424 collected events across every source — vulnerabilities, rulemaking and (soon)
advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
-
2022-11-15
NVD CVE
critical
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.
-
2022-11-10
NVD CVE
critical
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.
-
2022-11-10
NVD CVE
critical
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.
-
2022-11-10
NVD CVE
critical
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.
-
2022-10-25
NVD CVE
critical
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
-
2022-10-19
NVD CVE
critical
Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable.
-
2022-10-17
NVD CVE
critical
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page.
-
2022-10-12
NVD CVE
critical
WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.
-
2022-09-30
NVD CVE
critical
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
-
2022-09-21
NVD CVE
critical
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.
-
2022-09-21
NVD CVE
critical
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.
-
2022-09-16
NVD CVE
critical
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.
-
2022-09-15
NVD CVE
critical
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
-
2022-09-02
NVD CVE
critical
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being...
-
2022-08-31
NVD CVE
critical
Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.
-
2022-08-30
NVD CVE
critical
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.
-
2022-08-29
NVD CVE
critical
TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.
-
2022-08-28
NVD CVE
critical
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.
-
2022-08-28
NVD CVE
critical
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.
-
2022-08-23
NVD CVE
critical
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
-
2022-08-23
NVD CVE
critical
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute...
-
2022-08-19
NVD CVE
critical
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.
-
2022-08-15
NVD CVE
critical
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
-
2022-08-01
NVD CVE
critical
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.
-
2022-07-25
NVD CVE
critical
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.
-
2022-07-06
NVD CVE
critical
OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.
-
2022-07-06
NVD CVE
critical
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.
-
2022-07-06
NVD CVE
critical
Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote).
-
2022-06-17
NVD CVE
critical
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).
-
2022-06-16
NVD CVE
critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
-
2022-06-16
NVD CVE
critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.
-
2022-06-16
NVD CVE
critical
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote...
-
2022-06-16
NVD CVE
critical
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.
-
2022-06-14
NVD CVE
critical
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.
-
2022-06-02
NVD CVE
critical
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.
-
2022-06-02
NVD CVE
critical
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
-
2022-06-02
NVD CVE
critical
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
-
2022-06-02
NVD CVE
critical
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.
-
2022-06-02
NVD CVE
critical
BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.
-
2022-06-02
NVD CVE
critical
Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.