372 collected events across every source — vulnerabilities, rulemaking and (soon)
advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
-
2023-08-16
NVD CVE
critical
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
-
2023-08-16
NVD CVE
critical
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
-
2023-08-14
NVD CVE
critical
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
-
2023-08-14
NVD CVE
critical
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
-
2023-08-14
NVD CVE
critical
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.
-
2023-08-10
NVD CVE
critical
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
-
2023-08-10
NVD CVE
critical
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
-
2023-08-09
NVD CVE
critical
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need...
-
2023-08-09
NVD CVE
critical
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
-
2023-08-05
NVD CVE
critical
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
-
2023-08-03
NVD CVE
critical
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.
-
2023-08-03
NVD CVE
critical
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field...
-
2023-08-03
NVD CVE
critical
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
-
2023-08-03
NVD CVE
critical
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
-
2023-08-01
NVD CVE
critical
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
-
2023-07-31
NVD CVE
critical
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.
-
2023-07-31
NVD CVE
critical
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.
-
2023-07-12
NVD CVE
critical
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
-
2023-06-16
NVD CVE
critical
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.
-
2023-06-14
NVD CVE
critical
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
-
2023-06-13
NVD CVE
critical
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
-
2023-06-13
NVD CVE
critical
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
-
2023-06-06
NVD CVE
critical
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
-
2023-06-06
NVD CVE
critical
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
-
2023-05-18
NVD CVE
critical
TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.
-
2023-05-12
NVD CVE
critical
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
-
2023-05-11
NVD CVE
critical
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.
-
2023-05-08
NVD CVE
critical
CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.
-
2023-05-05
NVD CVE
critical
NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.
-
2023-05-04
NVD CVE
critical
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
-
2023-05-02
NVD CVE
critical
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.
-
2023-04-27
NVD CVE
critical
Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.
-
2023-04-26
NVD CVE
critical
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.
-
2023-04-18
NVD CVE
critical
Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request.
-
2023-04-13
NVD CVE
critical
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.
-
2023-04-13
NVD CVE
critical
AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.
-
2023-04-13
NVD CVE
critical
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
-
2023-04-04
NVD CVE
critical
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
-
2023-04-04
NVD CVE
critical
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that...
-
2023-03-31
NVD CVE
critical
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.