quiter Gateway
Release Date
2025-07-08
References
Link
Vulnerability
SQL injection via id_concesion parameter
CVSSv3
9.8
Products
Quiter Gateway
Release Date
2025-07-08
References
Link
Vulnerability
SQL Injection via campo parameter in FacturaE
CVSSv3
9.8
Products
Quiter Gateway
Release Date
2025-07-08
References
Link
Vulnerability
SQL Injection in id_factura parameter
CVSSv3
9.8
Products
Quiter Gateway
Release Date
2025-07-08
References
Link
Vulnerability
SQL Injection in Quiter Gateway mensaje endpoint
CVSSv3
9.8
Products
Quiter Gateway
Release Date
2025-07-08
References
Link
Vulnerability
SQL Injection via Suceso.contenido in Quiter Gateway
CVSSv3
9.8
Products
Quiter Gateway
Release Date
2025-07-08
References
Link
Vulnerability
SQL Injection in Quiter Gateway API
CVSSv3
9.8
Products
Quiter Gateway
Release Date
2025-07-08
References
Link
Vulnerability
Unauthenticated Zip Slip Path Traversal Vulnerability
CVSSv3
9.1
Products
Chall-Manager
Release Date
2025-07-10
References
Link
Vulnerability
ZIP bomb vulnerability leading to unchecked decompression
CVSSv3
9.8
Products
Chall-Manager
Release Date
2025-07-10
References
Link
Vulnerability
Authentication Bypass in AXIS Camera Station Server
CVSSv3
9.8
Products
AXIS Camera Station Server
Release Date
2025-07-11
References
Link
Vulnerability
SQL Injection via unsanitized sortField parameter
CVSSv3
9.8
Products
parameterMeterSphere
Release Date
2025-07-14
References
Link
Vulnerability
Unauthenticated preview deployment allows code execution
CVSSv3
9.4
Products
Dokploy
Release Date
2025-07-14
References
Link
Vulnerability
Unauthenticated Arbitrary File Deletion Vulnerability
CVSSv3
9.1
Products
HT Contact Form Widget
Release Date
2025-07-15
References
Link
Vulnerability
Arbitrary file move enabling remote code execution
CVSSv3
9.1
Products
HT Contact Form Widget for Elementor Page Builder & Gutenberg Blocks & Form Builder
Release Date
2025-07-15
References
Link
Vulnerability
Unauthenticated arbitrary file upload in Tiki Wiki
CVSSv3
9.8
Products
Tiki Wiki CMS Groupware
Release Date
2025-07-15
References
Link
Vulnerability
Aggregate term overflow leads to memory corruption
CVSSv3
9.8
Products
SQLite
Release Date
2025-07-15
References
Link
Vulnerability
Persistent JWT token remains valid after logout
CVSSv3
9.8
Products
File Browser
Release Date
2025-07-15
References
Link
Vulnerability
IAM Authenticator Bypass via Header Manipulation
CVSSv3
9.8
Products
Conjur
Release Date
2025-07-15
References
Link
Vulnerability
Authentication request rerouting via misconfigured network device
CVSSv3
9.8
Products
Secrets Manager, Self-Hosted
Release Date
2025-07-15
References
Link
Vulnerability
Command injection in GPT-SoVITS-WebUI open_slice
CVSSv3
9.8
Products
GPT-SoVITS-WebUI
Release Date
2025-07-15
References
Link
Vulnerability
Command Injection in GPT-SoVITS-WebUI open_denoise
CVSSv3
9.8
Products
GPT-SoVITS-WebUI
Release Date
2025-07-15
References
Link
Vulnerability
Command Injection in open_asr function
CVSSv3
9.8
Products
GPT-SoVITS-WebUI
Release Date
2025-07-15
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| SQL Injection via token parameter in LimeSurvey | 9.8 | LimeSurvey | 2025-08-01 | Link | ||
| Heap Buffer Overflow via URN Processing | 9.3 | Squid | 2025-08-01 | Link | ||
| Unauthenticated OS Command Injection in D-Link routers | 9.8 | D-Link DIR-300/DIR-600 | 2025-08-01 | Link | ||
| Remote PHP Code Execution via unsafe eval in search | 9.8 | InstantCMS | 2025-08-01 | Link | ||
| MCP Deeplink UI Disclosure Allows Arbitrary Commands | 9.6 | Cursor | 2025-08-02 | Link | ||
| Path traversal in Traefik plugin installer | 9.8 | Traefik | 2025-08-02 | Link | ||
| Hardcoded SSH Private Key for Root User | 9 | Ruckus SmartZone | 2025-08-04 | Link | ||
| Directory Traversal Path Prefix Bypass | 9.8 | IPX | 2025-08-05 | Link | ||
| Path Validation Bypass via Prefix Matching | 9.1 | Claude Code | 2025-08-05 | Link | ||
| Command Parsing Bypass Allows Untrusted Execution | 9.8 | Claude Code | 2025-08-05 | Link | ||
| Remote Code Execution via Malicious Upload | 9.4 | Trend Micro Apex One | 2025-08-05 | Link | ||
| Pre-auth Remote Code Execution in Apex One | 9.4 | Trend Micro Apex One | 2025-08-05 | Link | ||
| Out-of-Bounds Heap Write in opj_jp2_read_header | 9.8 | OpenJPEG | 2025-08-05 | Link | ||
| Stack Buffer Overflow via USER command | 9.8 | FreeFloat FTP Server | 2025-08-05 | Link | ||
| Unauthenticated Arbitrary File Upload to System Directories | 9.8 | FreeFloat FTP Server | 2025-08-05 | Link | ||
| Unauthenticated command injection spawns Telnet | 9.8 | D-Link DIR-600/DIR-300 routers | 2025-08-05 | Link | ||
| HTTP Server Reverse Shell Vulnerability | 9.1 | NVIDIA Triton Inference Server | 2025-08-06 | Link | ||
| Stack buffer overflow in LoadOFF | 9.8 | Bullet Physics | 2025-08-11 | Link | ||
| Privilege Escalation Allows Unauthorized Resource Access | 9.8 | Generic Software | 2025-08-11 | Link | ||
| SQL Injection in dependente_remover.php endpoint | 9.8 | WeGIA | 2025-08-12 | Link | ||
| SQL Injection in aplicar_medicamento.php id_fichamedica | 9.8 | WeGIA | 2025-08-12 | Link | ||
| OS Command Injection via Malicious MCP Server | 9.8 | Cherry Studio | 2025-08-13 | Link | ||
| Login Bypass via formLoginAuth.htm Request | 9.8 | TOTOLINK A7000R | 2025-08-13 | Link | ||
| Login Bypass via formLoginAuth.htm request | 9.8 | TOTOLINK EX1200T | 2025-08-13 | Link | ||
| Backdoor Remote Code Execution via Collapsed Cookie | 9.8 | MyBB | 2025-08-13 | Link | ||
| Remote Command Execution via search[send] parameter | 9.8 | Spreecommerce | 2025-08-13 | Link | ||
| Unauthenticated remote code execution via file upload | 9.8 | Umbraco CMS | 2025-08-13 | Link | ||
| SSH Username Buffer Overflow Leads to RCE | 9.8 | Sysax Multi Server | 2025-08-13 | Link | ||
| Token validation bypass via NODE_ENV development | 9.1 | FactoryTalk Linx | 2025-08-14 | Link | ||
| Code Injection RCE in OFBiz Scrum Plugin | 9.8 | Apache OFBiz | 2025-08-15 | Link |
Vulnerability
SQL Injection via token parameter in LimeSurvey
CVSSv3
9.8
Products
LimeSurvey
Release Date
2025-08-01
References
Link
Vulnerability
Heap Buffer Overflow via URN Processing
CVSSv3
9.3
Products
Squid
Release Date
2025-08-01
References
Link
Vulnerability
Unauthenticated OS Command Injection in D-Link routers
CVSSv3
9.8
Products
D-Link DIR-300/DIR-600
Release Date
2025-08-01
References
Link
Vulnerability
Remote PHP Code Execution via unsafe eval in search
CVSSv3
9.8
Products
InstantCMS
Release Date
2025-08-01
References
Link
Vulnerability
MCP Deeplink UI Disclosure Allows Arbitrary Commands
CVSSv3
9.6
Products
Cursor
Release Date
2025-08-02
References
Link
Vulnerability
Path traversal in Traefik plugin installer
CVSSv3
9.8
Products
Traefik
Release Date
2025-08-02
References
Link
Vulnerability
Hardcoded SSH Private Key for Root User
CVSSv3
9
Products
Ruckus SmartZone
Release Date
2025-08-04
References
Link
Vulnerability
Directory Traversal Path Prefix Bypass
CVSSv3
9.8
Products
IPX
Release Date
2025-08-05
References
Link
Vulnerability
Path Validation Bypass via Prefix Matching
CVSSv3
9.1
Products
Claude Code
Release Date
2025-08-05
References
Link
Vulnerability
Command Parsing Bypass Allows Untrusted Execution
CVSSv3
9.8
Products
Claude Code
Release Date
2025-08-05
References
Link
Vulnerability
Remote Code Execution via Malicious Upload
CVSSv3
9.4
Products
Trend Micro Apex One
Release Date
2025-08-05
References
Link
Vulnerability
Pre-auth Remote Code Execution in Apex One
CVSSv3
9.4
Products
Trend Micro Apex One
Release Date
2025-08-05
References
Link
Vulnerability
Out-of-Bounds Heap Write in opj_jp2_read_header
CVSSv3
9.8
Products
OpenJPEG
Release Date
2025-08-05
References
Link
Vulnerability
Stack Buffer Overflow via USER command
CVSSv3
9.8
Products
FreeFloat FTP Server
Release Date
2025-08-05
References
Link
Vulnerability
Unauthenticated Arbitrary File Upload to System Directories
CVSSv3
9.8
Products
FreeFloat FTP Server
Release Date
2025-08-05
References
Link
Vulnerability
Unauthenticated command injection spawns Telnet
CVSSv3
9.8
Products
D-Link DIR-600/DIR-300 routers
Release Date
2025-08-05
References
Link
Vulnerability
HTTP Server Reverse Shell Vulnerability
CVSSv3
9.1
Products
NVIDIA Triton Inference Server
Release Date
2025-08-06
References
Link
Vulnerability
Stack buffer overflow in LoadOFF
CVSSv3
9.8
Products
Bullet Physics
Release Date
2025-08-11
References
Link
Vulnerability
Privilege Escalation Allows Unauthorized Resource Access
CVSSv3
9.8
Products
Generic Software
Release Date
2025-08-11
References
Link
Vulnerability
SQL Injection in dependente_remover.php endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
2025-08-12
References
Link
Vulnerability
SQL Injection in aplicar_medicamento.php id_fichamedica
CVSSv3
9.8
Products
WeGIA
Release Date
2025-08-12
References
Link
Vulnerability
OS Command Injection via Malicious MCP Server
CVSSv3
9.8
Products
Cherry Studio
Release Date
2025-08-13
References
Link
Vulnerability
Login Bypass via formLoginAuth.htm Request
CVSSv3
9.8
Products
TOTOLINK A7000R
Release Date
2025-08-13
References
Link
Vulnerability
Login Bypass via formLoginAuth.htm request
CVSSv3
9.8
Products
TOTOLINK EX1200T
Release Date
2025-08-13
References
Link
Vulnerability
Backdoor Remote Code Execution via Collapsed Cookie
CVSSv3
9.8
Products
MyBB
Release Date
2025-08-13
References
Link
Vulnerability
Remote Command Execution via search[send] parameter
CVSSv3
9.8
Products
Spreecommerce
Release Date
2025-08-13
References
Link
Vulnerability
Unauthenticated remote code execution via file upload
CVSSv3
9.8
Products
Umbraco CMS
Release Date
2025-08-13
References
Link
Vulnerability
SSH Username Buffer Overflow Leads to RCE
CVSSv3
9.8
Products
Sysax Multi Server
Release Date
2025-08-13
References
Link
Vulnerability
Token validation bypass via NODE_ENV development
CVSSv3
9.1
Products
FactoryTalk Linx
Release Date
2025-08-14
References
Link
Vulnerability
Code Injection RCE in OFBiz Scrum Plugin
CVSSv3
9.8
Products
Apache OFBiz
Release Date
2025-08-15
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Out-of-bounds write in cdfs_open_cue_track leads to RCE | 9.8 | libretro-common | 2025-09-01 | Link | ||
| Predictable Root Password Generation on Boot | 9.8 | E3 Site Supervisor Control | 2025-09-02 | Link | ||
| Predictable default admin password for ONEDAY | 9.8 | E3 Site Supervisor | 2025-09-02 | Link | ||
| Configuration Files Accessible via Webjars API | 9.1 | XWiki Platform | 2025-09-03 | Link | ||
| SQL Injection in appRain CMF admin interface | 9.8 | appRain CMF | 2025-09-04 | Link | ||
| SQL injection in appRain CMF page creation | 9.8 | appRain CMF | 2025-09-04 | Link | ||
| SQL Injection in appRain CMF Page Management | 9.8 | appRain CMF | 2025-09-04 | Link | ||
| Elevation of Privilege in Azure Networking | 10 | Microsoft Azure | 2025-09-04 | Link | ||
| Unsanitized PR metadata leads to RCE in GitHub Actions | 9.8 | Roo Code | 2025-09-05 | Link | ||
| Unauthenticated Database Dump via Auth Bypass | 9.1 | FOG | 2025-09-06 | Link | ||
| Path Traversal leading to Remote Code Execution | 10 | ColdFusion | 2025-09-09 | Link | ||
| Width parameter injection enables remote code execution | 10 | XWiki Remote Macros | 2025-09-09 | Link | ||
| Remote Code Execution via panel macro injection | 10 | XWiki | 2025-09-09 | Link | ||
| Filesystem Modification Leads to SYSTEM Privilege Escalation | 9.8 | Poly Lens Desktop | 2025-09-09 | Link | ||
| SQL Injection in PartyBooking via WorldName | 9.1 | rAthena | 2025-09-09 | Link | ||
| Confirmation Prompt Bypass Allows Untrusted Command Execution | 9.8 | Claude Code | 2025-09-10 | Link | ||
| Arbitrary Code Execution via Git Email Config | 9.8 | Claude Code | 2025-09-10 | Link | ||
| SQL Injection in add-team endpoint | 9.8 | Online Fire Reporting System | 2025-09-11 | Link | ||
| SQL Injection via request-details.php parameters | 9.8 | Online Fire Reporting System | 2025-09-11 | Link | ||
| SQL Injection via teamid parameter | 9.8 | Online Fire Reporting System | 2025-09-11 | Link | ||
| SQL Injection via todate parameter | 9.8 | Online Fire Reporting System | 2025-09-11 | Link | ||
| SQL Injection via requestid in details.php | 9.8 | Online Fire Reporting System | 2025-09-11 | Link | ||
| FTP authentication bypass in Audi UTR 2.0 | 9.1 | Audi UTR 2.0 Universal Traffic Recorder | 2025-09-12 | Link | ||
| DB2 JDBC connection string SSRF vulnerability | 9.8 | Dataease | 2025-09-15 | Link | ||
| Impala JDBC JNDI Injection leading to RCE | 9.8 | Dataease | 2025-09-15 | Link | ||
| Remote Code Execution via H2 JDBC URL Bypass | 9.8 | Dataease | 2025-09-15 | Link | ||
| NULL Byte Certificate ACL Bypass Vulnerability | 9 | Control-M | 2025-09-16 | Link | ||
| Java deserialization remote code execution in Jaspersoft | 9.8 | JasperReports Library | 2025-09-16 | Link | ||
| Unauthenticated command injection in login.php | 9.8 | Ilevia EVE X1 Server | 2025-09-16 | Link | ||
| Authentication Bypass via Unsanitized system() Call | 9.8 | Ilevia EVE X1/X5 Server | 2025-09-16 | Link |
Vulnerability
Out-of-bounds write in cdfs_open_cue_track leads to RCE
CVSSv3
9.8
Products
libretro-common
Release Date
2025-09-01
References
Link
Vulnerability
Predictable Root Password Generation on Boot
CVSSv3
9.8
Products
E3 Site Supervisor Control
Release Date
2025-09-02
References
Link
Vulnerability
Predictable default admin password for ONEDAY
CVSSv3
9.8
Products
E3 Site Supervisor
Release Date
2025-09-02
References
Link
Vulnerability
Configuration Files Accessible via Webjars API
CVSSv3
9.1
Products
XWiki Platform
Release Date
2025-09-03
References
Link
Vulnerability
SQL Injection in appRain CMF admin interface
CVSSv3
9.8
Products
appRain CMF
Release Date
2025-09-04
References
Link
Vulnerability
SQL injection in appRain CMF page creation
CVSSv3
9.8
Products
appRain CMF
Release Date
2025-09-04
References
Link
Vulnerability
SQL Injection in appRain CMF Page Management
CVSSv3
9.8
Products
appRain CMF
Release Date
2025-09-04
References
Link
Vulnerability
Elevation of Privilege in Azure Networking
CVSSv3
10
Products
Microsoft Azure
Release Date
2025-09-04
References
Link
Vulnerability
Unsanitized PR metadata leads to RCE in GitHub Actions
CVSSv3
9.8
Products
Roo Code
Release Date
2025-09-05
References
Link
Vulnerability
Unauthenticated Database Dump via Auth Bypass
CVSSv3
9.1
Products
FOG
Release Date
2025-09-06
References
Link
Vulnerability
Path Traversal leading to Remote Code Execution
CVSSv3
10
Products
ColdFusion
Release Date
2025-09-09
References
Link
Vulnerability
Width parameter injection enables remote code execution
CVSSv3
10
Products
XWiki Remote Macros
Release Date
2025-09-09
References
Link
Vulnerability
Remote Code Execution via panel macro injection
CVSSv3
10
Products
XWiki
Release Date
2025-09-09
References
Link
Vulnerability
Filesystem Modification Leads to SYSTEM Privilege Escalation
CVSSv3
9.8
Products
Poly Lens Desktop
Release Date
2025-09-09
References
Link
Vulnerability
SQL Injection in PartyBooking via WorldName
CVSSv3
9.1
Products
rAthena
Release Date
2025-09-09
References
Link
Vulnerability
Confirmation Prompt Bypass Allows Untrusted Command Execution
CVSSv3
9.8
Products
Claude Code
Release Date
2025-09-10
References
Link
Vulnerability
Arbitrary Code Execution via Git Email Config
CVSSv3
9.8
Products
Claude Code
Release Date
2025-09-10
References
Link
Vulnerability
SQL Injection in add-team endpoint
CVSSv3
9.8
Products
Online Fire Reporting System
Release Date
2025-09-11
References
Link
Vulnerability
SQL Injection via request-details.php parameters
CVSSv3
9.8
Products
Online Fire Reporting System
Release Date
2025-09-11
References
Link
Vulnerability
SQL Injection via teamid parameter
CVSSv3
9.8
Products
Online Fire Reporting System
Release Date
2025-09-11
References
Link
Vulnerability
SQL Injection via todate parameter
CVSSv3
9.8
Products
Online Fire Reporting System
Release Date
2025-09-11
References
Link
Vulnerability
SQL Injection via requestid in details.php
CVSSv3
9.8
Products
Online Fire Reporting System
Release Date
2025-09-11
References
Link
Vulnerability
FTP authentication bypass in Audi UTR 2.0
CVSSv3
9.1
Products
Audi UTR 2.0 Universal Traffic Recorder
Release Date
2025-09-12
References
Link
Vulnerability
DB2 JDBC connection string SSRF vulnerability
CVSSv3
9.8
Products
Dataease
Release Date
2025-09-15
References
Link
Vulnerability
Impala JDBC JNDI Injection leading to RCE
CVSSv3
9.8
Products
Dataease
Release Date
2025-09-15
References
Link
Vulnerability
Remote Code Execution via H2 JDBC URL Bypass
CVSSv3
9.8
Products
Dataease
Release Date
2025-09-15
References
Link
Vulnerability
NULL Byte Certificate ACL Bypass Vulnerability
CVSSv3
9
Products
Control-M
Release Date
2025-09-16
References
Link
Vulnerability
Java deserialization remote code execution in Jaspersoft
CVSSv3
9.8
Products
JasperReports Library
Release Date
2025-09-16
References
Link
Vulnerability
Unauthenticated command injection in login.php
CVSSv3
9.8
Products
Ilevia EVE X1 Server
Release Date
2025-09-16
References
Link
Vulnerability
Authentication Bypass via Unsanitized system() Call
CVSSv3
9.8
Products
Ilevia EVE X1/X5 Server
Release Date
2025-09-16
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Command injection via agentName in setEasyMeshAgentCfg | 9.8 | TOTOLINK X18 | 2025-10-01 | Link | ||
| Command Injection via mac Parameter in setEasyMeshAgentCfg | 9.8 | TOTOLINK X18 | 2025-10-01 | Link | ||
| Captive portal allows unauthorized access via brute-force | 9.8 | ExtremeGuest Essentials | 2025-10-01 | Link | ||
| IP spoofing bypasses auth on internal SSH endpoint | 9.1 | Termix | 2025-10-01 | Link | ||
| OS Command Injection in AndSoft e-TMS | 9.8 | AndSoft e-TMS | 2025-10-02 | Link | ||
| OS Command Injection in AndSoft e-TMS | 9.8 | AndSoft e-TMS | 2025-10-02 | Link | ||
| OS Command Injection via POST in e-TMS | 9.8 | AndSoft e-TMS | 2025-10-02 | Link | ||
| OS Command Injection in AndSoft e-TMS | 9.8 | AndSoft e-TMS | 2025-10-02 | Link | ||
| Operating System Command Injection in e-TMS | 9.8 | AndSoft e-TMS | 2025-10-02 | Link | ||
| OS Command Injection via ‘m’ parameter in LOGINFRM_CAT.ASP | 9.8 | AndSoft e‑TMS | 2025-10-02 | Link | ||
| OS command injection via m parameter | 9.8 | AndSoft e-TMS | 2025-10-02 | Link | ||
| SQL Injection via USRMAIL parameter in e-TMS | 9.8 | AndSoft e-TMS | 2025-10-02 | Link | ||
| SQL Injection via SessionID cookie in e‑TMS | 9.8 | AndSoft e‑TMS | 2025-10-02 | Link | ||
| SQL Injection in controle/control.php descricao parameter | 9.8 | WeGIA | 2025-10-02 | Link | ||
| SQL Injection in WeGIA pet/profile_pet endpoint | 9.8 | WeGIA | 2025-10-02 | Link | ||
| Use-after-free via Lua scripting leads to RCE | 9.9 | Redis | 2025-10-03 | Link | ||
| Unauthenticated Access to Badge Template API | 9.4 | FlagForge | 2025-10-06 | Link | ||
| Unrestricted File Access Leading to RCE | 9.9 | Flowise | 2025-10-08 | Link | ||
| Privilege Escalation in Ericsson Network Manager | 9.8 | Ericsson Network Manager | 2025-10-13 | Link | ||
| Password screen exposed via black card image | 9.1 | Firefox | 2025-10-14 | Link | ||
| Use-after-free crash in native messaging | 9.8 | Thunderbird | 2025-10-14 | Link | ||
| Memory safety bug potentially leading to arbitrary code execution | 9.8 | Firefox and Thunderbird | 2025-10-14 | Link | ||
| Broken Authentication Allows Admin Takeover in MikroTik RouterOS | 9.8 | MikroTik RouterOS | 2025-10-14 | Link | ||
| Authentication Bypass in FactoryTalk View Web Control | 9.8 | FactoryTalk View Machine Edition | 2025-10-14 | Link | ||
| Unauthenticated File Deletion via Path Traversal | 9.1 | FactoryTalk View Machine Edition | 2025-10-14 | Link | ||
| Authenticated RCE via Puppeteer/Playwright sandbox escape | 9.9 | Flowise | 2025-10-14 | Link | ||
| Out-of-bounds read in TLS client hello | 9.1 | Eclipse Foundation NextX Duo | 2025-10-15 | Link | ||
| Unthrottled Resource Allocation Allows Flooding | 9.8 | Azure Access Technology | 2025-10-15 | Link | ||
| Remote Code Execution via RAM Disk Buffer Overflow | 9.8 | FileX | 2025-10-16 | Link | ||
| SQL injection via cat parameter in public.php | 9.8 | Exito | 2025-10-16 | Link |
Vulnerability
Command injection via agentName in setEasyMeshAgentCfg
CVSSv3
9.8
Products
TOTOLINK X18
Release Date
2025-10-01
References
Link
Vulnerability
Command Injection via mac Parameter in setEasyMeshAgentCfg
CVSSv3
9.8
Products
TOTOLINK X18
Release Date
2025-10-01
References
Link
Vulnerability
Captive portal allows unauthorized access via brute-force
CVSSv3
9.8
Products
ExtremeGuest Essentials
Release Date
2025-10-01
References
Link
Vulnerability
IP spoofing bypasses auth on internal SSH endpoint
CVSSv3
9.1
Products
Termix
Release Date
2025-10-01
References
Link
Vulnerability
OS Command Injection in AndSoft e-TMS
CVSSv3
9.8
Products
AndSoft e-TMS
Release Date
2025-10-02
References
Link
Vulnerability
OS Command Injection in AndSoft e-TMS
CVSSv3
9.8
Products
AndSoft e-TMS
Release Date
2025-10-02
References
Link
Vulnerability
OS Command Injection via POST in e-TMS
CVSSv3
9.8
Products
AndSoft e-TMS
Release Date
2025-10-02
References
Link
Vulnerability
OS Command Injection in AndSoft e-TMS
CVSSv3
9.8
Products
AndSoft e-TMS
Release Date
2025-10-02
References
Link
Vulnerability
Operating System Command Injection in e-TMS
CVSSv3
9.8
Products
AndSoft e-TMS
Release Date
2025-10-02
References
Link
Vulnerability
OS Command Injection via ‘m’ parameter in LOGINFRM_CAT.ASP
CVSSv3
9.8
Products
AndSoft e‑TMS
Release Date
2025-10-02
References
Link
Vulnerability
OS command injection via m parameter
CVSSv3
9.8
Products
AndSoft e-TMS
Release Date
2025-10-02
References
Link
Vulnerability
SQL Injection via USRMAIL parameter in e-TMS
CVSSv3
9.8
Products
AndSoft e-TMS
Release Date
2025-10-02
References
Link
Vulnerability
SQL Injection via SessionID cookie in e‑TMS
CVSSv3
9.8
Products
AndSoft e‑TMS
Release Date
2025-10-02
References
Link
Vulnerability
SQL Injection in controle/control.php descricao parameter
CVSSv3
9.8
Products
WeGIA
Release Date
2025-10-02
References
Link
Vulnerability
SQL Injection in WeGIA pet/profile_pet endpoint
CVSSv3
9.8
Products
WeGIA
Release Date
2025-10-02
References
Link
Vulnerability
Use-after-free via Lua scripting leads to RCE
CVSSv3
9.9
Products
Redis
Release Date
2025-10-03
References
Link
Vulnerability
Unauthenticated Access to Badge Template API
CVSSv3
9.4
Products
FlagForge
Release Date
2025-10-06
References
Link
Vulnerability
Unrestricted File Access Leading to RCE
CVSSv3
9.9
Products
Flowise
Release Date
2025-10-08
References
Link
Vulnerability
Privilege Escalation in Ericsson Network Manager
CVSSv3
9.8
Products
Ericsson Network Manager
Release Date
2025-10-13
References
Link
Vulnerability
Password screen exposed via black card image
CVSSv3
9.1
Products
Firefox
Release Date
2025-10-14
References
Link
Vulnerability
Use-after-free crash in native messaging
CVSSv3
9.8
Products
Thunderbird
Release Date
2025-10-14
References
Link
Vulnerability
Memory safety bug potentially leading to arbitrary code execution
CVSSv3
9.8
Products
Firefox and Thunderbird
Release Date
2025-10-14
References
Link
Vulnerability
Broken Authentication Allows Admin Takeover in MikroTik RouterOS
CVSSv3
9.8
Products
MikroTik RouterOS
Release Date
2025-10-14
References
Link
Vulnerability
Authentication Bypass in FactoryTalk View Web Control
CVSSv3
9.8
Products
FactoryTalk View Machine Edition
Release Date
2025-10-14
References
Link
Vulnerability
Unauthenticated File Deletion via Path Traversal
CVSSv3
9.1
Products
FactoryTalk View Machine Edition
Release Date
2025-10-14
References
Link
Vulnerability
Authenticated RCE via Puppeteer/Playwright sandbox escape
CVSSv3
9.9
Products
Flowise
Release Date
2025-10-14
References
Link
Vulnerability
Out-of-bounds read in TLS client hello
CVSSv3
9.1
Products
Eclipse Foundation NextX Duo
Release Date
2025-10-15
References
Link
Vulnerability
Unthrottled Resource Allocation Allows Flooding
CVSSv3
9.8
Products
Azure Access Technology
Release Date
2025-10-15
References
Link
Vulnerability
Remote Code Execution via RAM Disk Buffer Overflow
CVSSv3
9.8
Products
FileX
Release Date
2025-10-16
References
Link
Vulnerability
SQL injection via cat parameter in public.php
CVSSv3
9.8
Products
Exito
Release Date
2025-10-16
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| Shared SDKSocket Secrets Allow Unauthorized Access | 9.8 | BLU-IC2, BLU-IC4 | 2025-11-01 | Link | ||
| Web UI locale handling vulnerability | 9.8 | BLU-IC2, BLU-IC4 | 2025-11-01 | Link | ||
| Arbitrary write of z9.service file | 9.8 | BLU-IC2 and BLU-IC4 | 2025-11-01 | Link | ||
| Arbitrary Write to /etc/timezone | 9.8 | BLU-IC2 | 2025-11-01 | Link | ||
| HTTP Header Smuggling via Trailer Field Merge | 9.1 | lighttpd | 2025-11-03 | Link | ||
| Public REST API key exposure in VizAir | 10 | Radiometrics VizAir | 2025-11-04 | Link | ||
| Unauthenticated Access to Admin Panel Allows Critical Weather Parameter Manipulation | 10 | Radiometrics VizAir | 2025-11-04 | Link | ||
| Unauthenticated Configuration Changes Allow Runway Manipulation | 10 | Radiometrics VizAir | 2025-11-04 | Link | ||
| Authentication Bypass via MD5 Loose Comparison | 9.1 | Mantis Bug Tracker | 2025-11-04 | Link | ||
| Authentication Bypass Allows Arbitrary Script Execution | 9.4 | Cisco Unified Contact Center Express (CCX) | 2025-11-05 | Link | ||
| Privileged Credential Shell Breakout via SSH | 9.1 | Dell CloudLink | 2025-11-05 | Link | ||
| Improper /dev/null validation leads to escape | 10 | Youki | 2025-11-06 | Link | ||
| AppArmor handling race leads to procfs writes | 10 | Youki | 2025-11-06 | Link | ||
| SSRF via dns:// due to missing blacklist | 9.8 | DataEase | 2025-11-06 | Link | ||
| JNDI Injection via Oracle JDBC Connection | 9.8 | DataEase | 2025-11-06 | Link | ||
| Heap buffer overflow via UDP in AnyDesk Discovery | 9.8 | AnyDesk | 2025-11-06 | Link | ||
| SQL Injection in Export UID leads to RCE | 9.8 | SuiteCRM | 2025-11-06 | Link | ||
| SNMP Auth Bypass Leads to SQL Injection | 9.8 | Advantech iView | 2025-11-06 | Link | ||
| Authentication Bypass and SQL Injection RCE | 9.8 | Advantech iView | 2025-11-06 | Link | ||
| Unauthenticated Command Injection in D‑Link Router Web UI | 9.8 | D-Link DIR-1260 Wi‑Fi router | 2025-11-06 | Link | ||
| Stored XSS in Manage Photos via Collection Name | 9 | ClipBucket | 2025-11-07 | Link | ||
| Unauthenticated Arbitrary File Upload in Monsta FTP | 9.8 | Monsta FTP | 2025-11-07 | Link | ||
| SQL Injection Remote Code Execution in QuMagie | 9.8 | QuMagie | 2025-11-07 | Link | ||
| Unrestricted File Upload Allows Remote Code Execution | 9.8 | Employee Records System | 2025-11-10 | Link | ||
| DOM-based XSS via Issues label filter | 9.6 | GitHub Enterprise Server | 2025-11-10 | Link | ||
| Authentication Bypass via Path Traversal | 9.8 | N-central | 2025-11-12 | Link | ||
| Remote Code Execution via Deserialization in N-central Probe | 9.8 | N-central Software Probe | 2025-11-12 | Link | ||
| Authentication Bypass in ASUS DSL Router | 9.8 | ASUS DSL Series Router | 2025-11-13 | Link | ||
| Remote Code Execution via PLAIN dump restore | 9.1 | pgAdmin | 2025-11-13 | Link | ||
| Federation auto-linking bypasses organization security | 9.8 | ZITADEL | 2025-11-13 | Link |
Vulnerability
Shared SDKSocket Secrets Allow Unauthorized Access
CVSSv3
9.8
Products
BLU-IC2, BLU-IC4
Release Date
2025-11-01
References
Link
Vulnerability
Web UI locale handling vulnerability
CVSSv3
9.8
Products
BLU-IC2, BLU-IC4
Release Date
2025-11-01
References
Link
Vulnerability
Arbitrary write of z9.service file
CVSSv3
9.8
Products
BLU-IC2 and BLU-IC4
Release Date
2025-11-01
References
Link
Vulnerability
Arbitrary Write to /etc/timezone
CVSSv3
9.8
Products
BLU-IC2
Release Date
2025-11-01
References
Link
Vulnerability
HTTP Header Smuggling via Trailer Field Merge
CVSSv3
9.1
Products
lighttpd
Release Date
2025-11-03
References
Link
Vulnerability
Public REST API key exposure in VizAir
CVSSv3
10
Products
Radiometrics VizAir
Release Date
2025-11-04
References
Link
Vulnerability
Unauthenticated Access to Admin Panel Allows Critical Weather Parameter Manipulation
CVSSv3
10
Products
Radiometrics VizAir
Release Date
2025-11-04
References
Link
Vulnerability
Unauthenticated Configuration Changes Allow Runway Manipulation
CVSSv3
10
Products
Radiometrics VizAir
Release Date
2025-11-04
References
Link
Vulnerability
Authentication Bypass via MD5 Loose Comparison
CVSSv3
9.1
Products
Mantis Bug Tracker
Release Date
2025-11-04
References
Link
Vulnerability
Authentication Bypass Allows Arbitrary Script Execution
CVSSv3
9.4
Products
Cisco Unified Contact Center Express (CCX)
Release Date
2025-11-05
References
Link
Vulnerability
Privileged Credential Shell Breakout via SSH
CVSSv3
9.1
Products
Dell CloudLink
Release Date
2025-11-05
References
Link
Vulnerability
Improper /dev/null validation leads to escape
CVSSv3
10
Products
Youki
Release Date
2025-11-06
References
Link
Vulnerability
AppArmor handling race leads to procfs writes
CVSSv3
10
Products
Youki
Release Date
2025-11-06
References
Link
Vulnerability
SSRF via dns:// due to missing blacklist
CVSSv3
9.8
Products
DataEase
Release Date
2025-11-06
References
Link
Vulnerability
JNDI Injection via Oracle JDBC Connection
CVSSv3
9.8
Products
DataEase
Release Date
2025-11-06
References
Link
Vulnerability
Heap buffer overflow via UDP in AnyDesk Discovery
CVSSv3
9.8
Products
AnyDesk
Release Date
2025-11-06
References
Link
Vulnerability
SQL Injection in Export UID leads to RCE
CVSSv3
9.8
Products
SuiteCRM
Release Date
2025-11-06
References
Link
Vulnerability
SNMP Auth Bypass Leads to SQL Injection
CVSSv3
9.8
Products
Advantech iView
Release Date
2025-11-06
References
Link
Vulnerability
Authentication Bypass and SQL Injection RCE
CVSSv3
9.8
Products
Advantech iView
Release Date
2025-11-06
References
Link
Vulnerability
Unauthenticated Command Injection in D‑Link Router Web UI
CVSSv3
9.8
Products
D-Link DIR-1260 Wi‑Fi router
Release Date
2025-11-06
References
Link
Vulnerability
Stored XSS in Manage Photos via Collection Name
CVSSv3
9
Products
ClipBucket
Release Date
2025-11-07
References
Link
Vulnerability
Unauthenticated Arbitrary File Upload in Monsta FTP
CVSSv3
9.8
Products
Monsta FTP
Release Date
2025-11-07
References
Link
Vulnerability
SQL Injection Remote Code Execution in QuMagie
CVSSv3
9.8
Products
QuMagie
Release Date
2025-11-07
References
Link
Vulnerability
Unrestricted File Upload Allows Remote Code Execution
CVSSv3
9.8
Products
Employee Records System
Release Date
2025-11-10
References
Link
Vulnerability
DOM-based XSS via Issues label filter
CVSSv3
9.6
Products
GitHub Enterprise Server
Release Date
2025-11-10
References
Link
Vulnerability
Authentication Bypass via Path Traversal
CVSSv3
9.8
Products
N-central
Release Date
2025-11-12
References
Link
Vulnerability
Remote Code Execution via Deserialization in N-central Probe
CVSSv3
9.8
Products
N-central Software Probe
Release Date
2025-11-12
References
Link
Vulnerability
Authentication Bypass in ASUS DSL Router
CVSSv3
9.8
Products
ASUS DSL Series Router
Release Date
2025-11-13
References
Link
Vulnerability
Remote Code Execution via PLAIN dump restore
CVSSv3
9.1
Products
pgAdmin
Release Date
2025-11-13
References
Link
Vulnerability
Federation auto-linking bypasses organization security
CVSSv3
9.8
Products
ZITADEL
Release Date
2025-11-13
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| SQL Injection in receiverLogin.php Authentication Bypass | 10 | Blood Bank Management System | 2025-12-01 | Link | ||
| Integer Overflow Privilege Escalation in Avast | 9 | Avast Antivirus | 2025-12-01 | Link | ||
| Authorization Bypass Allows Form Process Modification | 9.6 | Grav | 2025-12-01 | Link | ||
| Server-Side Request Forgery via custom header | 9.8 | Portkey.ai Gateway | 2025-12-01 | Link | ||
| Arbitrary File Deletion via FileMd5 Parameter | 9.1 | Gin-vue-admin | 2025-12-01 | Link | ||
| Blind SSRF in Survey-Import Feature | 9.1 | ObjectPlanet Opinio | 2025-12-02 | Link | ||
| Stack Buffer Overflow in TACACS+ read_packet | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Stack Buffer Overflow and Command Injection in PLC | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Stack buffer overflow via unlimited meter input | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Stack-based buffer overflow in ShowDownload() function | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Stack buffer overflow in AddEvent() | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Stack buffer overflow in ShowMeterDatabase | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Stack overflow in ShowMeterPasswords function | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Command Injection via SetUserPassword in PLC | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| Heap overflow via unlimited meter input | 9.8 | Circutor SGE-PLC1000/SGE-PLC50 | 2025-12-02 | Link | ||
| SQL Injection in TCMAN GIM idmant | 9.8 | TCMAN GIM | 2025-12-02 | Link | ||
| Authentication Bypass via Predictable Auto-Login Token | 10 | WP Directory Kit | 2025-12-03 | Link | ||
| Shell Command Parsing Bypass Leads to Arbitrary Code Execution | 9.8 | Claude Code | 2025-12-03 | Link | ||
| Configuration-Dependent RCE in proxy.php | 9.8 | Collabora Online - Built-in CODE Server | 2025-12-03 | Link | ||
| Stored XSS escalates to RCE in DeepChat | 9.6 | DeepChat | 2025-12-03 | Link | ||
| Unauthenticated Remote Code Execution via rundll32 Export | 9.8 | Remote Keyboard Desktop | 2025-12-04 | Link | ||
| Hard-coded JWT HMAC Secret Allows Forged Tokens | 9.8 | Advantech WISE-DeviceOn Server | 2025-12-05 | Link | ||
| Header shadowing leads to IP spoofing and auth bypass | 10 | cpp-httplib | 2025-12-05 | Link | ||
| Arbitrary File Deletion via Path Traversal | 9.1 | Emlog Pro | 2025-12-08 | Link | ||
| Background Application Launch Privilege Escalation | 9.8 | Microsoft Windows | 2025-12-08 | Link | ||
| SQL Injection via appointmentID parameter | 9.8 | SourceCodester Patients Waiting Area Queue Management System | 2025-12-08 | Link | ||
| CSRF causing Command Injection in Panilux | 9.6 | Panilux | 2025-12-09 | Link | ||
| Directory Traversal Allows Arbitrary File Deletion | 9.1 | Robocode | 2025-12-09 | Link | ||
| Integer overflow in Buffer write method | 9.8 | Robocode | 2025-12-09 | Link | ||
| Use-after-free in WebRTC Signaling component | 9.8 | Firefox, Thunderbird | 2025-12-09 | Link |
Vulnerability
SQL Injection in receiverLogin.php Authentication Bypass
CVSSv3
10
Products
Blood Bank Management System
Release Date
2025-12-01
References
Link
Vulnerability
Integer Overflow Privilege Escalation in Avast
CVSSv3
9
Products
Avast Antivirus
Release Date
2025-12-01
References
Link
Vulnerability
Authorization Bypass Allows Form Process Modification
CVSSv3
9.6
Products
Grav
Release Date
2025-12-01
References
Link
Vulnerability
Server-Side Request Forgery via custom header
CVSSv3
9.8
Products
Portkey.ai Gateway
Release Date
2025-12-01
References
Link
Vulnerability
Arbitrary File Deletion via FileMd5 Parameter
CVSSv3
9.1
Products
Gin-vue-admin
Release Date
2025-12-01
References
Link
Vulnerability
Blind SSRF in Survey-Import Feature
CVSSv3
9.1
Products
ObjectPlanet Opinio
Release Date
2025-12-02
References
Link
Vulnerability
Stack Buffer Overflow in TACACS+ read_packet
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Stack Buffer Overflow and Command Injection in PLC
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Stack buffer overflow via unlimited meter input
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Stack-based buffer overflow in ShowDownload() function
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Stack buffer overflow in AddEvent()
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Stack buffer overflow in ShowMeterDatabase
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Stack overflow in ShowMeterPasswords function
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Command Injection via SetUserPassword in PLC
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
Heap overflow via unlimited meter input
CVSSv3
9.8
Products
Circutor SGE-PLC1000/SGE-PLC50
Release Date
2025-12-02
References
Link
Vulnerability
SQL Injection in TCMAN GIM idmant
CVSSv3
9.8
Products
TCMAN GIM
Release Date
2025-12-02
References
Link
Vulnerability
Authentication Bypass via Predictable Auto-Login Token
CVSSv3
10
Products
WP Directory Kit
Release Date
2025-12-03
References
Link
Vulnerability
Shell Command Parsing Bypass Leads to Arbitrary Code Execution
CVSSv3
9.8
Products
Claude Code
Release Date
2025-12-03
References
Link
Vulnerability
Configuration-Dependent RCE in proxy.php
CVSSv3
9.8
Products
Collabora Online - Built-in CODE Server
Release Date
2025-12-03
References
Link
Vulnerability
Stored XSS escalates to RCE in DeepChat
CVSSv3
9.6
Products
DeepChat
Release Date
2025-12-03
References
Link
Vulnerability
Unauthenticated Remote Code Execution via rundll32 Export
CVSSv3
9.8
Products
Remote Keyboard Desktop
Release Date
2025-12-04
References
Link
Vulnerability
Hard-coded JWT HMAC Secret Allows Forged Tokens
CVSSv3
9.8
Products
Advantech WISE-DeviceOn Server
Release Date
2025-12-05
References
Link
Vulnerability
Header shadowing leads to IP spoofing and auth bypass
CVSSv3
10
Products
cpp-httplib
Release Date
2025-12-05
References
Link
Vulnerability
Arbitrary File Deletion via Path Traversal
CVSSv3
9.1
Products
Emlog Pro
Release Date
2025-12-08
References
Link
Vulnerability
Background Application Launch Privilege Escalation
CVSSv3
9.8
Products
Microsoft Windows
Release Date
2025-12-08
References
Link
Vulnerability
SQL Injection via appointmentID parameter
CVSSv3
9.8
Products
SourceCodester Patients Waiting Area Queue Management System
Release Date
2025-12-08
References
Link
Vulnerability
CSRF causing Command Injection in Panilux
CVSSv3
9.6
Products
Panilux
Release Date
2025-12-09
References
Link
Vulnerability
Directory Traversal Allows Arbitrary File Deletion
CVSSv3
9.1
Products
Robocode
Release Date
2025-12-09
References
Link
Vulnerability
Integer overflow in Buffer write method
CVSSv3
9.8
Products
Robocode
Release Date
2025-12-09
References
Link
Vulnerability
Use-after-free in WebRTC Signaling component
CVSSv3
9.8
Products
Firefox, Thunderbird
Release Date
2025-12-09
References
Link
January
February
March
April
May
June
July
August
September
October
November
December
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm 680 4G Mobile Platform Data Modem memory corruption | 9.6 | 1/2/2024 | Qualcomm | Link | ||
| https://www.cve.org/CVERecord?id=CVE-2023-33025 | 9.9 | 1/2/2024 | Link | |||
| Google Pixel Watch DeviceVersionFragment.java checkDebuggingDisallowed privileges management | 9.7 | 1/3/2024 | Link | |||
| Google Wifi Pro missing encryption | 9.9 | 1/3/2024 | Link | |||
| mehah OTCLient SonarCloud Workflow otclient injection | 9.6 | 1/3/2024 | mehah | Link | ||
| Paddle convert_shape_compare os command injection | 9 | 1/3/2024 | Paddle | Link | ||
| Paddle _wget_download os command injection | 9 | 1/3/2024 | Paddle | Link | ||
| Paddle get_online_pass_interval os command injection | 9 | 1/3/2024 | Paddle | Link | ||
| Ivanti Endpoint Manager sql injection | 9 | 1/5/2024 | Ivanti | Link | ||
| DEMON1A Discord-Recon input validation | 9.1 | 1/9/2024 | DEMON1A | Link | ||
| Siemens SIMATIC CN 4100 default credentials | 9.6 | 1/9/2024 | Siemens | Link | ||
| Korenix JetNet signature verification | 9.6 | 1/9/2024 | Korenix | Link | ||
| Siemens SIMATIC IPC1047E/SIMATIC IPC647E/SIMATIC IPC847E maxView Storage Manager input validation | 9.7 | 1/9/2024 | Siemens | Link | ||
| AMI MegaRAC_SPx BMC stack-based overflow | 9 | 1/10/2024 | AMI | Link | ||
| AMI MegaRAC_SPx BMC or stack-based overflow | 9 | 1/10/2024 | AMI | Link | ||
| Apple iOS/iPadOS type confusion | 9.4 | 1/11/2024 | Apple | Link | ||
| Zoho ManageEngine ADSelfService Plus Load Balancer Privilege Escalation | 9.1 | 1/11/2024 | Zoho | Link | ||
| Juniper Junos OS J-Web out-of-bounds write | 9.6 | 1/12/2024 | Juniper | Link | ||
| Intumit SmartRobot Web Framework injection | 9.8 | 1/15/2024 | Intumit | Link | ||
| Atlassian Confluence Data Center/Confluence Server Template injection | 9.7 | 1/16/2024 | Atlassian | Link | ||
| VMware Aria Automation/Cloud Foundation access control | 9.1 | 1/16/2024 | VMware | Link | ||
| Cires21 C21 Live Encoder and Live Mosaic File Extension unrestricted upload | 9.9 | 1/17/2024 | Cires21 | Link | ||
| Cires21 C21 Live Encoder and Live Mosaic Endpoint access control | 9.8 | 1/17/2024 | Cires21 | Link | ||
| ASUS Armoury Crate HTTP Request external reference | 9.8 | 1/19/2024 | ASUS | Link | ||
| sofastack sofa-rpc SOFA Hessian Protocol deserialization | 9.6 | 1/23/2024 | sofastack | Link | ||
| Arris SURFboard SBG6950AC2 missing authentication | 9.2 | 1/26/2024 | Arris | Link | ||
| D-Link DAP-1650 UPnP SUBSCRIBE Message command injection | 9.2 | 1/26/2024 | D-Link | Link | ||
| D-Link DAP-1650 gena.cgi command injection | 9.2 | 1/26/2024 | D-Link | Link | ||
| Symantec Server Management Suite buffer overflow | 9.9 | 1/26/2024 | Symantec | Link | ||
| Symantec Deployment Solution UpdateComputer Token Parser buffer overflow | 9.9 | 1/26/2024 | Symantec | Link |
Vulnerability
Qualcomm 680 4G Mobile Platform Data Modem memory corruption
CVSSv3
9.6
Release Date
1/2/2024
Products
Qualcomm
References
Link
Vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-33025
CVSSv3
9.9
Release Date
1/2/2024
Products
Google
References
Link
Vulnerability
Google Pixel Watch DeviceVersionFragment.java checkDebuggingDisallowed privileges management
CVSSv3
9.7
Release Date
1/3/2024
Products
Google
References
Link
Vulnerability
Google Wifi Pro missing encryption
CVSSv3
9.9
Release Date
1/3/2024
Products
Google
References
Link
Vulnerability
mehah OTCLient SonarCloud Workflow otclient injection
CVSSv3
9.6
Release Date
1/3/2024
Products
mehah
References
Link
Vulnerability
Paddle convert_shape_compare os command injection
CVSSv3
9
Release Date
1/3/2024
Products
Paddle
References
Link
Vulnerability
Paddle _wget_download os command injection
CVSSv3
9
Release Date
1/3/2024
Products
Paddle
References
Link
Vulnerability
Paddle get_online_pass_interval os command injection
CVSSv3
9
Release Date
1/3/2024
Products
Paddle
References
Link
Vulnerability
Ivanti Endpoint Manager sql injection
CVSSv3
9
Release Date
1/5/2024
Products
Ivanti
References
Link
Vulnerability
DEMON1A Discord-Recon input validation
CVSSv3
9.1
Release Date
1/9/2024
Products
DEMON1A
References
Link
Vulnerability
Siemens SIMATIC CN 4100 default credentials
CVSSv3
9.6
Release Date
1/9/2024
Products
Siemens
References
Link
Vulnerability
Korenix JetNet signature verification
CVSSv3
9.6
Release Date
1/9/2024
Products
Korenix
References
Link
Vulnerability
Siemens SIMATIC IPC1047E/SIMATIC IPC647E/SIMATIC IPC847E maxView Storage Manager input validation
CVSSv3
9.7
Release Date
1/9/2024
Products
Siemens
References
Link
Vulnerability
AMI MegaRAC_SPx BMC stack-based overflow
CVSSv3
9
Release Date
1/10/2024
Products
AMI
References
Link
Vulnerability
AMI MegaRAC_SPx BMC or stack-based overflow
CVSSv3
9
Release Date
1/10/2024
Products
AMI
References
Link
Vulnerability
Apple iOS/iPadOS type confusion
CVSSv3
9.4
Release Date
1/11/2024
Products
Apple
References
Link
Vulnerability
Zoho ManageEngine ADSelfService Plus Load Balancer Privilege Escalation
CVSSv3
9.1
Release Date
1/11/2024
Products
Zoho
References
Link
Vulnerability
Juniper Junos OS J-Web out-of-bounds write
CVSSv3
9.6
Release Date
1/12/2024
Products
Juniper
References
Link
Vulnerability
Intumit SmartRobot Web Framework injection
CVSSv3
9.8
Release Date
1/15/2024
Products
Intumit
References
Link
Vulnerability
Atlassian Confluence Data Center/Confluence Server Template injection
CVSSv3
9.7
Release Date
1/16/2024
Products
Atlassian
References
Link
Vulnerability
VMware Aria Automation/Cloud Foundation access control
CVSSv3
9.1
Release Date
1/16/2024
Products
VMware
References
Link
Vulnerability
Cires21 C21 Live Encoder and Live Mosaic File Extension unrestricted upload
CVSSv3
9.9
Release Date
1/17/2024
Products
Cires21
References
Link
Vulnerability
Cires21 C21 Live Encoder and Live Mosaic Endpoint access control
CVSSv3
9.8
Release Date
1/17/2024
Products
Cires21
References
Link
Vulnerability
ASUS Armoury Crate HTTP Request external reference
CVSSv3
9.8
Release Date
1/19/2024
Products
ASUS
References
Link
Vulnerability
sofastack sofa-rpc SOFA Hessian Protocol deserialization
CVSSv3
9.6
Release Date
1/23/2024
Products
sofastack
References
Link
Vulnerability
Arris SURFboard SBG6950AC2 missing authentication
CVSSv3
9.2
Release Date
1/26/2024
Products
Arris
References
Link
Vulnerability
D-Link DAP-1650 UPnP SUBSCRIBE Message command injection
CVSSv3
9.2
Release Date
1/26/2024
Products
D-Link
References
Link
Vulnerability
D-Link DAP-1650 gena.cgi command injection
CVSSv3
9.2
Release Date
1/26/2024
Products
D-Link
References
Link
Vulnerability
Symantec Server Management Suite buffer overflow
CVSSv3
9.9
Release Date
1/26/2024
Products
Symantec
References
Link
Vulnerability
Symantec Deployment Solution UpdateComputer Token Parser buffer overflow
CVSSv3
9.9
Release Date
1/26/2024
Products
Symantec
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| moby buildkit API authorization | 9.6 | 2/1/2024 | moby | Link | ||
| Gessler WEB-MASTER weak credentials | 9.4 | 2/1/2024 | Gessler | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.7 | 2/5/2024 | Fortinet | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.7 | 2/5/2024 | Fortinet | Link | ||
| Canon Satera LBP670C CPCA PCFAX Number Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C SLP Attribute Request Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C CPCA Color LUT Resource Download Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C WSD Probe Request Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C Address Book Password Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C CPCA PDL Resource Download Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| Canon Satera LBP670C Address Book Username Process out-of-bounds write | 9.8 | 2/6/2024 | Canon | Link | ||
| D-Link Go-RT-AC750 hard-coded password | 9.5 | 2/6/2024 | D-Link | Link | ||
| JetBrains TeamCity authentication bypass | 9.6 | 2/6/2024 | JetBrains | Link | ||
| OpenObserve Role-Based Access Control users improper authorization | 9.1 | 2/9/2024 | OpenObserve | Link | ||
| Fortinet FortiOS fgfmd format string | 9.4 | 2/9/2024 | Fortinet | Link | ||
| Fortinet FortiOS SSL-VPN out-of-bounds write | 9.4 | 2/9/2024 | Fortinet | Link | ||
| Steinbeis Allegra SiteConfigAction access control | 9.4 | 2/10/2024 | Steinbeis | Link | ||
| Steinbeis Allegra loadFieldMatch deserialization | 9.4 | 2/10/2024 | Steinbeis | Link | ||
| Steinbeis Allegra renderFieldMatch deserialization | 9.4 | 2/10/2024 | Steinbeis | Link | ||
| Siemens Location Intelligence Perpetual Large hard-coded credentials | 9.6 | 2/13/2024 | Siemens | Link | ||
| Microsoft Exchange Server Remote Code Execution | 9.1 | 2/13/2024 | Microsoft | Link | ||
| Adobe FrameMaker Publishing Server improper authentication | 9.4 | 2/14/2024 | Adobe | Link | ||
| HGiga OAKlouds os command injection | 9.6 | 2/15/2024 | HGiga | Link | ||
| Dell SmartFabric OS10 os command injection | 9.6 | 2/15/2024 | Dell | Link | ||
| Dell Enterprise SONiC OS input validation | 9.8 | 2/15/2024 | Dell | Link | ||
| SolarWinds Access Rights Manager path traversal | 9.2 | 2/15/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager path traversal | 9.2 | 2/15/2024 | SolarWinds | Link | ||
| Loomio os command injection | 9.9 | 2/20/2024 | Loomio | Link | ||
| Torrentpier deserialization | 9.9 | 2/20/2024 | Torrentpier | Link | ||
| CISA Ethercat Zeek Plugin Datagram Analyzer out-of-bounds write | 9.4 | 2/21/2024 | CISA | Link |
Vulnerability
moby buildkit API authorization
CVSSv3
9.6
Release Date
2/1/2024
Products
moby
References
Link
Vulnerability
Gessler WEB-MASTER weak credentials
CVSSv3
9.4
Release Date
2/1/2024
Products
Gessler
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.7
Release Date
2/5/2024
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.7
Release Date
2/5/2024
Products
Fortinet
References
Link
Vulnerability
Canon Satera LBP670C CPCA PCFAX Number Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C SLP Attribute Request Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C CPCA Color LUT Resource Download Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C WSD Probe Request Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C Address Book Password Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C CPCA PDL Resource Download Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
Canon Satera LBP670C Address Book Username Process out-of-bounds write
CVSSv3
9.8
Release Date
2/6/2024
Products
Canon
References
Link
Vulnerability
D-Link Go-RT-AC750 hard-coded password
CVSSv3
9.5
Release Date
2/6/2024
Products
D-Link
References
Link
Vulnerability
JetBrains TeamCity authentication bypass
CVSSv3
9.6
Release Date
2/6/2024
Products
JetBrains
References
Link
Vulnerability
OpenObserve Role-Based Access Control users improper authorization
CVSSv3
9.1
Release Date
2/9/2024
Products
OpenObserve
References
Link
Vulnerability
Fortinet FortiOS fgfmd format string
CVSSv3
9.4
Release Date
2/9/2024
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiOS SSL-VPN out-of-bounds write
CVSSv3
9.4
Release Date
2/9/2024
Products
Fortinet
References
Link
Vulnerability
Steinbeis Allegra SiteConfigAction access control
CVSSv3
9.4
Release Date
2/10/2024
Products
Steinbeis
References
Link
Vulnerability
Steinbeis Allegra loadFieldMatch deserialization
CVSSv3
9.4
Release Date
2/10/2024
Products
Steinbeis
References
Link
Vulnerability
Steinbeis Allegra renderFieldMatch deserialization
CVSSv3
9.4
Release Date
2/10/2024
Products
Steinbeis
References
Link
Vulnerability
Siemens Location Intelligence Perpetual Large hard-coded credentials
CVSSv3
9.6
Release Date
2/13/2024
Products
Siemens
References
Link
Vulnerability
Microsoft Exchange Server Remote Code Execution
CVSSv3
9.1
Release Date
2/13/2024
Products
Microsoft
References
Link
Vulnerability
Adobe FrameMaker Publishing Server improper authentication
CVSSv3
9.4
Release Date
2/14/2024
Products
Adobe
References
Link
Vulnerability
HGiga OAKlouds os command injection
CVSSv3
9.6
Release Date
2/15/2024
Products
HGiga
References
Link
Vulnerability
Dell SmartFabric OS10 os command injection
CVSSv3
9.6
Release Date
2/15/2024
Products
Dell
References
Link
Vulnerability
Dell Enterprise SONiC OS input validation
CVSSv3
9.8
Release Date
2/15/2024
Products
Dell
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9.2
Release Date
2/15/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9.2
Release Date
2/15/2024
Products
SolarWinds
References
Link
Vulnerability
Loomio os command injection
CVSSv3
9.9
Release Date
2/20/2024
Products
Loomio
References
Link
Vulnerability
Torrentpier deserialization
CVSSv3
9.9
Release Date
2/20/2024
Products
Torrentpier
References
Link
Vulnerability
CISA Ethercat Zeek Plugin Datagram Analyzer out-of-bounds write
CVSSv3
9.4
Release Date
2/21/2024
Products
CISA
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| SolarWinds Security Event Manager Service deserialization | 9.1 | 3/1/2024 | SolarWinds | Link | ||
| Qualcomm Snapdragon MLIE memory corruption | 9.6 | 3/4/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon MBSSID Beacon memory corruption | 9.6 | 3/4/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon DTLS Handshake memory corruption | 9.6 | 3/4/2024 | Qualcomm | Link | ||
| ZKSoftware Biometric Security Solutions UFace 5 authentication bypass | 9.8 | 3/5/2024 | ZKSoftware | Link | ||
| XPodas Octopod authentication bypass | 9.6 | 3/5/2024 | XPodas | Link | ||
| eProsima Fast-DDS DATA_FRAG Submessage use after free | 9 | 3/6/2024 | eProsima | Link | ||
| QNAP QTS/QuTS hero/QuTScloud improper authentication | 9.6 | 3/8/2024 | QNAP | Link | ||
| Canon Color imageCLASS MF740C WSD Probe Request Process out-of-bounds write | 9.8 | 3/11/2024 | Canon | Link | ||
| D-Link DIR-822 Rev B/DIR-822-CA Rev B HNAP stack-based overflow | 9.8 | 3/12/2024 | D-Link | Link | ||
| Siemens SINEMA Remote Connect Server Web Service access control | 9.6 | 3/12/2024 | Siemens | Link | ||
| Siemens Cerberus PRO EN Engineering Tool X.509 Certificate stack-based overflow | 9.7 | 3/12/2024 | Siemens | Link | ||
| Fortinet FortiOS/FortiPAM/FortiProxy HTTP Request out-of-bounds write | 9.6 | 3/12/2024 | Fortinet | Link | ||
| Arcserve Unified Data Protection wizardLogin doLogin improper authentication | 9.8 | 3/13/2024 | Arcserve | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling | 9.6 | 3/15/2024 | Mitsubishi | Link | ||
| open-metadata OpenMetadata v1 getUserPrincipal improper authentication | 9.6 | 3/15/2024 | open-metadata | Link | ||
| Amssplus AMSS++ unrestricted upload | 9.3 | 3/18/2024 | Amssplus | Link | ||
| Unitronics Unistream Unilogic improper authentication | 9.7 | 3/18/2024 | Unitronics | Link | ||
| Unitronics Unistream Unilogic path traversal | 9.6 | 3/18/2024 | Unitronics | Link | ||
| jens-maus RaspberryMatic path traversal | 9.7 | 3/19/2024 | jens-maus | Link | ||
| OpenText ArcSight Platform Remote Code Execution | 9.6 | 3/20/2024 | OpenText | Link | ||
| Progress Telerik Report Server deserialization | 9.1 | 3/20/2024 | Progress | Link | ||
| eProsima Fast-DDS DATA Submessage heap-based overflow | 9 | 3/21/2024 | eProsima | Link | ||
| Kiloview NDI hard-coded credentials | 9.6 | 3/21/2024 | Kiloview | Link | ||
| OpenText PVCS Version Manager improper authentication | 9.6 | 3/21/2024 | OpenText | Link | ||
| OpenText PVCS Version Manager improper authentication | 9.6 | 3/21/2024 | OpenText | Link |
Vulnerability
SolarWinds Security Event Manager Service deserialization
CVSSv3
9.1
Release Date
3/1/2024
Products
SolarWinds
References
Link
Vulnerability
Qualcomm Snapdragon MLIE memory corruption
CVSSv3
9.6
Release Date
3/4/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon MBSSID Beacon memory corruption
CVSSv3
9.6
Release Date
3/4/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon DTLS Handshake memory corruption
CVSSv3
9.6
Release Date
3/4/2024
Products
Qualcomm
References
Link
Vulnerability
ZKSoftware Biometric Security Solutions UFace 5 authentication bypass
CVSSv3
9.8
Release Date
3/5/2024
Products
ZKSoftware
References
Link
Vulnerability
XPodas Octopod authentication bypass
CVSSv3
9.6
Release Date
3/5/2024
Products
XPodas
References
Link
Vulnerability
eProsima Fast-DDS DATA_FRAG Submessage use after free
CVSSv3
9
Release Date
3/6/2024
Products
eProsima
References
Link
Vulnerability
QNAP QTS/QuTS hero/QuTScloud improper authentication
CVSSv3
9.6
Release Date
3/8/2024
Products
QNAP
References
Link
Vulnerability
Canon Color imageCLASS MF740C WSD Probe Request Process out-of-bounds write
CVSSv3
9.8
Release Date
3/11/2024
Products
Canon
References
Link
Vulnerability
D-Link DIR-822 Rev B/DIR-822-CA Rev B HNAP stack-based overflow
CVSSv3
9.8
Release Date
3/12/2024
Products
D-Link
References
Link
Vulnerability
Siemens SINEMA Remote Connect Server Web Service access control
CVSSv3
9.6
Release Date
3/12/2024
Products
Siemens
References
Link
Vulnerability
Siemens Cerberus PRO EN Engineering Tool X.509 Certificate stack-based overflow
CVSSv3
9.7
Release Date
3/12/2024
Products
Siemens
References
Link
Vulnerability
Fortinet FortiOS/FortiPAM/FortiProxy HTTP Request out-of-bounds write
CVSSv3
9.6
Release Date
3/12/2024
Products
Fortinet
References
Link
Vulnerability
Arcserve Unified Data Protection wizardLogin doLogin improper authentication
CVSSv3
9.8
Release Date
3/13/2024
Products
Arcserve
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet integer overflow
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling
CVSSv3
9.6
Release Date
3/15/2024
Products
Mitsubishi
References
Link
Vulnerability
open-metadata OpenMetadata v1 getUserPrincipal improper authentication
CVSSv3
9.6
Release Date
3/15/2024
Products
open-metadata
References
Link
Vulnerability
Amssplus AMSS++ unrestricted upload
CVSSv3
9.3
Release Date
3/18/2024
Products
Amssplus
References
Link
Vulnerability
Unitronics Unistream Unilogic improper authentication
CVSSv3
9.7
Release Date
3/18/2024
Products
Unitronics
References
Link
Vulnerability
Unitronics Unistream Unilogic path traversal
CVSSv3
9.6
Release Date
3/18/2024
Products
Unitronics
References
Link
Vulnerability
jens-maus RaspberryMatic path traversal
CVSSv3
9.7
Release Date
3/19/2024
Products
jens-maus
References
Link
Vulnerability
OpenText ArcSight Platform Remote Code Execution
CVSSv3
9.6
Release Date
3/20/2024
Products
OpenText
References
Link
Vulnerability
Progress Telerik Report Server deserialization
CVSSv3
9.1
Release Date
3/20/2024
Products
Progress
References
Link
Vulnerability
eProsima Fast-DDS DATA Submessage heap-based overflow
CVSSv3
9
Release Date
3/21/2024
Products
eProsima
References
Link
Vulnerability
Kiloview NDI hard-coded credentials
CVSSv3
9.6
Release Date
3/21/2024
Products
Kiloview
References
Link
Vulnerability
OpenText PVCS Version Manager improper authentication
CVSSv3
9.6
Release Date
3/21/2024
Products
OpenText
References
Link
Vulnerability
OpenText PVCS Version Manager improper authentication
CVSSv3
9.6
Release Date
3/21/2024
Products
OpenText
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm Snapdragon File Name Memory Corruption | 9.6 | 4/1/2024 | Qualcomm Snapdragon | Link | ||
| Progress Flowmon up to 11.1.13/12.3.4 Management Interface os command injection | 9.7 | 4/2/2024 | Progress Flowmon | Link | ||
| D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L up to 20240403 HTTP GET Request /cgi-bin/nas_sharing.cgi user hard-coded credentials | 9.7 | 4/3/2024 | D-Link | Link | ||
| Brocade Fabric OS up to 9.2.0 os command injection | 9.2 | 4/4/2024 | Brocade Fabric OS | Link | ||
| CData API Server Prior 23.4.8844 Embedded Jetty Server path traversal | 9.6 | 4/5/2024 | CData | Link | ||
| CData Connect prior 23.4.8846 Embedded Jetty Server path traversal | 9.6 | 4/5/2024 | CData | Link | ||
| Google Nest Wifi Pro 11 out-of-bounds | 9.9 | 4/5/2024 | Google Nest Wifi Pro | Link | ||
| Google Chromecast 5.0 U-boot Remote Code Execution | 9.9 | 4/5/2024 | Google Chromecast | Link | ||
| Rust up to 1.77.1 on Windows Batch File Command::arg os command injection | 9.7 | 4/9/2024 | Rust | Link | ||
| parisneo lollms-webui up to 9.0 /open_code_folder discussion_id os command injection | 9.6 | 4/10/2024 | parisneo | Link | ||
| aimhubio aim /api/runs/search/run/ run_search_api code injection | 9.8 | 4/10/2024 | aimhubio | Link | ||
| mudler localai up to 2.9.x audioToWav os command injection | 9.1 | 4/10/2024 | mudler localai | Link | ||
| Xiongmai AHB7804R-MH-V2 up to 5.00.R02.00030751.10010.348717.0000000 Sofia Service access control | 9.2 | 4/14/2024 | Xiongmai | Link | ||
| run-llama llama_index up to 10.25 safe_eval command injection | 9.6 | 4/16/2024 | run-llama | Link | ||
| Judge0 up to 1.13.0 symlink | 9.7 | 4/18/2024 | Judge0 | Link | ||
| Judge0 up to 1.13.0 run_script symlink | 9.9 | 4/18/2024 | Judge0 | Link | ||
| Ivanti Avalanche up to 6.4.2 WLAvalancheService heap-based overflow | 9.6 | 4/19/2024 | Ivanti Avalanche | Link | ||
| Wazuh up to 4.7.1 wazuh-analysisd heap-based overflow | 9.6 | 4/19/2024 | Wazuh | Link | ||
| FreeRDP up to 3.5.0 out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x /gfx integer overflow | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| FreeRDP up to 2.11.5/3.4.x out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| mysql2 up to 3.9.6 readCodeFor timezone code injection | 9.6 | 4/23/2024 | mysql2 | Link | ||
| FreeRDP up to 3.5.0 out-of-bounds | 9.6 | 4/23/2024 | FreeRDP | Link | ||
| QNAP QTS/QuTS hero/QuTScloud command injection | 10 | 4/26/2024 | QNAP | Link | ||
| dgtlmoon changedetection.io up to 0.45.20 Template special elements used in a template engine | 10 | 4/26/2024 | dgtlmoon | Link | ||
| Eclipse Target Management up to 4.5.500 os command injection | 9.8 | 4/26/2024 | Eclipse | Link | ||
| Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection | 9.9 | 4/27/2024 | MotoPress | Link | ||
| E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure | 9.8 | 4/29/2024 | FS-EZViewer(Web) | Link |
Vulnerability
Qualcomm Snapdragon File Name Memory Corruption
CVSSv3
9.6
Release Date
4/1/2024
Products
Qualcomm Snapdragon
References
Link
Vulnerability
Progress Flowmon up to 11.1.13/12.3.4 Management Interface os command injection
CVSSv3
9.7
Release Date
4/2/2024
Products
Progress Flowmon
References
Link
Vulnerability
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L up to 20240403 HTTP GET Request /cgi-bin/nas_sharing.cgi user hard-coded credentials
CVSSv3
9.7
Release Date
4/3/2024
Products
D-Link
References
Link
Vulnerability
Brocade Fabric OS up to 9.2.0 os command injection
CVSSv3
9.2
Release Date
4/4/2024
Products
Brocade Fabric OS
References
Link
Vulnerability
CData API Server Prior 23.4.8844 Embedded Jetty Server path traversal
CVSSv3
9.6
Release Date
4/5/2024
Products
CData
References
Link
Vulnerability
CData Connect prior 23.4.8846 Embedded Jetty Server path traversal
CVSSv3
9.6
Release Date
4/5/2024
Products
CData
References
Link
Vulnerability
Google Nest Wifi Pro 11 out-of-bounds
CVSSv3
9.9
Release Date
4/5/2024
Products
Google Nest Wifi Pro
References
Link
Vulnerability
Google Chromecast 5.0 U-boot Remote Code Execution
CVSSv3
9.9
Release Date
4/5/2024
Products
Google Chromecast
References
Link
Vulnerability
Rust up to 1.77.1 on Windows Batch File Command::arg os command injection
CVSSv3
9.7
Release Date
4/9/2024
Products
Rust
References
Link
Vulnerability
parisneo lollms-webui up to 9.0 /open_code_folder discussion_id os command injection
CVSSv3
9.6
Release Date
4/10/2024
Products
parisneo
References
Link
Vulnerability
aimhubio aim /api/runs/search/run/ run_search_api code injection
CVSSv3
9.8
Release Date
4/10/2024
Products
aimhubio
References
Link
Vulnerability
mudler localai up to 2.9.x audioToWav os command injection
CVSSv3
9.1
Release Date
4/10/2024
Products
mudler localai
References
Link
Vulnerability
Xiongmai AHB7804R-MH-V2 up to 5.00.R02.00030751.10010.348717.0000000 Sofia Service access control
CVSSv3
9.2
Release Date
4/14/2024
Products
Xiongmai
References
Link
Vulnerability
run-llama llama_index up to 10.25 safe_eval command injection
CVSSv3
9.6
Release Date
4/16/2024
Products
run-llama
References
Link
Vulnerability
Judge0 up to 1.13.0 symlink
CVSSv3
9.7
Release Date
4/18/2024
Products
Judge0
References
Link
Vulnerability
Judge0 up to 1.13.0 run_script symlink
CVSSv3
9.9
Release Date
4/18/2024
Products
Judge0
References
Link
Vulnerability
Ivanti Avalanche up to 6.4.2 WLAvalancheService heap-based overflow
CVSSv3
9.6
Release Date
4/19/2024
Products
Ivanti Avalanche
References
Link
Vulnerability
Wazuh up to 4.7.1 wazuh-analysisd heap-based overflow
CVSSv3
9.6
Release Date
4/19/2024
Products
Wazuh
References
Link
Vulnerability
FreeRDP up to 3.5.0 out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x /gfx integer overflow
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
FreeRDP up to 2.11.5/3.4.x out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
mysql2 up to 3.9.6 readCodeFor timezone code injection
CVSSv3
9.6
Release Date
4/23/2024
Products
mysql2
References
Link
Vulnerability
FreeRDP up to 3.5.0 out-of-bounds
CVSSv3
9.6
Release Date
4/23/2024
Products
FreeRDP
References
Link
Vulnerability
QNAP QTS/QuTS hero/QuTScloud command injection
CVSSv3
10
Release Date
4/26/2024
Products
QNAP
References
Link
Vulnerability
dgtlmoon changedetection.io up to 0.45.20 Template special elements used in a template engine
CVSSv3
10
Release Date
4/26/2024
Products
dgtlmoon
References
Link
Vulnerability
Eclipse Target Management up to 4.5.500 os command injection
CVSSv3
9.8
Release Date
4/26/2024
Products
Eclipse
References
Link
Vulnerability
Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection
CVSSv3
9.9
Release Date
4/27/2024
Products
MotoPress
References
Link
Vulnerability
E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure
CVSSv3
9.8
Release Date
4/29/2024
Products
FS-EZViewer(Web)
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| RIOT-OS gcoap_dns_server_proxy_get buffer overflow | 9.8 | 5/1/2024 | RIOT-OS | Link | ||
| Aruba ArubaOS 8.10.0.11/8.11.2.2/10.4.1.1/10.5.1.1 L2-L3 Management Service buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Aruba ArubaOS Access Point Management Protocol buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Aruba ArubaOS Automatic Reporting Service buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Aruba ArubaOS Local User Authentication Database Service buffer overflow | 9.8 | 5/1/2024 | Aruba ArubaOS | Link | ||
| Tinyproxy HTTP Connection Header use after free | 9.8 | 5/1/2024 | Tinyproxy | Link | ||
| TP-Link AX1800 hotplugd Firewall Rule race condition | 9.4 | 5/3/2024 | TP-Link | Link | ||
| Triangle MicroWorks SCADA Data Gateway missing authentication | 9.8 | 5/3/2024 | Triangle MicroWorks | Link | ||
| Ignition Automation Ignition ParameterVersionJavaSerializationCodec deserialization | 9.8 | 5/3/2024 | Ignition Automation | Link | ||
| Ignition Automation Ignition JavaSerializationCodec deserialization | 9.8 | 5/3/2024 | Ignition Automation | Link | ||
| Exim AUTH out-of-bounds write | 9.8 | 5/3/2024 | Exim AUTH | Link | ||
| Control Web Panel improper authentication | 9.8 | 5/3/2024 | Control Web Panel | Link | ||
| D-Link D-View InstallApplication hard-coded credentials | 9.5 | 5/3/2024 | D-Link | Link | ||
| D-Link D-View coreservice_action_script Remote Code Execution | 9.5 | 5/3/2024 | D-Link | Link | ||
| Voltronic Power ViewPower Pro improper authentication | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro Remote Code Execution | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability | 9.8 | 5/3/2024 | Voltronic Power | Link | ||
| PWAsForFirefox Arbitrary code execution due to improper sanitization of web app properties on Linux and PortableApps.com | 9.7 | 5/3/2024 | PWAsForFirefox | Link | ||
| CyberPower PowerPanel Enterprise PDNU REST API missing authentication | 9.8 | 5/9/2024 | CyberPower | Link | ||
| Use after free in Visuals in Google Chrome prior to 124.0.6367.201 | 9.6 | 5/9/2024 | Google Chrome | Link | ||
| LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection | 9.8 | 5/10/2024 | LearnPress | Link | ||
| `/api/proxy` endpoint ssrf vulnerability in lobe-chat | 9 | 5/10/2024 | lobe-chat | Link | ||
| Veeam Service Provider Console Management Agent deserialization | 9.3 | 5/13/2024 | Veeam | Link |
Vulnerability
RIOT-OS gcoap_dns_server_proxy_get buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
RIOT-OS
References
Link
Vulnerability
Aruba ArubaOS 8.10.0.11/8.11.2.2/10.4.1.1/10.5.1.1 L2-L3 Management Service buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Aruba ArubaOS Access Point Management Protocol buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Aruba ArubaOS Automatic Reporting Service buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Aruba ArubaOS Local User Authentication Database Service buffer overflow
CVSSv3
9.8
Release Date
5/1/2024
Products
Aruba ArubaOS
References
Link
Vulnerability
Tinyproxy HTTP Connection Header use after free
CVSSv3
9.8
Release Date
5/1/2024
Products
Tinyproxy
References
Link
Vulnerability
TP-Link AX1800 hotplugd Firewall Rule race condition
CVSSv3
9.4
Release Date
5/3/2024
Products
TP-Link
References
Link
Vulnerability
Triangle MicroWorks SCADA Data Gateway missing authentication
CVSSv3
9.8
Release Date
5/3/2024
Products
Triangle MicroWorks
References
Link
Vulnerability
Ignition Automation Ignition ParameterVersionJavaSerializationCodec deserialization
CVSSv3
9.8
Release Date
5/3/2024
Products
Ignition Automation
References
Link
Vulnerability
Ignition Automation Ignition JavaSerializationCodec deserialization
CVSSv3
9.8
Release Date
5/3/2024
Products
Ignition Automation
References
Link
Vulnerability
Exim AUTH out-of-bounds write
CVSSv3
9.8
Release Date
5/3/2024
Products
Exim AUTH
References
Link
Vulnerability
Control Web Panel improper authentication
CVSSv3
9.8
Release Date
5/3/2024
Products
Control Web Panel
References
Link
Vulnerability
D-Link D-View InstallApplication hard-coded credentials
CVSSv3
9.5
Release Date
5/3/2024
Products
D-Link
References
Link
Vulnerability
D-Link D-View coreservice_action_script Remote Code Execution
CVSSv3
9.5
Release Date
5/3/2024
Products
D-Link
References
Link
Vulnerability
Voltronic Power ViewPower Pro improper authentication
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro Remote Code Execution
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
5/3/2024
Products
Voltronic Power
References
Link
Vulnerability
PWAsForFirefox Arbitrary code execution due to improper sanitization of web app properties on Linux and PortableApps.com
CVSSv3
9.7
Release Date
5/3/2024
Products
PWAsForFirefox
References
Link
Vulnerability
CyberPower PowerPanel Enterprise PDNU REST API missing authentication
CVSSv3
9.8
Release Date
5/9/2024
Products
CyberPower
References
Link
Vulnerability
Use after free in Visuals in Google Chrome prior to 124.0.6367.201
CVSSv3
9.6
Release Date
5/9/2024
Products
Google Chrome
References
Link
Vulnerability
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection
CVSSv3
9.8
Release Date
5/10/2024
Products
LearnPress
References
Link
Vulnerability
`/api/proxy` endpoint ssrf vulnerability in lobe-chat
CVSSv3
9
Release Date
5/10/2024
Products
lobe-chat
References
Link
Vulnerability
Veeam Service Provider Console Management Agent deserialization
CVSSv3
9.3
Release Date
5/13/2024
Products
Veeam
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Sonos Sonos Era 100 SMB2 Message out-of-bounds write | 9.4 | 6/1/2024 | Sonos | Link | ||
| Sonos Sonos Era 100 SMB2 Message use after free | 9.4 | 6/1/2024 | Sonos | Link | ||
| MileSight DeviceHub random values | 9.6 | 6/2/2024 | MileSight | Link | ||
| MileSight DeviceHub authentication bypass | 9.7 | 6/2/2024 | MileSight | Link | ||
| MileSight DeviceHub path traversal | 9.6 | 6/2/2024 | MileSight | Link | ||
| MileSight DeviceHub key management | 9.3 | 6/2/2024 | MileSight | Link | ||
| Qualcomm Snapdragon Auto LTE improper authentication | 9.3 | 6/3/2024 | Qualcomm | Link | ||
| qdrant input validation | 9.6 | 6/3/2024 | qdrant | Link | ||
| Summar Software Mentor Employee Portal deserialization | 9.9 | 6/6/2024 | Summar | Link | ||
| Emerson Ovation missing authentication | 9.4 | 6/6/2024 | Emerson | Link | ||
| lightning-ai pytorch-lightning dynamically-determined object attributes | 9.8 | 6/6/2024 | lightning-ai | Link | ||
| mintplex-labs anything-llm update-env os command injection | 9 | 6/6/2024 | mintplex-labs | Link | ||
| Logsign Unified SecOps Platform command injection | 9.4 | 6/13/2024 | Logsign | Link | ||
| Adobe Framemaker Publishing Server improper authentication | 9.7 | 6/13/2024 | Adobe | Link | ||
| ASUS ZenWiFi XT8 improper authentication | 9.8 | 6/14/2024 | ASUS | Link | ||
| Toshiba Tec e-Studio Multi-Function Peripheral os command injection | 9.8 | 6/14/2024 | Toshiba | Link | ||
| ASUS DSL-AC55 Firmware unrestricted upload | 9.6 | 6/14/2024 | ASUS | Link | ||
| TrendNet TEW-814DAP shadow.sample hard-coded password | 9.5 | 6/14/2024 | TrendNet | Link | ||
| Trellix Intrusion Prevention System Manager deserialization | 9.6 | 6/14/2024 | Trellix | Link | ||
| SECOM WRTR-304GN-304TW-UPSC os command injection | 9.8 | 6/17/2024 | SECOM | Link | ||
| GeoVision GVLX 4 V3 os command injection | 9.8 | 6/17/2024 | GeoVision | Link | ||
| deepjavalibrary djl path traversal | 9.7 | 6/17/2024 | deepjavalibrary | Link | ||
| Emerson Ovation missing authentication | 9.4 | 6/6/2024 | Emerson | Link | ||
| lightning-ai pytorch-lightning dynamically-determined object attributes | 9.8 | 6/6/2024 | lightning-ai | Link | ||
| mintplex-labs anything-llm update-env os command injection | 9 | 6/6/2024 | mintplex-labs | Link | ||
| Logsign Unified SecOps Platform command injection | 9.4 | 6/13/2024 | Logsign | Link | ||
| Adobe Framemaker Publishing Server improper authentication | 9.7 | 6/13/2024 | Adobe | Link | ||
| ASUS ZenWiFi XT8 improper authentication | 9.8 | 6/14/2024 | ASUS | Link | ||
| Toshiba Tec e-Studio Multi-Function Peripheral os command injection | 9.8 | 6/14/2024 | Toshiba | Link | ||
| ASUS DSL-AC55 Firmware unrestricted upload | 9.6 | 6/14/2024 | ASUS | Link |
Vulnerability
Sonos Sonos Era 100 SMB2 Message out-of-bounds write
CVSSv3
9.4
Release Date
6/1/2024
Products
Sonos
References
Link
Vulnerability
Sonos Sonos Era 100 SMB2 Message use after free
CVSSv3
9.4
Release Date
6/1/2024
Products
Sonos
References
Link
Vulnerability
MileSight DeviceHub random values
CVSSv3
9.6
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
MileSight DeviceHub authentication bypass
CVSSv3
9.7
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
MileSight DeviceHub path traversal
CVSSv3
9.6
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
MileSight DeviceHub key management
CVSSv3
9.3
Release Date
6/2/2024
Products
MileSight
References
Link
Vulnerability
Qualcomm Snapdragon Auto LTE improper authentication
CVSSv3
9.3
Release Date
6/3/2024
Products
Qualcomm
References
Link
Vulnerability
qdrant input validation
CVSSv3
9.6
Release Date
6/3/2024
Products
qdrant
References
Link
Vulnerability
Summar Software Mentor Employee Portal deserialization
CVSSv3
9.9
Release Date
6/6/2024
Products
Summar
References
Link
Vulnerability
Emerson Ovation missing authentication
CVSSv3
9.4
Release Date
6/6/2024
Products
Emerson
References
Link
Vulnerability
lightning-ai pytorch-lightning dynamically-determined object attributes
CVSSv3
9.8
Release Date
6/6/2024
Products
lightning-ai
References
Link
Vulnerability
mintplex-labs anything-llm update-env os command injection
CVSSv3
9
Release Date
6/6/2024
Products
mintplex-labs
References
Link
Vulnerability
Logsign Unified SecOps Platform command injection
CVSSv3
9.4
Release Date
6/13/2024
Products
Logsign
References
Link
Vulnerability
Adobe Framemaker Publishing Server improper authentication
CVSSv3
9.7
Release Date
6/13/2024
Products
Adobe
References
Link
Vulnerability
ASUS ZenWiFi XT8 improper authentication
CVSSv3
9.8
Release Date
6/14/2024
Products
ASUS
References
Link
Vulnerability
Toshiba Tec e-Studio Multi-Function Peripheral os command injection
CVSSv3
9.8
Release Date
6/14/2024
Products
Toshiba
References
Link
Vulnerability
ASUS DSL-AC55 Firmware unrestricted upload
CVSSv3
9.6
Release Date
6/14/2024
Products
ASUS
References
Link
Vulnerability
TrendNet TEW-814DAP shadow.sample hard-coded password
CVSSv3
9.5
Release Date
6/14/2024
Products
TrendNet
References
Link
Vulnerability
Trellix Intrusion Prevention System Manager deserialization
CVSSv3
9.6
Release Date
6/14/2024
Products
Trellix
References
Link
Vulnerability
SECOM WRTR-304GN-304TW-UPSC os command injection
CVSSv3
9.8
Release Date
6/17/2024
Products
SECOM
References
Link
Vulnerability
GeoVision GVLX 4 V3 os command injection
CVSSv3
9.8
Release Date
6/17/2024
Products
GeoVision
References
Link
Vulnerability
deepjavalibrary djl path traversal
CVSSv3
9.7
Release Date
6/17/2024
Products
deepjavalibrary
References
Link
Vulnerability
Emerson Ovation missing authentication
CVSSv3
9.4
Release Date
6/6/2024
Products
Emerson
References
Link
Vulnerability
lightning-ai pytorch-lightning dynamically-determined object attributes
CVSSv3
9.8
Release Date
6/6/2024
Products
lightning-ai
References
Link
Vulnerability
mintplex-labs anything-llm update-env os command injection
CVSSv3
9
Release Date
6/6/2024
Products
mintplex-labs
References
Link
Vulnerability
Logsign Unified SecOps Platform command injection
CVSSv3
9.4
Release Date
6/13/2024
Products
Logsign
References
Link
Vulnerability
Adobe Framemaker Publishing Server improper authentication
CVSSv3
9.7
Release Date
6/13/2024
Products
Adobe
References
Link
Vulnerability
ASUS ZenWiFi XT8 improper authentication
CVSSv3
9.8
Release Date
6/14/2024
Products
ASUS
References
Link
Vulnerability
Toshiba Tec e-Studio Multi-Function Peripheral os command injection
CVSSv3
9.8
Release Date
6/14/2024
Products
Toshiba
References
Link
Vulnerability
ASUS DSL-AC55 Firmware unrestricted upload
CVSSv3
9.6
Release Date
6/14/2024
Products
ASUS
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| GeoServer OGC Request neutralization of directives | 9.6 | 7/1/2024 | GeoServer | Link | ||
| Gogs Change Preview argument injection | 9.1 | 7/4/2024 | Gogs | Link | ||
| Gogs SSH Connection ssh.go argument injection | 9.1 | 7/4/2024 | Gogs | Link | ||
| Rejetto HTTP File Server Upload Node.js child_process Privilege Escalation | 9.1 | 7/5/2024 | Rejetto | Link | ||
| Apache CloudStack Service Port 9090 code injection | 9.4 | 7/5/2024 | Apache | Link | ||
| ABB ASPECT-Enterprise/NEXUS/MATRIX input validation | 9.8 | 7/5/2024 | ABB | Link | ||
| ifm Smart PLC AC14xx/Smart PLC AC4xxS hard-coded credentials | 9.6 | 7/9/2024 | ifm | Link | ||
| Siemens SINEMA Remote Connect Server Firmware Update temp file | 9 | 7/9/2024 | Siemens | Link | ||
| Pepperl+Fuchs OIT1500-F113-B12-CB Telnet missing authentication | 9.6 | 7/10/2024 | Pepperl+Fuchs | Link | ||
| Palo Alto Networks Expedition missing authentication | 9.4 | 7/10/2024 | Palo | Link | ||
| ServiceNow Now Platform improper validation of specified type of input | 9.4 | 7/10/2024 | ServiceNow | Link | ||
| Supermicro BMC stack-based overflow | 9.8 | 7/12/2024 | Supermicro | Link | ||
| fogproject reportmaker.class.php command injection | 9.6 | 7/12/2024 | fogproject | Link | ||
| Cellopoint Secure Email Gateway SMTP Listener stack-based overflow | 9.8 | 7/15/2024 | Cellopoint | Link | ||
| Broadcom Symantec Privileged Access Management PAM System Remote Code Execution | 9.4 | 7/15/2024 | Broadcom | Link | ||
| Broadcom Symantec Privileged Access Management PAM System unrestricted upload | 9.4 | 7/15/2024 | Broadcom | Link | ||
| Broadcom Symantec Privileged Access Management PAM System Remote Code Execution | 9.8 | 7/15/2024 | Broadcom | Link | ||
| sni Thruk html2pdf.sh code injection | 9.1 | 7/15/2024 | sni | Link | ||
| Oracle WebLogic Server Core Remote Code Execution | 9.6 | 7/17/2024 | Oracle | Link | ||
| Zoho ManageEngine DDI Central Agent hard-coded credentials | 9.3 | 7/17/2024 | Zoho | Link | ||
| SolarWinds Access Rights Manager deserialization | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager path traversal | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager Service improper authentication | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager improper authentication | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager input validation | 9 | 7/17/2024 | SolarWinds | Link | ||
| SolarWinds Access Rights Manager path traversal | 9.5 | 7/17/2024 | SolarWinds | Link | ||
| Cisco Secure Email Content Scanning/Message Filtering absolute path traversal | 9.6 | 7/17/2024 | Cisco | Link | ||
| PruvaSoft Informatics Apinizer Management Console permission assignment | 9.1 | 7/18/2024 | PruvaSoft | Link | ||
| JumpServer path traversal | 9.7 | 7/18/2024 | JumpServer | Link | ||
| JumpServer path traversal | 9.7 | 7/18/2024 | JumpServer | Link |
Vulnerability
GeoServer OGC Request neutralization of directives
CVSSv3
9.6
Release Date
7/1/2024
Products
GeoServer
References
Link
Vulnerability
Gogs Change Preview argument injection
CVSSv3
9.1
Release Date
7/4/2024
Products
Gogs
References
Link
Vulnerability
Gogs SSH Connection ssh.go argument injection
CVSSv3
9.1
Release Date
7/4/2024
Products
Gogs
References
Link
Vulnerability
Rejetto HTTP File Server Upload Node.js child_process Privilege Escalation
CVSSv3
9.1
Release Date
7/5/2024
Products
Rejetto
References
Link
Vulnerability
Apache CloudStack Service Port 9090 code injection
CVSSv3
9.4
Release Date
7/5/2024
Products
Apache
References
Link
Vulnerability
ABB ASPECT-Enterprise/NEXUS/MATRIX input validation
CVSSv3
9.8
Release Date
7/5/2024
Products
ABB
References
Link
Vulnerability
ifm Smart PLC AC14xx/Smart PLC AC4xxS hard-coded credentials
CVSSv3
9.6
Release Date
7/9/2024
Products
ifm
References
Link
Vulnerability
Siemens SINEMA Remote Connect Server Firmware Update temp file
CVSSv3
9
Release Date
7/9/2024
Products
Siemens
References
Link
Vulnerability
Pepperl+Fuchs OIT1500-F113-B12-CB Telnet missing authentication
CVSSv3
9.6
Release Date
7/10/2024
Products
Pepperl+Fuchs
References
Link
Vulnerability
Palo Alto Networks Expedition missing authentication
CVSSv3
9.4
Release Date
7/10/2024
Products
Palo
References
Link
Vulnerability
ServiceNow Now Platform improper validation of specified type of input
CVSSv3
9.4
Release Date
7/10/2024
Products
ServiceNow
References
Link
Vulnerability
Supermicro BMC stack-based overflow
CVSSv3
9.8
Release Date
7/12/2024
Products
Supermicro
References
Link
Vulnerability
fogproject reportmaker.class.php command injection
CVSSv3
9.6
Release Date
7/12/2024
Products
fogproject
References
Link
Vulnerability
Cellopoint Secure Email Gateway SMTP Listener stack-based overflow
CVSSv3
9.8
Release Date
7/15/2024
Products
Cellopoint
References
Link
Vulnerability
Broadcom Symantec Privileged Access Management PAM System Remote Code Execution
CVSSv3
9.4
Release Date
7/15/2024
Products
Broadcom
References
Link
Vulnerability
Broadcom Symantec Privileged Access Management PAM System unrestricted upload
CVSSv3
9.4
Release Date
7/15/2024
Products
Broadcom
References
Link
Vulnerability
Broadcom Symantec Privileged Access Management PAM System Remote Code Execution
CVSSv3
9.8
Release Date
7/15/2024
Products
Broadcom
References
Link
Vulnerability
sni Thruk html2pdf.sh code injection
CVSSv3
9.1
Release Date
7/15/2024
Products
sni
References
Link
Vulnerability
Oracle WebLogic Server Core Remote Code Execution
CVSSv3
9.6
Release Date
7/17/2024
Products
Oracle
References
Link
Vulnerability
Zoho ManageEngine DDI Central Agent hard-coded credentials
CVSSv3
9.3
Release Date
7/17/2024
Products
Zoho
References
Link
Vulnerability
SolarWinds Access Rights Manager deserialization
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager Service improper authentication
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager improper authentication
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager input validation
CVSSv3
9
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
SolarWinds Access Rights Manager path traversal
CVSSv3
9.5
Release Date
7/17/2024
Products
SolarWinds
References
Link
Vulnerability
Cisco Secure Email Content Scanning/Message Filtering absolute path traversal
CVSSv3
9.6
Release Date
7/17/2024
Products
Cisco
References
Link
Vulnerability
PruvaSoft Informatics Apinizer Management Console permission assignment
CVSSv3
9.1
Release Date
7/18/2024
Products
PruvaSoft
References
Link
Vulnerability
JumpServer path traversal
CVSSv3
9.7
Release Date
7/18/2024
Products
JumpServer
References
Link
Vulnerability
JumpServer path traversal
CVSSv3
9.7
Release Date
7/18/2024
Products
JumpServer
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm QCN5054 WLAN memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Qualcomm AR8035 Modem memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Netman-204 Firmware File unrestricted upload | 9.9 | 10/3/2023 | Netman-204 | Link | ||
| Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine | 9.8 | 10/3/2023 | Dienstleistung | Link | ||
| Cisco Emergency Responder hard-coded credentials | 9.4 | 10/4/2023 | Cisco | Link | ||
| Schneider Electric C-Bus Toolkit path traversal | 9.6 | 10/5/2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization | 9.6 | 10/5/2023 | Schneider | Link | ||
| D-Link D-View InstallApplication hard-coded credentials | 9.5 | 10/5/2023 | D-Link | Link | ||
| D-Link D-View coreservice_action_script Remote Code Execution | 9.5 | 10/5/2023 | D-Link | Link | ||
| Qognify NiceVision hard-coded credentials | 9.7 | 10/6/2023 | Qognify | Link | ||
| Dell SmartFabric Storage Software input validation | 9.6 | 10/6/2023 | Dell | Link | ||
| Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials | 9.6 | 10/10/2023 | Siemens | Link | ||
| Siemens Simcenter Amesim SOAP Endpoint code injection | 9.6 | 10/10/2023 | Siemens | Link | ||
| Sangfor Next-Gen Application Firewall Header authentication spoofing | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall LogInOut.php os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request realloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request malloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gozila_cgi stack-based overflow | 9.2 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request manage_request stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg.cgi debug code | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request debug code | 9.6 | 2023-10-11 | Yifan | Link |
Vulnerability
Qualcomm QCN5054 WLAN memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AR8035 Modem memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Netman-204 Firmware File unrestricted upload
CVSSv3
9.9
Release Date
10/3/2023
Products
Netman-204
References
Link
Vulnerability
Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine
CVSSv3
9.8
Release Date
10/3/2023
Products
Dienstleistung
References
Link
Vulnerability
Cisco Emergency Responder hard-coded credentials
CVSSv3
9.4
Release Date
10/4/2023
Products
Cisco
References
Link
Vulnerability
Schneider Electric C-Bus Toolkit path traversal
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
D-Link D-View InstallApplication hard-coded credentials
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
D-Link D-View coreservice_action_script Remote Code Execution
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
Qognify NiceVision hard-coded credentials
CVSSv3
9.7
Release Date
10/6/2023
Products
Qognify
References
Link
Vulnerability
Dell SmartFabric Storage Software input validation
CVSSv3
9.6
Release Date
10/6/2023
Products
Dell
References
Link
Vulnerability
Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Siemens Simcenter Amesim SOAP Endpoint code injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall Header authentication spoofing
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall LogInOut.php os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request realloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request malloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gozila_cgi stack-based overflow
CVSSv3
9.2
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request manage_request stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg.cgi debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| MISP 2.4.196 lacks access restriction in BookmarksController, exposing bookmarks data | 9.8 | 9/1/2024 | MISP | Link | ||
| D-Link DAP-2310 stack-based buffer overflow in ATP binary allows arbitrary code execution (unsupported product) | 9.8 | 9/2/2024 | D-Link DAP-2310 | Link | ||
| Zyxel firmware command injection in host parameter allows unauthenticated OS command execution | 9.8 | 9/3/2024 | Zyxel firmware | Link | ||
| Firefox and Thunderbird type confusion vulnerability enables potential exploitation | 9.8 | 9/3/2024 | Firefox and Thunderbird | Link | ||
| Firefox and Thunderbird memory safety bugs in multiple versions enable arbitrary code execution | 9.8 | 9/3/2024 | Firefox and Thunderbird | Link | ||
| Firefox 129 memory safety bugs with memory corruption risk; affects Firefox < 130 | 9.8 | 9/3/2024 | Firefox | Link | ||
| Samsung Notes stack-based out-of-bounds write prior to 4.4.21.62 enables remote code execution | 9.8 | 9/4/2024 | Samsung Notes | Link | ||
| Apache OFBiz server-side request forgery and code injection vulnerability prior to 18.12.16 | 9.8 | 9/4/2024 | Apache OFBiz | Link | ||
| Apache OFBiz forced browsing vulnerability prior to 18.12.16 | 9.8 | 9/4/2024 | Apache OFBiz | Link | ||
| IBM webMethods Integration 10.15 allows authenticated arbitrary file upload and execution | 9.9 | 9/4/2024 | IBM webMethods Integration | Link | ||
| Cisco Smart Licensing Utility static admin credentials allow unauthenticated login with elevated privileges | 9.8 | 9/4/2024 | Cisco Smart Licensing Utility | Link | ||
| Micron Crucial MX500 SSDs buffer overflow vulnerability triggered by crafted ATA packets | 9.8 | 9/4/2024 | Micron Crucial MX500 SSDs | Link | ||
| MindsDB DNS rebinding vulnerability bypasses SSRF protection, leading to DoS | 9.3 | 9/5/2024 | MindsDB | Link | ||
| Progress LoadMaster improper input validation enables OS command injection | 10 | 9/5/2024 | Progress LoadMaster | Link | ||
| D-Link DI-8100G command injection via upgrade_filter.asp sub47A60C function | 9.8 | 9/6/2024 | D-Link DI-8100G | Link | ||
| D-Link DI-8100G command injection via msp_info.htm | 9.8 | 9/6/2024 | D-Link DI-8100G | Link | ||
| Veeam VSPC authentication bypass exposes NTLM hash of service account | 9.9 | 9/7/2024 | Veeam VSPC | Link | ||
| Veeam VSPC server code injection vulnerability allows arbitrary file upload and remote code execution | 9.9 | 9/7/2024 | Veeam VSPC | Link | ||
| Veeam Backup and Replication deserialization vulnerability enables unauthenticated RCE | 9.8 | 9/7/2024 | Veeam Backup and Replication | Link | ||
| Veeam Reporter Service vulnerability exposes NTLM hash with user interaction | 9 | 9/7/2024 | Veeam Reporter Service | Link | ||
| Veeam ONE Agent allows remote code execution if attacker has service account credentials | 9.1 | 9/7/2024 | Veeam ONE Agent | Link | ||
| Kibana deserialization flaw enables arbitrary code execution when parsing crafted YAML payloads with Elastic Security AI tools and Amazon Bedrock connector | 9.9 | 9/9/2024 | Kibana | Link | ||
| HPE HP-UX NFSv4 denial of service vulnerability in Network File System services | 9.3 | 9/9/2024 | HPE HP-UX | Link | ||
| D-Link DI-8300 v16.07.26A1 command injection via upgrade_filter_asp function | 9.8 | 9/9/2024 | D-Link DI-8300 | Link | ||
| D-Link DI-8300 v16.07.26A1 command injection via msp_info_htm function | 9.8 | 9/9/2024 | D-Link DI-8300 | Link | ||
| Zyxel NAS326 and NAS542 command injection via export-cgi program in HTTP POST request | 9.8 | 9/10/2024 | Zyxel | Link | ||
| Dell PowerScale InsightIQ versions 5.0 through 5.1 directory access vulnerability | 9.8 | 9/10/2024 | Dell PowerScale InsightIQ | Link | ||
| Dell PowerScale InsightIQ versions 5.0 through 5.1 weak cryptographic algorithm | 9.8 | 9/10/2024 | Dell PowerScale InsightIQ | Link | ||
| Samsung Escargot JavaScript engine 4.0.0 heap-based buffer overflow vulnerability | 9.8 | 9/10/2024 | Samsung Escargot | Link | ||
| Nix package manager 2.24 arbitrary file write vulnerability, potentially with root permissions | 9 | 9/10/2024 | Nix package manager | Link |
Vulnerability
MISP 2.4.196 lacks access restriction in BookmarksController, exposing bookmarks data
CVSSv3
9.8
Release Date
9/1/2024
Products
MISP
References
Link
Vulnerability
D-Link DAP-2310 stack-based buffer overflow in ATP binary allows arbitrary code execution (unsupported product)
CVSSv3
9.8
Release Date
9/2/2024
Products
D-Link DAP-2310
References
Link
Vulnerability
Zyxel firmware command injection in host parameter allows unauthenticated OS command execution
CVSSv3
9.8
Release Date
9/3/2024
Products
Zyxel firmware
References
Link
Vulnerability
Firefox and Thunderbird type confusion vulnerability enables potential exploitation
CVSSv3
9.8
Release Date
9/3/2024
Products
Firefox and Thunderbird
References
Link
Vulnerability
Firefox and Thunderbird memory safety bugs in multiple versions enable arbitrary code execution
CVSSv3
9.8
Release Date
9/3/2024
Products
Firefox and Thunderbird
References
Link
Vulnerability
Firefox 129 memory safety bugs with memory corruption risk; affects Firefox < 130
CVSSv3
9.8
Release Date
9/3/2024
Products
Firefox
References
Link
Vulnerability
Samsung Notes stack-based out-of-bounds write prior to 4.4.21.62 enables remote code execution
CVSSv3
9.8
Release Date
9/4/2024
Products
Samsung Notes
References
Link
Vulnerability
Apache OFBiz server-side request forgery and code injection vulnerability prior to 18.12.16
CVSSv3
9.8
Release Date
9/4/2024
Products
Apache OFBiz
References
Link
Vulnerability
Apache OFBiz forced browsing vulnerability prior to 18.12.16
CVSSv3
9.8
Release Date
9/4/2024
Products
Apache OFBiz
References
Link
Vulnerability
IBM webMethods Integration 10.15 allows authenticated arbitrary file upload and execution
CVSSv3
9.9
Release Date
9/4/2024
Products
IBM webMethods Integration
References
Link
Vulnerability
Cisco Smart Licensing Utility static admin credentials allow unauthenticated login with elevated privileges
CVSSv3
9.8
Release Date
9/4/2024
Products
Cisco Smart Licensing Utility
References
Link
Vulnerability
Micron Crucial MX500 SSDs buffer overflow vulnerability triggered by crafted ATA packets
CVSSv3
9.8
Release Date
9/4/2024
Products
Micron Crucial MX500 SSDs
References
Link
Vulnerability
MindsDB DNS rebinding vulnerability bypasses SSRF protection, leading to DoS
CVSSv3
9.3
Release Date
9/5/2024
Products
MindsDB
References
Link
Vulnerability
Progress LoadMaster improper input validation enables OS command injection
CVSSv3
10
Release Date
9/5/2024
Products
Progress LoadMaster
References
Link
Vulnerability
D-Link DI-8100G command injection via upgrade_filter.asp sub47A60C function
CVSSv3
9.8
Release Date
9/6/2024
Products
D-Link DI-8100G
References
Link
Vulnerability
D-Link DI-8100G command injection via msp_info.htm
CVSSv3
9.8
Release Date
9/6/2024
Products
D-Link DI-8100G
References
Link
Vulnerability
Veeam VSPC authentication bypass exposes NTLM hash of service account
CVSSv3
9.9
Release Date
9/7/2024
Products
Veeam VSPC
References
Link
Vulnerability
Veeam VSPC server code injection vulnerability allows arbitrary file upload and remote code execution
CVSSv3
9.9
Release Date
9/7/2024
Products
Veeam VSPC
References
Link
Vulnerability
Veeam Backup and Replication deserialization vulnerability enables unauthenticated RCE
CVSSv3
9.8
Release Date
9/7/2024
Products
Veeam Backup and Replication
References
Link
Vulnerability
Veeam Reporter Service vulnerability exposes NTLM hash with user interaction
CVSSv3
9
Release Date
9/7/2024
Products
Veeam Reporter Service
References
Link
Vulnerability
Veeam ONE Agent allows remote code execution if attacker has service account credentials
CVSSv3
9.1
Release Date
9/7/2024
Products
Veeam ONE Agent
References
Link
Vulnerability
Kibana deserialization flaw enables arbitrary code execution when parsing crafted YAML payloads with Elastic Security AI tools and Amazon Bedrock connector
CVSSv3
9.9
Release Date
9/9/2024
Products
Kibana
References
Link
Vulnerability
HPE HP-UX NFSv4 denial of service vulnerability in Network File System services
CVSSv3
9.3
Release Date
9/9/2024
Products
HPE HP-UX
References
Link
Vulnerability
D-Link DI-8300 v16.07.26A1 command injection via upgrade_filter_asp function
CVSSv3
9.8
Release Date
9/9/2024
Products
D-Link DI-8300
References
Link
Vulnerability
D-Link DI-8300 v16.07.26A1 command injection via msp_info_htm function
CVSSv3
9.8
Release Date
9/9/2024
Products
D-Link DI-8300
References
Link
Vulnerability
Zyxel NAS326 and NAS542 command injection via export-cgi program in HTTP POST request
CVSSv3
9.8
Release Date
9/10/2024
Products
Zyxel
References
Link
Vulnerability
Dell PowerScale InsightIQ versions 5.0 through 5.1 directory access vulnerability
CVSSv3
9.8
Release Date
9/10/2024
Products
Dell PowerScale InsightIQ
References
Link
Vulnerability
Dell PowerScale InsightIQ versions 5.0 through 5.1 weak cryptographic algorithm
CVSSv3
9.8
Release Date
9/10/2024
Products
Dell PowerScale InsightIQ
References
Link
Vulnerability
Samsung Escargot JavaScript engine 4.0.0 heap-based buffer overflow vulnerability
CVSSv3
9.8
Release Date
9/10/2024
Products
Samsung Escargot
References
Link
Vulnerability
Nix package manager 2.24 arbitrary file write vulnerability, potentially with root permissions
CVSSv3
9
Release Date
9/10/2024
Products
Nix package manager
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Linear eMerge e3-Series forgot_password os command injection | 9.8 | 10/2/2024 | Linear | Link | ||
| Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write | 7.9 | 10/2/2024 | Cisco | Link | ||
| Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write | 7.9 | 10/2/2024 | Cisco | Link | ||
| Cisco Meraki MX/Meraki Z AnyConnect VPN Server double free | 7.9 | 10/2/2024 | Cisco | Link | ||
| Cisco RV340/RV340W/RV345/RV345P Web-based Management Interface improper authorization | 8.6 | 10/2/2024 | Cisco | Link | ||
| Cisco Data Center Network Manager Nexus Dashboard path traversal | 8.6 | 10/2/2024 | Cisco | Link | ||
| Cisco Data Center Network Manager Nexus Dashboard Fabric Controller command injection | 9.1 | 10/2/2024 | Cisco | Link | ||
| Zimbra Collaboration Suite postjournal Service improper authentication | 9.7 | 10/3/2024 | Zimbra | Link | ||
| HP One Agent Software untrusted search path | 8 | 10/3/2024 | HP | Link | ||
| Elsight Halo os command injection | 9.6 | 10/6/2024 | Elsight | Link | ||
| Elsight Halo os command injection | 9.6 | 10/6/2024 | Elsight | Link | ||
| Qualcomm Snapdragon Auto HLOS use after free | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto User Packet use after free | 7.9 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Wired Infrastructure and Networking Log File memory corruption | 9.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Compute/Snapdragon Industrial IOT Camera Driver memory corruption | 7.9 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto ML IE buffer over-read | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Response Buffer memory corruption | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto IOCTL Call untrusted pointer dereference | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Qualcomm Snapdragon Auto Beacon buffer over-read | 7.6 | 10/7/2024 | Qualcomm | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Remote Desktop Client use after free | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Azure CLI/Azure Service Connector command injection | 7.6 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.9 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Management Console neutralization | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Microsoft Windows Routing/Remote Access Service heap-based overflow | 7.7 | 10/8/2024 | Microsoft | Link | ||
| Progress Telerik Reporting externally-controlled input to select classes or code | 7.6 | 10/9/2024 | Progress | Link |
Vulnerability
Linear eMerge e3-Series forgot_password os command injection
CVSSv3
9.8
Release Date
10/2/2024
Products
Linear
References
Link
Vulnerability
Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write
CVSSv3
7.9
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Meraki MX/Meraki Z AnyConnect VPN Server out-of-bounds write
CVSSv3
7.9
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Meraki MX/Meraki Z AnyConnect VPN Server double free
CVSSv3
7.9
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco RV340/RV340W/RV345/RV345P Web-based Management Interface improper authorization
CVSSv3
8.6
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Data Center Network Manager Nexus Dashboard path traversal
CVSSv3
8.6
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Cisco Data Center Network Manager Nexus Dashboard Fabric Controller command injection
CVSSv3
9.1
Release Date
10/2/2024
Products
Cisco
References
Link
Vulnerability
Zimbra Collaboration Suite postjournal Service improper authentication
CVSSv3
9.7
Release Date
10/3/2024
Products
Zimbra
References
Link
Vulnerability
HP One Agent Software untrusted search path
CVSSv3
8
Release Date
10/3/2024
Products
HP
References
Link
Vulnerability
Elsight Halo os command injection
CVSSv3
9.6
Release Date
10/6/2024
Products
Elsight
References
Link
Vulnerability
Elsight Halo os command injection
CVSSv3
9.6
Release Date
10/6/2024
Products
Elsight
References
Link
Vulnerability
Qualcomm Snapdragon Auto HLOS use after free
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto User Packet use after free
CVSSv3
7.9
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Wired Infrastructure and Networking Log File memory corruption
CVSSv3
9.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Compute/Snapdragon Industrial IOT Camera Driver memory corruption
CVSSv3
7.9
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto ML IE buffer over-read
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Response Buffer memory corruption
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto IOCTL Call untrusted pointer dereference
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Qualcomm Snapdragon Auto Beacon buffer over-read
CVSSv3
7.6
Release Date
10/7/2024
Products
Qualcomm
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Remote Desktop Client use after free
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Azure CLI/Azure Service Connector command injection
CVSSv3
7.6
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.9
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Management Console neutralization
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Microsoft Windows Routing/Remote Access Service heap-based overflow
CVSSv3
7.7
Release Date
10/8/2024
Products
Microsoft
References
Link
Vulnerability
Progress Telerik Reporting externally-controlled input to select classes or code
CVSSv3
7.6
Release Date
10/9/2024
Products
Progress
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Session fixation in Kylin 2.0.0–4.x allows session hijacking. Upgrade to 5.0.0. | 9.1 | 11/4/2024 | Apache Kylin | Link | ||
| Cryptographic issue in LMP start encryption command under unexpected conditions. | 9.1 | 11/4/2024 | Qualcomm | Link | ||
| Command injection in Aruba PAPI service (UDP 8211) allows unauthenticated RCE. | 9 | 11/5/2024 | HPE Aruba CLI Service | Link | ||
| Command injection in Aruba PAPI service (UDP 8211) allows unauthenticated RCE. | 11/5/2024 | 11/5/2024 | HPE Aruba CLI Service | Link | ||
| Command injection in Cisco URWB Access Points allows unauthenticated RCE with root privileges. | 10 | 11/6/2024 | Cisco URWB | Link | ||
| OS command injection in D-Link DNS-320/325/340L (cgi_user_add function). Public exploit exists. | 9.8 | 11/6/2024 | D-Link | Link | ||
| OS command injection in D-Link DNS-320/325/340L (cgi_user_add function). Public exploit exists. | 9.8 | 11/6/2024 | D-Link | Link | ||
| IP authentication spoofing vulnerability in ZooKeeper Admin Server allows bypass. Upgrade to 3.9.3. | 9.1 | 11/7/2024 | Apache ZooKeeper | Link | ||
| OS command injection in Dell SONiC OS 4.1.x/4.2.x allows RCE with elevated privileges. | 9.1 | 11/8/2024 | Dell SONiC OS | Link | ||
| Missing authentication step in Dell SONiC OS 4.1.x/4.2.x allows protection bypass. | 9.8 | 11/8/2024 | Dell SONiC OS | Link | ||
| OS command injection in Dell SONiC OS 4.1.x/4.2.x allows RCE with elevated privileges. | 9.1 | 11/8/2024 | Dell SONiC OS | Link | ||
| Missing authentication in Fortinet FortiManager/Proxy versions allows unauthorized RCE. | 9.8 | 11/12/2024 | Fortinet FortiManager | Link | ||
| SQL injection in Ivanti Endpoint Manager allows unauthenticated RCE. | 9.8 | 11/12/2024 | Ivanti | Link | ||
| Command injection in Ivanti Connect Secure pre-22.7R2.1 allows authenticated RCE. | 9.1 | 11/12/2024 | Ivanti | Link | ||
| Command injection in Ivanti Connect Secure pre-22.7R2.1 allows authenticated RCE. | 9.1 | 11/12/2024 | Ivanti | Link | ||
| Command injection in Ivanti Connect Secure pre-22.7R2.1 allows authenticated RCE. | 9.1 | 11/12/2024 | Ivanti | Link | ||
| RCE vulnerability in Windows KDC Proxy. | 9.8 | 11/12/2024 | Microsoft | Link | ||
| RCE vulnerability in Azure CycleCloud. | 9.9 | 11/12/2024 | Microsoft | Link | ||
| .NET and Visual Studio Remote Code Execution Vulnerability | 9.8 | 11/12/2024 | Microsoft | Link | ||
| Input validation flaw in RUGGEDCOM routers allows remote RCE. | 9.8 | 11/12/2024 | Siemens | Link | ||
| API input validation flaw in SINEC INS <V1.0 SP2 Update 3 allows authenticated RCE. | 9.4 | 11/12/2024 | Siemens | Link | ||
| SFTP path flaw in SINEC INS <V1.0 SP2 Update 3 allows remote code manipulation. | 9.9 | 11/12/2024 | Siemens | Link | ||
| Deserialization in PP TeleControl Server <V3.1.2.1 allows RCE. | 10 | 11/12/2024 | Siemens | Link | ||
| Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE. | 9.1 | 11/13/2024 | Ivanti | Link | ||
| Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE. | 9.1 | 11/13/2024 | Ivanti | Link | ||
| Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE. | 9.1 | 11/13/2024 | Ivanti | Link | ||
| Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.2 allows authenticated RCE. | 9.1 | 11/13/2024 | Ivanti | Link | ||
| Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE. | 9.1 | 11/13/2024 | Ivanti | Link | ||
| Rancher stores vSphere CPI/CSI credentials in plaintext, exposing sensitive data. | 9.1 | 11/13/2024 | SUSE | Link | ||
| Unchecked return value in Traffic Server 9.2.0–10.0.1 retains privileges. Upgrade to 9.2.6/10.0.2. | 9.1 | 11/14/2024 | Apache Traffic Server | Link |
Vulnerability
Session fixation in Kylin 2.0.0–4.x allows session hijacking. Upgrade to 5.0.0.
CVSSv3
9.1
Release Date
11/4/2024
Products
Apache Kylin
References
Link
Vulnerability
Cryptographic issue in LMP start encryption command under unexpected conditions.
CVSSv3
9.1
Release Date
11/4/2024
Products
Qualcomm
References
Link
Vulnerability
Command injection in Aruba PAPI service (UDP 8211) allows unauthenticated RCE.
CVSSv3
9
Release Date
11/5/2024
Products
HPE Aruba CLI Service
References
Link
Vulnerability
Command injection in Aruba PAPI service (UDP 8211) allows unauthenticated RCE.
CVSSv3
11/5/2024
Release Date
11/5/2024
Products
HPE Aruba CLI Service
References
Link
Vulnerability
Command injection in Cisco URWB Access Points allows unauthenticated RCE with root privileges.
CVSSv3
10
Release Date
11/6/2024
Products
Cisco URWB
References
Link
Vulnerability
OS command injection in D-Link DNS-320/325/340L (cgi_user_add function). Public exploit exists.
CVSSv3
9.8
Release Date
11/6/2024
Products
D-Link
References
Link
Vulnerability
OS command injection in D-Link DNS-320/325/340L (cgi_user_add function). Public exploit exists.
CVSSv3
9.8
Release Date
11/6/2024
Products
D-Link
References
Link
Vulnerability
IP authentication spoofing vulnerability in ZooKeeper Admin Server allows bypass. Upgrade to 3.9.3.
CVSSv3
9.1
Release Date
11/7/2024
Products
Apache ZooKeeper
References
Link
Vulnerability
OS command injection in Dell SONiC OS 4.1.x/4.2.x allows RCE with elevated privileges.
CVSSv3
9.1
Release Date
11/8/2024
Products
Dell SONiC OS
References
Link
Vulnerability
Missing authentication step in Dell SONiC OS 4.1.x/4.2.x allows protection bypass.
CVSSv3
9.8
Release Date
11/8/2024
Products
Dell SONiC OS
References
Link
Vulnerability
OS command injection in Dell SONiC OS 4.1.x/4.2.x allows RCE with elevated privileges.
CVSSv3
9.1
Release Date
11/8/2024
Products
Dell SONiC OS
References
Link
Vulnerability
Missing authentication in Fortinet FortiManager/Proxy versions allows unauthorized RCE.
CVSSv3
9.8
Release Date
11/12/2024
Products
Fortinet FortiManager
References
Link
Vulnerability
SQL injection in Ivanti Endpoint Manager allows unauthenticated RCE.
CVSSv3
9.8
Release Date
11/12/2024
Products
Ivanti
References
Link
Vulnerability
Command injection in Ivanti Connect Secure pre-22.7R2.1 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/12/2024
Products
Ivanti
References
Link
Vulnerability
Command injection in Ivanti Connect Secure pre-22.7R2.1 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/12/2024
Products
Ivanti
References
Link
Vulnerability
Command injection in Ivanti Connect Secure pre-22.7R2.1 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/12/2024
Products
Ivanti
References
Link
Vulnerability
RCE vulnerability in Windows KDC Proxy.
CVSSv3
9.8
Release Date
11/12/2024
Products
Microsoft
References
Link
Vulnerability
RCE vulnerability in Azure CycleCloud.
CVSSv3
9.9
Release Date
11/12/2024
Products
Microsoft
References
Link
Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
CVSSv3
9.8
Release Date
11/12/2024
Products
Microsoft
References
Link
Vulnerability
Input validation flaw in RUGGEDCOM routers allows remote RCE.
CVSSv3
9.8
Release Date
11/12/2024
Products
Siemens
References
Link
Vulnerability
API input validation flaw in SINEC INS <V1.0 SP2 Update 3 allows authenticated RCE.
CVSSv3
9.4
Release Date
11/12/2024
Products
Siemens
References
Link
Vulnerability
SFTP path flaw in SINEC INS <V1.0 SP2 Update 3 allows remote code manipulation.
CVSSv3
9.9
Release Date
11/12/2024
Products
Siemens
References
Link
Vulnerability
Deserialization in PP TeleControl Server <V3.1.2.1 allows RCE.
CVSSv3
10
Release Date
11/12/2024
Products
Siemens
References
Link
Vulnerability
Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/13/2024
Products
Ivanti
References
Link
Vulnerability
Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/13/2024
Products
Ivanti
References
Link
Vulnerability
Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/13/2024
Products
Ivanti
References
Link
Vulnerability
Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.2 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/13/2024
Products
Ivanti
References
Link
Vulnerability
Argument injection in Ivanti Connect Secure/Policy Secure pre-22.7R2.1 allows authenticated RCE.
CVSSv3
9.1
Release Date
11/13/2024
Products
Ivanti
References
Link
Vulnerability
Rancher stores vSphere CPI/CSI credentials in plaintext, exposing sensitive data.
CVSSv3
9.1
Release Date
11/13/2024
Products
SUSE
References
Link
Vulnerability
Unchecked return value in Traffic Server 9.2.0–10.0.1 retains privileges. Upgrade to 9.2.6/10.0.2.
CVSSv3
9.1
Release Date
11/14/2024
Products
Apache Traffic Server
References
Link
| Vulnerability | CVSSv3 | Products | Release Date | References | ||
|---|---|---|---|---|---|---|
| XSS vulnerability in Adobe Connect allows malicious script injection | 9.3 | Adobe Connect | 12/10/2024 | Link | ||
| TOCTOU race condition vulnerability in Apache Tomcat | 9.8 | Apache Tomcat | 12/20/2024 | Link | ||
| File upload flaw in Apache Struts enables RCE via path traversal | 9.5 | Apache Struts | 12/11/2024 | Link | ||
| Deserialization flaw in Apache MINA allows RCE via malicious serialized data | 10 | Apache MINA | 12/25/2024 | Link | ||
| TOCTOU race condition in JSP compilation affects Apache Tomcat | 9.8 | Apache Tomcat | 12/17/2024 | Link | ||
| SQL injection vulnerability in Apache Traffic Control Traffic Ops enables arbitrary SQL execution | 9.9 | Apache Traffic Control | 12/23/2024 | Link | ||
| Authentication bypass in Apache HugeGraph-Server | 9.8 | Apache HugeGraph-Server | 12/24/2024 | Link | ||
| Memory handling issues in Apple devices like watchOS, iOS, macOS, and Safari could lead to memory corruption | 9.8 | Apple | 12/12/2024 | Link | ||
| Out-of-bounds access in macOS Sequoia may lead to arbitrary code execution | 9.8 | Apple | 12/12/2024 | Link | ||
| Network traffic alteration in macOS and iOS | 9.8 | Apple | 12/12/2024 | Link | ||
| Logic issue in macOS Sequoia allows privilege escalation | 9.8 | Apple | 12/12/2024 | Link | ||
| Unexpected system termination or arbitrary code execution in DCP firmware in iOS and iPadOS | 9.8 | Apple | 12/12/2024 | Link | ||
| Unexpected system termination or arbitrary code execution in DCP firmware in iOS and iPadOS | 9.8 | Apple | 12/12/2024 | Link | ||
| Unexpected system termination or arbitrary code execution in DCP firmware in iOS and iPadOS | 9.8 | Apple | 12/12/2024 | Link | ||
| Arbitrary command execution in Cleo Harmony, VLTrader, and LexiCom via default Autorun directory | 9.8 | Cleo | 12/13/2024 | Link | ||
| Improper link resolution in Dell PowerFlex products enables remote code execution | 10 | Dell | 12/10/2024 | Link | ||
| Path traversal in Fortinet FortiWLM allows unauthorized code execution | 9.8 | Fortinet | 12/18/2024 | Link | ||
| Path traversal in Fortinet FortiWAN allows file deletion and admin password reset | 9.8 | Fortinet | 12/19/2024 | Link | ||
| Logic error in kernel code allows privilege escalation via UAF vulnerability | 10 | Android | 12/18/2024 | Link | ||
| Out-of-bounds read in isSlotMarkedSuccessful leads to information disclosure | 10 | Android | 12/18/2024 | Link | ||
| Out-of-bounds write in dhd_prot_flowrings_pool_release causes privilege escalation | 10 | Android | 12/18/2024 | Link | ||
| Incorrect bounds check in prop2cfg allows remote code execution | 9.8 | Android | 12/2/2024 | Link | ||
| Stack buffer overflow in handle_app_cur_val_response enables remote code execution | 9.8 | Android | 12/2/2024 | Link | ||
| Memory corruption in sg_remove_scat leads to privilege escalation with system-level privileges | 10 | Android | 12/4/2024 | Link | ||
| Out-of-bound writes in store_upgrade lead to privilege escalation | 9.8 | Android | 12/5/2024 | Link | ||
| EL injection vulnerability in IBM Cognos Analytics allows memory leaks and server crashes | 9 | IBM | 12/20/2024 | Link | ||
| Malicious file upload vulnerability in IBM Cognos Controller | 9.8 | IBM | 12/3/2024 | Link | ||
| Web link vulnerability in IBM Engineering Insights exposes sensitive information | 9.8 | IBM | 12/25/2024 | Link | ||
| Unrestricted file type attachments in IBM Cognos Controller Journal entry allow malicious uploads | 9.8 | IBM | 12/3/2024 | Link | ||
| Improper file type validation in IBM Cognos Controller Journal entry allows malicious file uploads | 9.8 | IBM | 12/3/2024 | Link |
Vulnerability
XSS vulnerability in Adobe Connect allows malicious script injection
CVSSv3
9.3
Products
Adobe Connect
Release Date
12/10/2024
References
Link
Vulnerability
TOCTOU race condition vulnerability in Apache Tomcat
CVSSv3
9.8
Products
Apache Tomcat
Release Date
12/20/2024
References
Link
Vulnerability
File upload flaw in Apache Struts enables RCE via path traversal
CVSSv3
9.5
Products
Apache Struts
Release Date
12/11/2024
References
Link
Vulnerability
Deserialization flaw in Apache MINA allows RCE via malicious serialized data
CVSSv3
10
Products
Apache MINA
Release Date
12/25/2024
References
Link
Vulnerability
TOCTOU race condition in JSP compilation affects Apache Tomcat
CVSSv3
9.8
Products
Apache Tomcat
Release Date
12/17/2024
References
Link
Vulnerability
SQL injection vulnerability in Apache Traffic Control Traffic Ops enables arbitrary SQL execution
CVSSv3
9.9
Products
Apache Traffic Control
Release Date
12/23/2024
References
Link
Vulnerability
Authentication bypass in Apache HugeGraph-Server
CVSSv3
9.8
Products
Apache HugeGraph-Server
Release Date
12/24/2024
References
Link
Vulnerability
Memory handling issues in Apple devices like watchOS, iOS, macOS, and Safari could lead to memory corruption
CVSSv3
9.8
Products
Apple
Release Date
12/12/2024
References
Link
Vulnerability
Out-of-bounds access in macOS Sequoia may lead to arbitrary code execution
CVSSv3
9.8
Products
Apple
Release Date
12/12/2024
References
Link
Vulnerability
Network traffic alteration in macOS and iOS
CVSSv3
9.8
Products
Apple
Release Date
12/12/2024
References
Link
Vulnerability
Logic issue in macOS Sequoia allows privilege escalation
CVSSv3
9.8
Products
Apple
Release Date
12/12/2024
References
Link
Vulnerability
Unexpected system termination or arbitrary code execution in DCP firmware in iOS and iPadOS
CVSSv3
9.8
Products
Apple
Release Date
12/12/2024
References
Link
Vulnerability
Unexpected system termination or arbitrary code execution in DCP firmware in iOS and iPadOS
CVSSv3
9.8
Products
Apple
Release Date
12/12/2024
References
Link
Vulnerability
Unexpected system termination or arbitrary code execution in DCP firmware in iOS and iPadOS
CVSSv3
9.8
Products
Apple
Release Date
12/12/2024
References
Link
Vulnerability
Arbitrary command execution in Cleo Harmony, VLTrader, and LexiCom via default Autorun directory
CVSSv3
9.8
Products
Cleo
Release Date
12/13/2024
References
Link
Vulnerability
Improper link resolution in Dell PowerFlex products enables remote code execution
CVSSv3
10
Products
Dell
Release Date
12/10/2024
References
Link
Vulnerability
Path traversal in Fortinet FortiWLM allows unauthorized code execution
CVSSv3
9.8
Products
Fortinet
Release Date
12/18/2024
References
Link
Vulnerability
Path traversal in Fortinet FortiWAN allows file deletion and admin password reset
CVSSv3
9.8
Products
Fortinet
Release Date
12/19/2024
References
Link
Vulnerability
Logic error in kernel code allows privilege escalation via UAF vulnerability
CVSSv3
10
Products
Android
Release Date
12/18/2024
References
Link
Vulnerability
Out-of-bounds read in isSlotMarkedSuccessful leads to information disclosure
CVSSv3
10
Products
Android
Release Date
12/18/2024
References
Link
Vulnerability
Out-of-bounds write in dhd_prot_flowrings_pool_release causes privilege escalation
CVSSv3
10
Products
Android
Release Date
12/18/2024
References
Link
Vulnerability
Incorrect bounds check in prop2cfg allows remote code execution
CVSSv3
9.8
Products
Android
Release Date
12/2/2024
References
Link
Vulnerability
Stack buffer overflow in handle_app_cur_val_response enables remote code execution
CVSSv3
9.8
Products
Android
Release Date
12/2/2024
References
Link
Vulnerability
Memory corruption in sg_remove_scat leads to privilege escalation with system-level privileges
CVSSv3
10
Products
Android
Release Date
12/4/2024
References
Link
Vulnerability
Out-of-bound writes in store_upgrade lead to privilege escalation
CVSSv3
9.8
Products
Android
Release Date
12/5/2024
References
Link
Vulnerability
EL injection vulnerability in IBM Cognos Analytics allows memory leaks and server crashes
CVSSv3
9
Products
IBM
Release Date
12/20/2024
References
Link
Vulnerability
Malicious file upload vulnerability in IBM Cognos Controller
CVSSv3
9.8
Products
IBM
Release Date
12/3/2024
References
Link
Vulnerability
Web link vulnerability in IBM Engineering Insights exposes sensitive information
CVSSv3
9.8
Products
IBM
Release Date
12/25/2024
References
Link
Vulnerability
Unrestricted file type attachments in IBM Cognos Controller Journal entry allow malicious uploads
CVSSv3
9.8
Products
IBM
Release Date
12/3/2024
References
Link
Vulnerability
Improper file type validation in IBM Cognos Controller Journal entry allows malicious file uploads
CVSSv3
9.8
Products
IBM
Release Date
12/3/2024
References
Link
January
February
May
June
July
August
September
October
November
December
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 01 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 01 2023 | vooon | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 02 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 02 2023 | vooon | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 03 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 03 2023 | vooon | Link | ||
| Fortinet FortiTester os command injection | 8.3 | Jan, 03 2023 | Fortinet | Link | ||
| Fortinet FortiADC HTTP Request os command injection | 8.6 | Jan, 03 2023 | Fortinet | Link | ||
| Apache Dubbo Telnet deserialization | 9.6 | Jan, 03 2023 | Apache | Link | ||
| User Post Gallery Plugin command injection | 8.4 | Jan, 03 2023 | User | Link | ||
| User Post Gallery Plugin authorization | 8.4 | Jan, 03 2023 | User | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 04 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 04 2023 | vooon | Link | ||
| Fortinet FortiTester os command injection | 8.3 | Jan, 04 2023 | Fortinet | Link | ||
| Fortinet FortiADC HTTP Request os command injection | 8.6 | Jan, 04 2023 | Fortinet | Link | ||
| Apache Dubbo Telnet deserialization | 9.6 | Jan, 04 2023 | Apache | Link | ||
| User Post Gallery Plugin command injection | 8.4 | Jan, 04 2023 | User | Link | ||
| User Post Gallery Plugin authorization | 8.4 | Jan, 05 2023 | User | Link | ||
| User Post Gallery Plugin authorization | 8.4 | Jan, 04 2023 | User | Link | ||
| KubePi hard-coded credentials | 8.9 | Jan, 04 2023 | KubePi | Link | ||
| Apache DolphinScheduler Script Alert Plugin Parameter input validation | 8.0 | Jan, 04 2023 | Apache | Link | ||
| perfSONAR file URL Privilege Escalation | 7.5 | Jan, 05 2023 | perfSONAR | Link | ||
| vooon ntpd_driver Source Code access control | 7.9 | Jan, 05 2023 | vooon | Link | ||
| Fortinet FortiTester os command injection | 8.3 | Jan, 05 2023 | Fortinet | Link | ||
| Fortinet FortiADC HTTP Request os command injection | 8.6 | Jan, 05 2023 | Fortinet | Link | ||
| Apache Dubbo Telnet deserialization | 9.6 | Jan, 05 2023 | Apache | Link | ||
| User Post Gallery Plugin command injection | 8.4 | Jan, 05 2023 | User | Link | ||
| KubePi hard-coded credentials | 8.9 | Jan, 05 2023 | KubePi | Link | ||
| Apache DolphinScheduler Script Alert Plugin Parameter input validation | 8.0 | Jan, 05 2023 | Apache | Link | ||
| Hitachi Energy UNEM R16A hard-coded key | 8.0 | Jan, 05 2023 | perfSONAR | Link |
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 01 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 01 2023
Products
vooon
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 02 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 02 2023
Products
vooon
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 03 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 03 2023
Products
vooon
References
Link
Vulnerability
Fortinet FortiTester os command injection
CVSSv3
8.3
Release Date
Jan, 03 2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiADC HTTP Request os command injection
CVSSv3
8.6
Release Date
Jan, 03 2023
Products
Fortinet
References
Link
Vulnerability
Apache Dubbo Telnet deserialization
CVSSv3
9.6
Release Date
Jan, 03 2023
Products
Apache
References
Link
Vulnerability
User Post Gallery Plugin command injection
CVSSv3
8.4
Release Date
Jan, 03 2023
Products
User
References
Link
Vulnerability
User Post Gallery Plugin authorization
CVSSv3
8.4
Release Date
Jan, 03 2023
Products
User
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 04 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 04 2023
Products
vooon
References
Link
Vulnerability
Fortinet FortiTester os command injection
CVSSv3
8.3
Release Date
Jan, 04 2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiADC HTTP Request os command injection
CVSSv3
8.6
Release Date
Jan, 04 2023
Products
Fortinet
References
Link
Vulnerability
Apache Dubbo Telnet deserialization
CVSSv3
9.6
Release Date
Jan, 04 2023
Products
Apache
References
Link
Vulnerability
User Post Gallery Plugin command injection
CVSSv3
8.4
Release Date
Jan, 04 2023
Products
User
References
Link
Vulnerability
User Post Gallery Plugin authorization
CVSSv3
8.4
Release Date
Jan, 05 2023
Products
User
References
Link
Vulnerability
User Post Gallery Plugin authorization
CVSSv3
8.4
Release Date
Jan, 04 2023
Products
User
References
Link
Vulnerability
KubePi hard-coded credentials
CVSSv3
8.9
Release Date
Jan, 04 2023
Products
KubePi
References
Link
Vulnerability
Apache DolphinScheduler Script Alert Plugin Parameter input validation
CVSSv3
8.0
Release Date
Jan, 04 2023
Products
Apache
References
Link
Vulnerability
perfSONAR file URL Privilege Escalation
CVSSv3
7.5
Release Date
Jan, 05 2023
Products
perfSONAR
References
Link
Vulnerability
vooon ntpd_driver Source Code access control
CVSSv3
7.9
Release Date
Jan, 05 2023
Products
vooon
References
Link
Vulnerability
Fortinet FortiTester os command injection
CVSSv3
8.3
Release Date
Jan, 05 2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiADC HTTP Request os command injection
CVSSv3
8.6
Release Date
Jan, 05 2023
Products
Fortinet
References
Link
Vulnerability
Apache Dubbo Telnet deserialization
CVSSv3
9.6
Release Date
Jan, 05 2023
Products
Apache
References
Link
Vulnerability
User Post Gallery Plugin command injection
CVSSv3
8.4
Release Date
Jan, 05 2023
Products
User
References
Link
Vulnerability
KubePi hard-coded credentials
CVSSv3
8.9
Release Date
Jan, 05 2023
Products
KubePi
References
Link
Vulnerability
Apache DolphinScheduler Script Alert Plugin Parameter input validation
CVSSv3
8.0
Release Date
Jan, 05 2023
Products
Apache
References
Link
Vulnerability
Hitachi Energy UNEM R16A hard-coded key
CVSSv3
8.0
Release Date
Jan, 05 2023
Products
perfSONAR
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Linux Kernel io_uring io_prep_async_work use after free | 8.1 | Feb, 01 2023 | Linux | Link | ||
| Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | 7.5 | Feb, 01 2023 | Linux | Link | ||
| fLinux Kernel io_uring io_prep_async_work use after free | 8.4 | Feb, 01 2023 | QNAP | Link | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | 8.0 | Feb, 01 2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Control Expert authentication replay | 8.1 | Feb, 01 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller improper authentication | 9.6 | Feb, 01 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller weak password | 8.4 | Feb, 01 2023 | Schneider | Link | ||
| Motorola MR2600 input validation | 7.5 | Feb, 01 2023 | Motorola | Link | ||
| Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | 7.8 | Feb, 01 2023 | Schneider | Link | ||
| F5 BIG-IP iControl SOAP format string | 8.2 | Feb, 01 2023 | F5 | Link | ||
| F5 BIG-IP Edge Client Installer uncontrolled search path | 8.1 | Feb, 01 2023 | F5 | Link | ||
| Atlassian Jira Service Management Server and Data Center improper authentication | 8.3 | Feb, 01 2023 | Atlassian | Link | ||
| Linux Kernel io_uring io_prep_async_work use after free | 8.1 | Feb, 02 2023 | Linux | Link | ||
| Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | 7.5 | Feb, 02 2023 | Linux | Link | ||
| QNAP QuTS hero/QTS sql injection | 8.4 | Feb, 02 2023 | QNAP | Link | ||
| Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization | 8.0 | Feb, 02 2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Control Expert authentication replay | 8.1 | Feb, 02 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller improper authentication | 9.6 | Feb, 02 2023 | Schneider | Link | ||
| Schneider Electric C-Bus Network Automation Controller weak password | 8.4 | Feb, 02 2023 | Schneider | Link | ||
| Motorola MR2600 input validation | 7.5 | Feb, 02 2023 | Motorola | Link | ||
| Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication | 7.8 | Feb, 02 2023 | Schneider | Link | ||
| F5 BIG-IP iControl SOAP format string | 8.2 | Feb, 02 2023 | F5 | Link | ||
| F5 BIG-IP Edge Client Installer uncontrolled search path | 8.1 | Feb, 02 2023 | F5 | Link | ||
| Atlassian Jira Service Management Server and Data Center improper authentication | 8.3 | Feb, 02 2023 | Atlassian | Link | ||
| Delta Electronics DIAScreen out-of-bounds write | 8.4 | Feb, 02 2023 | Delta | Link | ||
| Delta Electronics DIAScreen stack-based overflow | 8.4 | Feb, 02 2023 | Delta | Link | ||
| Netgear WNR612v2 Firmware Image unrestricted upload | 7.5 | Feb, 02 2023 | Netgear | Link | ||
| Linux Kernel io_uring io_prep_async_work use after free | 8.1 | Feb, 03 2023 | Linux | Link | ||
| Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free | 7.5 | Feb, 03 2023 | Linux | Link | ||
| QNAP QuTS hero/QTS sql injection | 8.4 | Feb, 03 2023 | QNAP | Link |
Vulnerability
Linux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.1
Release Date
Feb, 01 2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free
CVSSv3
7.5
Release Date
Feb, 01 2023
Products
Linux
References
Link
Vulnerability
fLinux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.4
Release Date
Feb, 01 2023
Products
QNAP
References
Link
Vulnerability
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization
CVSSv3
8.0
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Control Expert authentication replay
CVSSv3
8.1
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller improper authentication
CVSSv3
9.6
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller weak password
CVSSv3
8.4
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
Motorola MR2600 input validation
CVSSv3
7.5
Release Date
Feb, 01 2023
Products
Motorola
References
Link
Vulnerability
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication
CVSSv3
7.8
Release Date
Feb, 01 2023
Products
Schneider
References
Link
Vulnerability
F5 BIG-IP iControl SOAP format string
CVSSv3
8.2
Release Date
Feb, 01 2023
Products
F5
References
Link
Vulnerability
F5 BIG-IP Edge Client Installer uncontrolled search path
CVSSv3
8.1
Release Date
Feb, 01 2023
Products
F5
References
Link
Vulnerability
Atlassian Jira Service Management Server and Data Center improper authentication
CVSSv3
8.3
Release Date
Feb, 01 2023
Products
Atlassian
References
Link
Vulnerability
Linux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.1
Release Date
Feb, 02 2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free
CVSSv3
7.5
Release Date
Feb, 02 2023
Products
Linux
References
Link
Vulnerability
QNAP QuTS hero/QTS sql injection
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
QNAP
References
Link
Vulnerability
Schneider Electric EcoStruxure Geo SCADA Expert 2019 Message improper authorization
CVSSv3
8.0
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Control Expert authentication replay
CVSSv3
8.1
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller improper authentication
CVSSv3
9.6
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric C-Bus Network Automation Controller weak password
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
Motorola MR2600 input validation
CVSSv3
7.5
Release Date
Feb, 02 2023
Products
Motorola
References
Link
Vulnerability
Schneider Electric IGSS Data Server IGSSdataServer.exe missing authentication
CVSSv3
7.8
Release Date
Feb, 02 2023
Products
Schneider
References
Link
Vulnerability
F5 BIG-IP iControl SOAP format string
CVSSv3
8.2
Release Date
Feb, 02 2023
Products
F5
References
Link
Vulnerability
F5 BIG-IP Edge Client Installer uncontrolled search path
CVSSv3
8.1
Release Date
Feb, 02 2023
Products
F5
References
Link
Vulnerability
Atlassian Jira Service Management Server and Data Center improper authentication
CVSSv3
8.3
Release Date
Feb, 02 2023
Products
Atlassian
References
Link
Vulnerability
Delta Electronics DIAScreen out-of-bounds write
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
Delta
References
Link
Vulnerability
Delta Electronics DIAScreen stack-based overflow
CVSSv3
8.4
Release Date
Feb, 02 2023
Products
Delta
References
Link
Vulnerability
Netgear WNR612v2 Firmware Image unrestricted upload
CVSSv3
7.5
Release Date
Feb, 02 2023
Products
Netgear
References
Link
Vulnerability
Linux Kernel io_uring io_prep_async_work use after free
CVSSv3
8.1
Release Date
Feb, 03 2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ALSA PCM Package SNDRV_CTL_IOCTL_ELEM_WRITE use after free
CVSSv3
7.5
Release Date
Feb, 03 2023
Products
Linux
References
Link
Vulnerability
QNAP QuTS hero/QTS sql injection
CVSSv3
8.4
Release Date
Feb, 03 2023
Products
QNAP
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| CODESYS Development System inadequate encryption | 7.9 | 05/15/2023 | CODESYS | Link | ||
| WAGO Compact Controller CC100 Device Configuration os command injection | 9.6 | 05/15/2023 | WAGO | Link | ||
| SICK FTMg Air Flow Sensor REST Interface resource consumption | 7.5 | 05/15/2023 | SICK | Link | ||
| CODESYS Control CmpTraceMgr out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control CmpTraceMgr out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| CODESYS Control out-of-bounds write | 8.6 | 05/15/2023 | CODESYS | Link | ||
| vm2 injection | 9.6 | 05/16/2023 | vm2 | Link | ||
| Synology Router Manager os command injection | 8.8 | 05/16/2023 | Synology | Link | ||
| Synology Router Manager os command injection | 9.6 | 05/16/2023 | Synology | Link | ||
| Snap One OvrC Pro Firmware Signature data authenticity | 9.4 | 05/16/2023 | Snap | Link | ||
| posstaticblocks getPosCurrentHook sql injection | 8.5 | 05/17/2023 | posstaticblocks | Link | ||
| ABB Terra AC improper authentication | 8.8 | 05/17/2023 | ABB | Link | ||
| IBM PowerVM Logical Partition access control | 8.5 | 05/17/2023 | IBM | Link | ||
| Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link | ||
| Linux Kernel ksmbd race condition | 9.4 | 05/18/2023 | Linux | Link | ||
| Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link | ||
| Linux Kernel ksmbd race condition | 7.7 | 05/18/2023 | Linux | Link | ||
| mlflow path traversal | 8.4 | 05/18/2023 | mlflow | Link | ||
| cdesigner initContent sql injection | 8.4 | 05/18/2023 | cdesigner | Link | ||
| cups-filters Backend Error beh.c os command injection | 8.6 | 05/18/2023 | cups-filters | Link | ||
| Acronis Home Office signature verification | 7.6 | 05/18/2023 | Acronis | Link |
Vulnerability
CODESYS Development System inadequate encryption
CVSSv3
7.9
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
WAGO Compact Controller CC100 Device Configuration os command injection
CVSSv3
9.6
Release Date
05/15/2023
Products
WAGO
References
Link
Vulnerability
SICK FTMg Air Flow Sensor REST Interface resource consumption
CVSSv3
7.5
Release Date
05/15/2023
Products
SICK
References
Link
Vulnerability
CODESYS Control CmpTraceMgr out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control CmpTraceMgr out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
CODESYS Control out-of-bounds write
CVSSv3
8.6
Release Date
05/15/2023
Products
CODESYS
References
Link
Vulnerability
Synology Router Manager os command injection
CVSSv3
8.8
Release Date
05/16/2023
Products
Synology
References
Link
Vulnerability
Synology Router Manager os command injection
CVSSv3
9.6
Release Date
05/16/2023
Products
Synology
References
Link
Vulnerability
Snap One OvrC Pro Firmware Signature data authenticity
CVSSv3
9.4
Release Date
05/16/2023
Products
Snap
References
Link
Vulnerability
posstaticblocks getPosCurrentHook sql injection
CVSSv3
8.5
Release Date
05/17/2023
Products
posstaticblocks
References
Link
Vulnerability
ABB Terra AC improper authentication
CVSSv3
8.8
Release Date
05/17/2023
Products
ABB
References
Link
Vulnerability
IBM PowerVM Logical Partition access control
CVSSv3
8.5
Release Date
05/17/2023
Products
IBM
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
7.7
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
9.4
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
7.7
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
Linux Kernel ksmbd race condition
CVSSv3
7.7
Release Date
05/18/2023
Products
Linux
References
Link
Vulnerability
mlflow path traversal
CVSSv3
8.4
Release Date
05/18/2023
Products
mlflow
References
Link
Vulnerability
cdesigner initContent sql injection
CVSSv3
8.4
Release Date
05/18/2023
Products
cdesigner
References
Link
Vulnerability
cups-filters Backend Error beh.c os command injection
CVSSv3
8.6
Release Date
05/18/2023
Products
cups-filters
References
Link
Vulnerability
Acronis Home Office signature verification
CVSSv3
7.6
Release Date
05/18/2023
Products
Acronis
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Deno/deno_runtime node:http/node:https privileges management | 7.8 | 06/01/2023 | Deno/deno_runtime | Link | ||
| Linux Kernel xfs_btree.c xfs_btree_lookup_get_block use after free | 7.6 | 06/01/2023 | Linux | Link | ||
| VIPRE Antivirus Plus link following | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus SetPrivateConfig path traversal | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus DeleteHistoryFile path traversal | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus TelFileTransfer link following | 7.8 | 06/01/2023 | VIPRE | Link | ||
| VIPRE Antivirus Plus FPQuarTransfer link following | 7.8 | 06/01/2023 | VIPRE | Link | ||
| Gallagher Controller 6000 Controller Diagnostic Web Interface buffer overflow | 8.0 | 06/01/2023 | Gallagher | Link | ||
| Sprecher SPRECON-E CPU hard-coded credentials | 9.8 | 06/01/2023 | Sprecher | Link | ||
| Hangzhou Hopechart HQT401 MQTT improper authentication | 7.9 | 06/01/2023 | Hangzhou | Link | ||
| SUSE Rancher privileges management | 7.9 | 06/01/2023 | SUSE | Link | ||
| SUSE Rancher Azure AD privileges management | 7.8 | 06/01/2023 | SUSE | Link | ||
| Dell OS Recovery Tool access control | 7.6 | 06/01/2023 | Dell | Link | ||
| Brook tproxy Server os command injection | 8.6 | 06/01/2023 | Brook | Link | ||
| DataEase Datasource deserialization | 8.4 | 06/01/2023 | DataEase | Link | ||
| Erikoglu ErMon sql injection | 9.6 | 06/02/2023 | Erikoglu | Link | ||
| Hitron CODA-5310 System Configuration Interface missing authentication | 8.5 | 06/02/2023 | Hitron | Link | ||
| Hitron CODA-5310 Telnet hard-coded credentials | 9.8 | 06/02/2023 | Hitron | Link | ||
| Wade Graphic Design FANTSY URL Parameter authorization | 9.8 | 06/02/2023 | Wade | Link | ||
| Wade Graphic Design FANTSY unrestricted upload | 7.5 | 06/02/2023 | Wade | Link | ||
| ARM Mali GPU Kernel Driver use after free | 7.5 | 06/02/2023 | ARM | Link | ||
| Furbo Dog Camera Device Log Management command injection | 9.3 | 06/02/2023 | Furbo | Link | ||
| Asus RT-AC86U Web URL os command injection | 8.8 | 06/02/2023 | Asus | Link | ||
| Elite Technology Web Fax Login Page sql injection | 8.5 | 06/02/2023 | Elite | Link | ||
| SGUDA U-Lock API authorization | 7.5 | 06/02/2023 | SGUDA | Link | ||
| SGUDA U-Lock Lock Management authorization | 8.8 | 06/02/2023 | SGUDA | Link | ||
| SailPoint IdentityIQ Java Constructor unknown vulnerability | 7.9 | 06/05/2023 | SailPoint | Link | ||
| ABB ASPECT Enterprise privileges management | 7.6 | 06/05/2023 | ABB | Link | ||
| IBM Aspera Connect/Aspera Cargo buffer overflow | 7.9 | 06/05/2023 | IBM | Link | ||
| Mobatime AMXGT100 improper authentication | 9.5 | 06/05/2023 | Mobatime | Link |
Vulnerability
Deno/deno_runtime node:http/node:https privileges management
CVSSv3
7.8
Release Date
06/01/2023
Products
Deno/deno_runtime
References
Link
Vulnerability
Linux Kernel xfs_btree.c xfs_btree_lookup_get_block use after free
CVSSv3
7.6
Release Date
06/01/2023
Products
Linux
References
Link
Vulnerability
VIPRE Antivirus Plus link following
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus SetPrivateConfig path traversal
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus DeleteHistoryFile path traversal
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus TelFileTransfer link following
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
VIPRE Antivirus Plus FPQuarTransfer link following
CVSSv3
7.8
Release Date
06/01/2023
Products
VIPRE
References
Link
Vulnerability
Gallagher Controller 6000 Controller Diagnostic Web Interface buffer overflow
CVSSv3
8.0
Release Date
06/01/2023
Products
Gallagher
References
Link
Vulnerability
Sprecher SPRECON-E CPU hard-coded credentials
CVSSv3
9.8
Release Date
06/01/2023
Products
Sprecher
References
Link
Vulnerability
Hangzhou Hopechart HQT401 MQTT improper authentication
CVSSv3
7.9
Release Date
06/01/2023
Products
Hangzhou
References
Link
Vulnerability
SUSE Rancher privileges management
CVSSv3
7.9
Release Date
06/01/2023
Products
SUSE
References
Link
Vulnerability
SUSE Rancher Azure AD privileges management
CVSSv3
7.8
Release Date
06/01/2023
Products
SUSE
References
Link
Vulnerability
Dell OS Recovery Tool access control
CVSSv3
7.6
Release Date
06/01/2023
Products
Dell
References
Link
Vulnerability
Brook tproxy Server os command injection
CVSSv3
8.6
Release Date
06/01/2023
Products
Brook
References
Link
Vulnerability
DataEase Datasource deserialization
CVSSv3
8.4
Release Date
06/01/2023
Products
DataEase
References
Link
Vulnerability
Erikoglu ErMon sql injection
CVSSv3
9.6
Release Date
06/02/2023
Products
Erikoglu
References
Link
Vulnerability
Hitron CODA-5310 System Configuration Interface missing authentication
CVSSv3
8.5
Release Date
06/02/2023
Products
Hitron
References
Link
Vulnerability
Hitron CODA-5310 Telnet hard-coded credentials
CVSSv3
9.8
Release Date
06/02/2023
Products
Hitron
References
Link
Vulnerability
Wade Graphic Design FANTSY URL Parameter authorization
CVSSv3
9.8
Release Date
06/02/2023
Products
Wade
References
Link
Vulnerability
Wade Graphic Design FANTSY unrestricted upload
CVSSv3
7.5
Release Date
06/02/2023
Products
Wade
References
Link
Vulnerability
ARM Mali GPU Kernel Driver use after free
CVSSv3
7.5
Release Date
06/02/2023
Products
ARM
References
Link
Vulnerability
Furbo Dog Camera Device Log Management command injection
CVSSv3
9.3
Release Date
06/02/2023
Products
Furbo
References
Link
Vulnerability
Asus RT-AC86U Web URL os command injection
CVSSv3
8.8
Release Date
06/02/2023
Products
Asus
References
Link
Vulnerability
Elite Technology Web Fax Login Page sql injection
CVSSv3
8.5
Release Date
06/02/2023
Products
Elite
References
Link
Vulnerability
SGUDA U-Lock API authorization
CVSSv3
7.5
Release Date
06/02/2023
Products
SGUDA
References
Link
Vulnerability
SGUDA U-Lock Lock Management authorization
CVSSv3
8.8
Release Date
06/02/2023
Products
SGUDA
References
Link
Vulnerability
SailPoint IdentityIQ Java Constructor unknown vulnerability
CVSSv3
7.9
Release Date
06/05/2023
Products
SailPoint
References
Link
Vulnerability
ABB ASPECT Enterprise privileges management
CVSSv3
7.6
Release Date
06/05/2023
Products
ABB
References
Link
Vulnerability
IBM Aspera Connect/Aspera Cargo buffer overflow
CVSSv3
7.9
Release Date
06/05/2023
Products
IBM
References
Link
Vulnerability
Mobatime AMXGT100 improper authentication
CVSSv3
9.5
Release Date
06/05/2023
Products
Mobatime
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Netgear RAX50 Certificate Validation curl_post certificate validation | 7.7 | 07/01/2023 | Netgear | Link | ||
| D-Link DIR-X3260 prog.cgi SOAPAction command injection | 8.4 | 07/01/2023 | D-Link | Link | ||
| Netgear RAX30 UPnP command injection | 8.4 | 07/01/2023 | Netgear | Link | ||
| Hero Qubo Telnet Service missing authentication | 8.2 | 07/04/2023 | Hero | Link | ||
| NVIDIA Virtual GPU Manager vGPU software improper authorization | 7.8 | 07/04/2023 | NVIDIA | Link | ||
| Qualcomm 315 5G IoT Modem WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCA9898 Data Modem memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm AR8035 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm 315 5G IoT Modem Audio memory corruption | 7.9 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCN9074 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCA9994 VX memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm QCN9012 WLAN Host memory corruption | 7.6 | 07/04/2023 | Qualcomm | Link | ||
| Qualcomm FastConnect 6700 Audio memory corruption | 7.9 | 07/04/2023 | Qualcomm | Link | ||
| Samsung Smart Phone RILD RmtUimNeedApdu out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD IpcRxUsimPhoneBookCapa out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD BroadcastSmsConfig out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD IpcRxIncomingCBMsg out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Samsung Smart Phone RILD CdmaSmsParser out-of-bounds write | 7.6 | 07/06/2023 | Samsung | Link | ||
| Huawei EMUI/Magic UI uinput use after free | 7.8 | 07/06/2023 | Huawei | Link | ||
| PiiGAB M-Bus SoftwarePack 900S hard-coded credentials | 9.4 | 07/06/2023 | PiiGAB | Link | ||
| PiiGAB M-Bus SoftwarePack 900S code injection | 8.4 | 07/06/2023 | PiiGAB | Link | ||
| Mastodon Media File path traversal | 7.9 | 07/06/2023 | Mastodon | Link | ||
| authentik Header interpretation conflict | 7.6 | 07/06/2023 | authentik | Link | ||
| Linux Kernel UDF Filesystem Image super.c udf_put_super use after free | 7.8 | 07/06/2023 | Linux | Link | ||
| openSUSE Tumbleweed hawk2 permission | 7.8 | 07/07/2023 | openSUSE | Link | ||
| MuJS Regexp Source Property denial of service | 7.5 | 07/08/2023 | MuJS | Link | ||
| OpenComputers Metadata Services API Endpoint server-side request forgery | 7.8 | 07/08/2023 | OpenComputers | Link | ||
| OpenComputers server-side request forgery | 7.8 | 07/08/2023 | OpenComputers | Link | ||
| SmartSoft SmartBPM.NET hard-coded credentials | 8.2 | 07/10/2023 | SmartSoft | Link | ||
| SmartSoft SmartBPM.NET hard-coded credentials | 8.5 | 07/10/2023 | SmartSoft | Link |
Vulnerability
Netgear RAX50 Certificate Validation curl_post certificate validation
CVSSv3
7.7
Release Date
07/01/2023
Products
Netgear
References
Link
Vulnerability
D-Link DIR-X3260 prog.cgi SOAPAction command injection
CVSSv3
8.4
Release Date
07/01/2023
Products
D-Link
References
Link
Vulnerability
Netgear RAX30 UPnP command injection
CVSSv3
8.4
Release Date
07/01/2023
Products
Netgear
References
Link
Vulnerability
Hero Qubo Telnet Service missing authentication
CVSSv3
8.2
Release Date
07/04/2023
Products
Hero
References
Link
Vulnerability
NVIDIA Virtual GPU Manager vGPU software improper authorization
CVSSv3
7.8
Release Date
07/04/2023
Products
NVIDIA
References
Link
Vulnerability
Qualcomm 315 5G IoT Modem WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9898 Data Modem memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AR8035 WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm 315 5G IoT Modem Audio memory corruption
CVSSv3
7.9
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN9074 WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9994 VX memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN9012 WLAN Host memory corruption
CVSSv3
7.6
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm FastConnect 6700 Audio memory corruption
CVSSv3
7.9
Release Date
07/04/2023
Products
Qualcomm
References
Link
Vulnerability
Samsung Smart Phone RILD RmtUimNeedApdu out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD IpcRxUsimPhoneBookCapa out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD BroadcastSmsConfig out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD IpcRxIncomingCBMsg out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Samsung Smart Phone RILD CdmaSmsParser out-of-bounds write
CVSSv3
7.6
Release Date
07/06/2023
Products
Samsung
References
Link
Vulnerability
Huawei EMUI/Magic UI uinput use after free
CVSSv3
7.8
Release Date
07/06/2023
Products
Huawei
References
Link
Vulnerability
PiiGAB M-Bus SoftwarePack 900S hard-coded credentials
CVSSv3
9.4
Release Date
07/06/2023
Products
PiiGAB
References
Link
Vulnerability
PiiGAB M-Bus SoftwarePack 900S code injection
CVSSv3
8.4
Release Date
07/06/2023
Products
PiiGAB
References
Link
Vulnerability
Mastodon Media File path traversal
CVSSv3
7.9
Release Date
07/06/2023
Products
Mastodon
References
Link
Vulnerability
authentik Header interpretation conflict
CVSSv3
7.6
Release Date
07/06/2023
Products
authentik
References
Link
Vulnerability
Linux Kernel UDF Filesystem Image super.c udf_put_super use after free
CVSSv3
7.8
Release Date
07/06/2023
Products
Linux
References
Link
Vulnerability
openSUSE Tumbleweed hawk2 permission
CVSSv3
7.8
Release Date
07/07/2023
Products
openSUSE
References
Link
Vulnerability
MuJS Regexp Source Property denial of service
CVSSv3
7.5
Release Date
07/08/2023
Products
MuJS
References
Link
Vulnerability
OpenComputers Metadata Services API Endpoint server-side request forgery
CVSSv3
7.8
Release Date
07/08/2023
Products
OpenComputers
References
Link
Vulnerability
OpenComputers server-side request forgery
CVSSv3
7.8
Release Date
07/08/2023
Products
OpenComputers
References
Link
Vulnerability
SmartSoft SmartBPM.NET hard-coded credentials
CVSSv3
8.2
Release Date
07/10/2023
Products
SmartSoft
References
Link
Vulnerability
SmartSoft SmartBPM.NET hard-coded credentials
CVSSv3
8.5
Release Date
07/10/2023
Products
SmartSoft
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Ajaxmanager File and Database Explorer unrestricted upload | 8.5 | 08/01/2023 | Ajaxmanager | Link | ||
| RaspAP raspap-webgui POST Parameter get_wgkey.php command injection | 8.0 | 08/01/2023 | RaspAP | Link | ||
| Inductive Automation Ignition missing authentication | 7.7 | 08/01/2023 | Inductive | Link | ||
| Eramba Community Edition/Enterprise Edition download-test-pdf code injection | 7.9 | 08/01/2023 | Eramba | Link | ||
| Aruba AOS-CX Command Line Interface command injection | 8.8 | 08/01/2023 | Aruba | Link | ||
| FreeBSD IPv6 Packet integer overflow | 7.5 | 08/02/2023 | FreeBSD | Link | ||
| Brocade Fabric OS Command path traversal | 7.6 | 08/02/2023 | Brocade | Link | ||
| Brocade Fabric OS fosexec Command Local Privilege Escalation | 7.6 | 08/02/2023 | Brocade | Link | ||
| Brocade Fabric OS privileges management | 7.6 | 08/02/2023 | Brocade | Link | ||
| F5 BIG-IP Edge Client Installer signature verification | 7.8 | 08/02/2023 | F5 | Link | ||
| Xiaomi Router External Interface command injection | 8.8 | 08/02/2023 | Xiaomi | Link | ||
| IBM SDK Java Technology Edition Data deserialization | 7.9 | 08/02/2023 | IBM | Link | ||
| CX-One CXONE-AL CXP File use after free | 5.5 | 08/03/2023 | CX-One | Link | ||
| CX-One CXONE-AL CXP File heap-based overflow | 7.5 | 08/03/2023 | CX-One | Link | ||
| CX-One CXONE-AL CXP File out-of-bounds | 7.5 | 08/03/2023 | CX-One | Link | ||
| Axis License Plate Verifier access control | 8.8 | 08/03/2023 | Axis | Link | ||
| Ivanti Endpoint Manager Mobile API improper authentication | 8.5 | 08/03/2023 | Ivanti | Link | ||
| Apple macOS VPN memory corruption | 7.5 | 08/03/2023 | Apple | Link | ||
| CODESYS Control memory corruption | 8.6 | 08/03/2023 | CODESYS | Link | ||
| Fabasoft Cloud Enterprise Client Local Privilege Escalation | 7.5 | 08/03/2023 | Fabasoft | Link | ||
| HCL Unica Platform Group Remote Code Execution | 7.9 | 08/04/2023 | HCL | Link | ||
| Metabase database code injection | 8.5 | 08/04/2023 | Metabase | Link | ||
| Triangle MicroWorks SCADA Data Gateway missing authentication | 9.4 | 08/04/2023 | Triangle | Link | ||
| Extreme Networks AP410C stack-based overflow | 8.4 | 08/04/2023 | Extreme | Link | ||
| omeka omeka-s unrestricted upload | 7.9 | 08/04/2023 | omeka | Link | ||
| CloudExplorer Lite Module Management os command injection | 8.4 | 08/04/2023 | CloudExplorer | Link | ||
| social-media-skeleton sql injection | 8.5 | 08/04/2023 | social-media-skeleton | Link | ||
| Knowage importTemplateFile path traversal | 7.9 | 08/04/2023 | Knowage | Link | ||
| Stormshield SSL VPN Client OpenVPN Local Privilege Escalation | 7.5 | 08/05/2023 | Stormshield | Link | ||
| instantsoft icms2 sql injection | 8.4 | 08/06/2023 | instantsoft | Link |
Vulnerability
Ajaxmanager File and Database Explorer unrestricted upload
CVSSv3
8.5
Release Date
08/01/2023
Products
Ajaxmanager
References
Link
Vulnerability
RaspAP raspap-webgui POST Parameter get_wgkey.php command injection
CVSSv3
8.0
Release Date
08/01/2023
Products
RaspAP
References
Link
Vulnerability
Inductive Automation Ignition missing authentication
CVSSv3
7.7
Release Date
08/01/2023
Products
Inductive
References
Link
Vulnerability
Eramba Community Edition/Enterprise Edition download-test-pdf code injection
CVSSv3
7.9
Release Date
08/01/2023
Products
Eramba
References
Link
Vulnerability
Aruba AOS-CX Command Line Interface command injection
CVSSv3
8.8
Release Date
08/01/2023
Products
Aruba
References
Link
Vulnerability
FreeBSD IPv6 Packet integer overflow
CVSSv3
7.5
Release Date
08/02/2023
Products
FreeBSD
References
Link
Vulnerability
Brocade Fabric OS Command path traversal
CVSSv3
7.6
Release Date
08/02/2023
Products
Brocade
References
Link
Vulnerability
Brocade Fabric OS fosexec Command Local Privilege Escalation
CVSSv3
7.6
Release Date
08/02/2023
Products
Brocade
References
Link
Vulnerability
Brocade Fabric OS privileges management
CVSSv3
7.6
Release Date
08/02/2023
Products
Brocade
References
Link
Vulnerability
F5 BIG-IP Edge Client Installer signature verification
CVSSv3
7.8
Release Date
08/02/2023
Products
F5
References
Link
Vulnerability
Xiaomi Router External Interface command injection
CVSSv3
8.8
Release Date
08/02/2023
Products
Xiaomi
References
Link
Vulnerability
IBM SDK Java Technology Edition Data deserialization
CVSSv3
7.9
Release Date
08/02/2023
Products
IBM
References
Link
Vulnerability
CX-One CXONE-AL CXP File use after free
CVSSv3
5.5
Release Date
08/03/2023
Products
CX-One
References
Link
Vulnerability
CX-One CXONE-AL CXP File heap-based overflow
CVSSv3
7.5
Release Date
08/03/2023
Products
CX-One
References
Link
Vulnerability
CX-One CXONE-AL CXP File out-of-bounds
CVSSv3
7.5
Release Date
08/03/2023
Products
CX-One
References
Link
Vulnerability
Axis License Plate Verifier access control
CVSSv3
8.8
Release Date
08/03/2023
Products
Axis
References
Link
Vulnerability
Ivanti Endpoint Manager Mobile API improper authentication
CVSSv3
8.5
Release Date
08/03/2023
Products
Ivanti
References
Link
Vulnerability
Apple macOS VPN memory corruption
CVSSv3
7.5
Release Date
08/03/2023
Products
Apple
References
Link
Vulnerability
CODESYS Control memory corruption
CVSSv3
8.6
Release Date
08/03/2023
Products
CODESYS
References
Link
Vulnerability
Fabasoft Cloud Enterprise Client Local Privilege Escalation
CVSSv3
7.5
Release Date
08/03/2023
Products
Fabasoft
References
Link
Vulnerability
HCL Unica Platform Group Remote Code Execution
CVSSv3
7.9
Release Date
08/04/2023
Products
HCL
References
Link
Vulnerability
Metabase database code injection
CVSSv3
8.5
Release Date
08/04/2023
Products
Metabase
References
Link
Vulnerability
Triangle MicroWorks SCADA Data Gateway missing authentication
CVSSv3
9.4
Release Date
08/04/2023
Products
Triangle
References
Link
Vulnerability
Extreme Networks AP410C stack-based overflow
CVSSv3
8.4
Release Date
08/04/2023
Products
Extreme
References
Link
Vulnerability
omeka omeka-s unrestricted upload
CVSSv3
7.9
Release Date
08/04/2023
Products
omeka
References
Link
Vulnerability
CloudExplorer Lite Module Management os command injection
CVSSv3
8.4
Release Date
08/04/2023
Products
CloudExplorer
References
Link
Vulnerability
social-media-skeleton sql injection
CVSSv3
8.5
Release Date
08/04/2023
Products
social-media-skeleton
References
Link
Vulnerability
Knowage importTemplateFile path traversal
CVSSv3
7.9
Release Date
08/04/2023
Products
Knowage
References
Link
Vulnerability
Stormshield SSL VPN Client OpenVPN Local Privilege Escalation
CVSSv3
7.5
Release Date
08/05/2023
Products
Stormshield
References
Link
Vulnerability
instantsoft icms2 sql injection
CVSSv3
8.4
Release Date
08/06/2023
Products
instantsoft
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Linux Kernel Netfilter Subsystem Local Privilege Escalation | 7.5 | 09/01/2023 | Linux | Link | ||
| Acronis Cloud Manager input validation | 8.2 | 09/01/2023 | Acronis | Link | ||
| Acronis Cloud Manager input validation | 8.2 | 09/01/2023 | Acronis | Link | ||
| Moxa MXsecurity small space of random values | 9.6 | 09/02/2023 | Moxa | Link | ||
| vim untrusted search path | 7.6 | 09/03/2023 | vim | Link | ||
| TOTOLINK N200RE V5 Validity_check format string | 8.0 | 09/03/2023 | TOTOLINK | Link | ||
| Tenda AC8 formSetDeviceName stack-based overflow | 8.9 | 09/03/2023 | Tenda | Link | ||
| Proscend Advice ICR hard-coded credentials | 9.9 | 09/04/2023 | Proscend | Link | ||
| ForeScout NAC SecureConnector uncontrolled search path | 7.8 | 09/04/2023 | ForeScout | Link | ||
| LG LED Assistant path traversal | 8.4 | 09/04/2023 | LG | Link | ||
| LG LED Assistant setThumbnailRc path traversal | 8.4 | 09/04/2023 | LG | Link | ||
| Dell Alienware Command Center .NET Remoting Server deserialization | 7.6 | 09/04/2023 | Dell | Link | ||
| Qualcomm APQ8064AU Graphics memory corruption | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm WSA8835 WLAN Firmware memory corruption | 9.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCN5022 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | https://www.cve.org/CVERecord?id=CVE-2023-28573 | |
| Qualcomm QCA9886 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA6694 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | https://www.cve.org/CVERecord?id=CVE-2023-28565 | |
| Qualcomm QCA9987 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9889 WLAN HAL buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCN5164 WLAN Firmware buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm SD855 WLAN array index | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9980 Command Parameter memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9980 WLAN HAL memory corruption | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCN5154 WLAN HAL array index | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm AQT1000 WIN stack-based overflow | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm AQT1000 Core buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm WCD9335 Core buffer overflow | 7.6 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm WSA8835 Audio array index | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm QCA9984 WLAN HAL memory corruption | 7.9 | 09/05/2023 | Qualcomm | Link | ||
| Qualcomm AQT1000 ESL memory corruption | 9.6 | 09/05/2023 | Qualcomm | Link |
Vulnerability
Linux Kernel Netfilter Subsystem Local Privilege Escalation
CVSSv3
7.5
Release Date
09/01/2023
Products
Linux
References
Link
Vulnerability
Acronis Cloud Manager input validation
CVSSv3
8.2
Release Date
09/01/2023
Products
Acronis
References
Link
Vulnerability
Acronis Cloud Manager input validation
CVSSv3
8.2
Release Date
09/01/2023
Products
Acronis
References
Link
Vulnerability
Moxa MXsecurity small space of random values
CVSSv3
9.6
Release Date
09/02/2023
Products
Moxa
References
Link
Vulnerability
vim untrusted search path
CVSSv3
7.6
Release Date
09/03/2023
Products
vim
References
Link
Vulnerability
TOTOLINK N200RE V5 Validity_check format string
CVSSv3
8.0
Release Date
09/03/2023
Products
TOTOLINK
References
Link
Vulnerability
Tenda AC8 formSetDeviceName stack-based overflow
CVSSv3
8.9
Release Date
09/03/2023
Products
Tenda
References
Link
Vulnerability
Proscend Advice ICR hard-coded credentials
CVSSv3
9.9
Release Date
09/04/2023
Products
Proscend
References
Link
Vulnerability
ForeScout NAC SecureConnector uncontrolled search path
CVSSv3
7.8
Release Date
09/04/2023
Products
ForeScout
References
Link
Vulnerability
LG LED Assistant path traversal
CVSSv3
8.4
Release Date
09/04/2023
Products
LG
References
Link
Vulnerability
LG LED Assistant setThumbnailRc path traversal
CVSSv3
8.4
Release Date
09/04/2023
Products
LG
References
Link
Vulnerability
Dell Alienware Command Center .NET Remoting Server deserialization
CVSSv3
7.6
Release Date
09/04/2023
Products
Dell
References
Link
Vulnerability
Qualcomm APQ8064AU Graphics memory corruption
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm WSA8835 WLAN Firmware memory corruption
CVSSv3
9.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN5022 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9886 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA6694 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9987 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9889 WLAN HAL buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN5164 WLAN Firmware buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm SD855 WLAN array index
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9980 Command Parameter memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9980 WLAN HAL memory corruption
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCN5154 WLAN HAL array index
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AQT1000 WIN stack-based overflow
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AQT1000 Core buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm WCD9335 Core buffer overflow
CVSSv3
7.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm WSA8835 Audio array index
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm QCA9984 WLAN HAL memory corruption
CVSSv3
7.9
Release Date
09/05/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AQT1000 ESL memory corruption
CVSSv3
9.6
Release Date
09/05/2023
Products
Qualcomm
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Qualcomm QCN5054 WLAN memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Qualcomm AR8035 Modem memory corruption | 9.6 | 10/3/2023 | Qualcomm | Link | ||
| Netman-204 Firmware File unrestricted upload | 9.9 | 10/3/2023 | Netman-204 | Link | ||
| Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine | 9.8 | 10/3/2023 | Dienstleistung | Link | ||
| Cisco Emergency Responder hard-coded credentials | 9.4 | 10/4/2023 | Cisco | Link | ||
| Schneider Electric C-Bus Toolkit path traversal | 9.6 | 10/5/2023 | Schneider | Link | ||
| Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization | 9.6 | 10/5/2023 | Schneider | Link | ||
| D-Link D-View InstallApplication hard-coded credentials | 9.5 | 10/5/2023 | D-Link | Link | ||
| D-Link D-View coreservice_action_script Remote Code Execution | 9.5 | 10/5/2023 | D-Link | Link | ||
| Qognify NiceVision hard-coded credentials | 9.7 | 10/6/2023 | Qognify | Link | ||
| Dell SmartFabric Storage Software input validation | 9.6 | 10/6/2023 | Dell | Link | ||
| Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials | 9.6 | 10/10/2023 | Siemens | Link | ||
| Siemens Simcenter Amesim SOAP Endpoint code injection | 9.6 | 10/10/2023 | Siemens | Link | ||
| Sangfor Next-Gen Application Firewall Header authentication spoofing | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Sangfor Next-Gen Application Firewall LogInOut.php os command injection | 9.8 | 10/10/2023 | Sangfor | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.6 | 10/10/2023 | Fortinet | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request realloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request malloc integer overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gozila_cgi stack-based overflow | 9.2 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request manage_request stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request gwcfg.cgi debug code | 9.6 | 2023-10-11 | Yifan | Link | ||
| Yifan YF325 Network Request debug code | 9.6 | 2023-10-11 | Yifan | Link |
Vulnerability
Qualcomm QCN5054 WLAN memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Qualcomm AR8035 Modem memory corruption
CVSSv3
9.6
Release Date
10/3/2023
Products
Qualcomm
References
Link
Vulnerability
Netman-204 Firmware File unrestricted upload
CVSSv3
9.9
Release Date
10/3/2023
Products
Netman-204
References
Link
Vulnerability
Dienstleistung, Entwicklung & Vertrieb GmbH cashIT Serving Solutions HTTP Endpoint routine
CVSSv3
9.8
Release Date
10/3/2023
Products
Dienstleistung
References
Link
Vulnerability
Cisco Emergency Responder hard-coded credentials
CVSSv3
9.4
Release Date
10/4/2023
Products
Cisco
References
Link
Vulnerability
Schneider Electric C-Bus Toolkit path traversal
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
Schneider Electric EcoStruxure Power Monitoring Expert Packet deserialization
CVSSv3
9.6
Release Date
10/5/2023
Products
Schneider
References
Link
Vulnerability
D-Link D-View InstallApplication hard-coded credentials
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
D-Link D-View coreservice_action_script Remote Code Execution
CVSSv3
9.5
Release Date
10/5/2023
Products
D-Link
References
Link
Vulnerability
Qognify NiceVision hard-coded credentials
CVSSv3
9.7
Release Date
10/6/2023
Products
Qognify
References
Link
Vulnerability
Dell SmartFabric Storage Software input validation
CVSSv3
9.6
Release Date
10/6/2023
Products
Dell
References
Link
Vulnerability
Siemens CP-8031 MASTER MODULE/CP-8050 MASTER MODULE SSH hard-coded credentials
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Siemens Simcenter Amesim SOAP Endpoint code injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Siemens
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall Header authentication spoofing
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall HTTP POST Request login.cgi os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Sangfor Next-Gen Application Firewall LogInOut.php os command injection
CVSSv3
9.8
Release Date
10/10/2023
Products
Sangfor
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.6
Release Date
10/10/2023
Products
Fortinet
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg_cgi_set_manage_post_data integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request realloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request malloc integer overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gozila_cgi stack-based overflow
CVSSv3
9.2
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request manage_request stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request libutils.so nvram_restore stack-based overflow
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request gwcfg.cgi debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
Vulnerability
Yifan YF325 Network Request debug code
CVSSv3
9.6
Release Date
2023-10-11
Products
Yifan
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Zavio CD321 XML Element stack-based overflow | 9.5 | 10/31/2023 | Zavio | Link | ||
| Zavio CD321 XML Element Parser stack-based overflow | 9.5 | 10/31/2023 | Zavio | Link | ||
| Zavio CD321 XML Element stack-based overflow | 9.5 | 10/31/2023 | Zavio | Link | ||
| INEA ME RTU improper authentication | 9.4 | 10/31/2023 | INEA | Link | ||
| GLPI ajax input validation | 9.7 | 11/2/2023 | GLPI | Link | ||
| Weintek EasyBuilder Pro hard-coded credentials | 9.4 | 11/2/2023 | Weintek | Link | ||
| Mitsubishi Electric MELSEC-F/MELSEC iQ-F data authenticity | 9.8 | 11/2/2023 | Mitsubishi | Link | ||
| 1E Platform URL Parameter input validation | 9.1 | 11/6/2023 | 1E | Link | ||
| 1E Platform URL Parameter input validation | 9.3 | 11/6/2023 | 1E | Link | ||
| 1E Platform URL Parameter input validation | 9.1 | 11/6/2023 | 1E | Link | ||
| Johnson Controls Quantum HD Unity debug code | 9.4 | 11/9/2023 | Johnson | Link | ||
| PostgreSQL Array Modification integer overflow | 9.4 | 11/10/2023 | PostgreSQL | Link | ||
| Weston Embedded Cesium NET/uC-HTTP HTTP Server memory corruption | 9.2 | 11/14/2023 | Weston | Link | ||
| Siemens COMOS Cache Validation Service Testing Ptmcast buffer overflow | 9 | 11/14/2023 | Siemens | Link | ||
| Fortinet FortiSIEM API Request os command injection | 9.6 | 11/14/2023 | Fortinet | Link | ||
| Intel DCM software protection mechanism | 9.7 | 11/14/2023 | Intel | Link | ||
| HPE ArubaOS CLI Service buffer overflow | 9.6 | 11/15/2023 | HPE | Link | ||
| HPE ArubaOS AirWave Client Service buffer overflow | 9.6 | 11/15/2023 | HPE | Link | ||
| HPE ArubaOS CLI Service buffer overflow | 9.6 | 11/15/2023 | HPE | Link | ||
| ray URL Parameter os command injection | 9.9 | 11/16/2023 | ray | Link | ||
| h2oai h2o-3 POJO Model Import code injection | 9.9 | 11/16/2023 | h2oai | Link | ||
| Red Lion Sixnet RTU UDR Message routine | 9.4 | 11/17/2023 | Red | Link | ||
| Red Lion Sixnet RTU authentication bypass | 9.4 | 11/17/2023 | Red | Link | ||
| WAGO Industrial Managed Switch Web-based Management os command injection | 9.6 | 11/21/2023 | WAGO | Link | ||
| Digital Communications Technologies Syrus4 IoT Telematics Gateway MQTT Server improper authentication | 9.9 | 11/22/2023 | Digital | Link | ||
| Univera Computer System Panorama os command injection | 9.1 | 11/28/2023 | Univera | Link | ||
| Delta Electronics InfraSuite Device Master UDP Packet routine | 9.4 | 11/29/2023 | Delta | Link | ||
| Delta Electronics InfraSuite Device Master deserialization | 9.4 | 11/29/2023 | Delta | Link | ||
| Zyxel NAS326/NAS542 WSGI Server os command injection | 9.8 | 11/30/2023 | Zyxel | Link | ||
| Zyxel NAS326/NAS542 HTTP POST Request show_zysync_server_contents os command injection | 9.8 | 11/30/2023 | Zyxel | Link |
Vulnerability
Zavio CD321 XML Element stack-based overflow
CVSSv3
9.5
Release Date
10/31/2023
Products
Zavio
References
Link
Vulnerability
Zavio CD321 XML Element Parser stack-based overflow
CVSSv3
9.5
Release Date
10/31/2023
Products
Zavio
References
Link
Vulnerability
Zavio CD321 XML Element stack-based overflow
CVSSv3
9.5
Release Date
10/31/2023
Products
Zavio
References
Link
Vulnerability
INEA ME RTU improper authentication
CVSSv3
9.4
Release Date
10/31/2023
Products
INEA
References
Link
Vulnerability
GLPI ajax input validation
CVSSv3
9.7
Release Date
11/2/2023
Products
GLPI
References
Link
Vulnerability
Weintek EasyBuilder Pro hard-coded credentials
CVSSv3
9.4
Release Date
11/2/2023
Products
Weintek
References
Link
Vulnerability
Mitsubishi Electric MELSEC-F/MELSEC iQ-F data authenticity
CVSSv3
9.8
Release Date
11/2/2023
Products
Mitsubishi
References
Link
Vulnerability
1E Platform URL Parameter input validation
CVSSv3
9.1
Release Date
11/6/2023
Products
1E
References
Link
Vulnerability
1E Platform URL Parameter input validation
CVSSv3
9.3
Release Date
11/6/2023
Products
1E
References
Link
Vulnerability
1E Platform URL Parameter input validation
CVSSv3
9.1
Release Date
11/6/2023
Products
1E
References
Link
Vulnerability
Johnson Controls Quantum HD Unity debug code
CVSSv3
9.4
Release Date
11/9/2023
Products
Johnson
References
Link
Vulnerability
PostgreSQL Array Modification integer overflow
CVSSv3
9.4
Release Date
11/10/2023
Products
PostgreSQL
References
Link
Vulnerability
Weston Embedded Cesium NET/uC-HTTP HTTP Server memory corruption
CVSSv3
9.2
Release Date
11/14/2023
Products
Weston
References
Link
Vulnerability
Siemens COMOS Cache Validation Service Testing Ptmcast buffer overflow
CVSSv3
9
Release Date
11/14/2023
Products
Siemens
References
Link
Vulnerability
Fortinet FortiSIEM API Request os command injection
CVSSv3
9.6
Release Date
11/14/2023
Products
Fortinet
References
Link
Vulnerability
Intel DCM software protection mechanism
CVSSv3
9.7
Release Date
11/14/2023
Products
Intel
References
Link
Vulnerability
HPE ArubaOS CLI Service buffer overflow
CVSSv3
9.6
Release Date
11/15/2023
Products
HPE
References
Link
Vulnerability
HPE ArubaOS AirWave Client Service buffer overflow
CVSSv3
9.6
Release Date
11/15/2023
Products
HPE
References
Link
Vulnerability
HPE ArubaOS CLI Service buffer overflow
CVSSv3
9.6
Release Date
11/15/2023
Products
HPE
References
Link
Vulnerability
ray URL Parameter os command injection
CVSSv3
9.9
Release Date
11/16/2023
Products
ray
References
Link
Vulnerability
h2oai h2o-3 POJO Model Import code injection
CVSSv3
9.9
Release Date
11/16/2023
Products
h2oai
References
Link
Vulnerability
Red Lion Sixnet RTU UDR Message routine
CVSSv3
9.4
Release Date
11/17/2023
Products
Red
References
Link
Vulnerability
Red Lion Sixnet RTU authentication bypass
CVSSv3
9.4
Release Date
11/17/2023
Products
Red
References
Link
Vulnerability
WAGO Industrial Managed Switch Web-based Management os command injection
CVSSv3
9.6
Release Date
11/21/2023
Products
WAGO
References
Link
Vulnerability
Digital Communications Technologies Syrus4 IoT Telematics Gateway MQTT Server improper authentication
CVSSv3
9.9
Release Date
11/22/2023
Products
Digital
References
Link
Vulnerability
Univera Computer System Panorama os command injection
CVSSv3
9.1
Release Date
11/28/2023
Products
Univera
References
Link
Vulnerability
Delta Electronics InfraSuite Device Master UDP Packet routine
CVSSv3
9.4
Release Date
11/29/2023
Products
Delta
References
Link
Vulnerability
Delta Electronics InfraSuite Device Master deserialization
CVSSv3
9.4
Release Date
11/29/2023
Products
Delta
References
Link
Vulnerability
Zyxel NAS326/NAS542 WSGI Server os command injection
CVSSv3
9.8
Release Date
11/30/2023
Products
Zyxel
References
Link
Vulnerability
Zyxel NAS326/NAS542 HTTP POST Request show_zysync_server_contents os command injection
CVSSv3
9.8
Release Date
11/30/2023
Products
Zyxel
References
Link
| Vulnerability | CVSSv3 | Release Date | Products | References | ||
|---|---|---|---|---|---|---|
| Unitronics Vision Series PLC insecure default initialization of resource | 9.8 | 12/5/2023 | Unitronics | Link | ||
| mlflow special elements used in a template engine | 9.7 | 12/12/2023 | mlflow | Link | ||
| Fortinet FortiWLM HTTP GET Request os command injection | 9.1 | 12/13/2023 | Fortinet | Link | ||
| Fortinet FortiWAN JWT Token improper authentication | 9.1 | 12/13/2023 | Fortinet | Link | ||
| Repox transforamationfileupload unrestricted upload | 9.9 | 12/13/2023 | Repox | Link | ||
| Dasan Networks W-Web os command injection | 9.6 | 12/13/2023 | Dasan | Link | ||
| Phoenix Contact Automation Worx Software Suite permission assignment | 9.6 | 12/14/2023 | Phoenix | Link | ||
| Phoenix Contact MULTIPROG/ProConOS eCLR permission assignment | 9.6 | 12/14/2023 | Phoenix | Link | ||
| Multisuns EasyLog Web+ code injection | 9.8 | 12/15/2023 | Multisuns | Link | ||
| SmartStar CWS Web-Base unrestricted upload | 9.8 | 12/15/2023 | SmartStar | Link | ||
| ITPison OMICARD EDM SMS unrestricted upload | 9.8 | 12/15/2023 | ITPison | Link | ||
| IDEMIA SIGMA Lite & Lite + Retrofit Validation stack-based overflow | 9.3 | 12/15/2023 | IDEMIA | Link | ||
| Zabbix Session Cookie cookie validation | 9 | 12/18/2023 | Zabbix | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Avalanche Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Wavelink Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Wavelink Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| Ivanti Wavelink Mobile Device Server memory corruption | 9.8 | 12/19/2023 | Ivanti | Link | ||
| mlflow path traversal | 9.7 | 12/20/2023 | mlflow | Link | ||
| huggingface transformers deserialization | 9 | 12/20/2023 | huggingface | Link | ||
| Voltronic Power ViewPower Pro deserialization | 9.5 | 12/21/2023 | Voltronic | Link | ||
| Voltronic Power ViewPower Pro getMacAddressByIp command injection | 9.5 | 12/21/2023 | Voltronic | Link |
Vulnerability
Unitronics Vision Series PLC insecure default initialization of resource
CVSSv3
9.8
Release Date
12/5/2023
Products
Unitronics
References
Link
Vulnerability
mlflow special elements used in a template engine
CVSSv3
9.7
Release Date
12/12/2023
Products
mlflow
References
Link
Vulnerability
Fortinet FortiWLM HTTP GET Request os command injection
CVSSv3
9.1
Release Date
12/13/2023
Products
Fortinet
References
Link
Vulnerability
Fortinet FortiWAN JWT Token improper authentication
CVSSv3
9.1
Release Date
12/13/2023
Products
Fortinet
References
Link
Vulnerability
Repox transforamationfileupload unrestricted upload
CVSSv3
9.9
Release Date
12/13/2023
Products
Repox
References
Link
Vulnerability
Dasan Networks W-Web os command injection
CVSSv3
9.6
Release Date
12/13/2023
Products
Dasan
References
Link
Vulnerability
Phoenix Contact Automation Worx Software Suite permission assignment
CVSSv3
9.6
Release Date
12/14/2023
Products
Phoenix
References
Link
Vulnerability
Phoenix Contact MULTIPROG/ProConOS eCLR permission assignment
CVSSv3
9.6
Release Date
12/14/2023
Products
Phoenix
References
Link
Vulnerability
Multisuns EasyLog Web+ code injection
CVSSv3
9.8
Release Date
12/15/2023
Products
Multisuns
References
Link
Vulnerability
SmartStar CWS Web-Base unrestricted upload
CVSSv3
9.8
Release Date
12/15/2023
Products
SmartStar
References
Link
Vulnerability
ITPison OMICARD EDM SMS unrestricted upload
CVSSv3
9.8
Release Date
12/15/2023
Products
ITPison
References
Link
Vulnerability
IDEMIA SIGMA Lite & Lite + Retrofit Validation stack-based overflow
CVSSv3
9.3
Release Date
12/15/2023
Products
IDEMIA
References
Link
Vulnerability
Zabbix Session Cookie cookie validation
CVSSv3
9
Release Date
12/18/2023
Products
Zabbix
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Avalanche Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Wavelink Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Wavelink Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
Ivanti Wavelink Mobile Device Server memory corruption
CVSSv3
9.8
Release Date
12/19/2023
Products
Ivanti
References
Link
Vulnerability
mlflow path traversal
CVSSv3
9.7
Release Date
12/20/2023
Products
mlflow
References
Link
Vulnerability
huggingface transformers deserialization
CVSSv3
9
Release Date
12/20/2023
Products
huggingface
References
Link
Vulnerability
Voltronic Power ViewPower Pro deserialization
CVSSv3
9.5
Release Date
12/21/2023
Products
Voltronic
References
Link
Vulnerability
Voltronic Power ViewPower Pro getMacAddressByIp command injection
CVSSv3
9.5
Release Date
12/21/2023
Products
Voltronic
References
Link
