Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2021-45418 — Starcharge Titan_180_premium_firmware: Certain Starcharge products are vulnerable to Directory Traversal via main.cgi.
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0. CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile
CVE-2021-44732 — Arm Mbed_tls: Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile
CVE-2021-45105 — Apache Log4j: This allows an attacker with control over Thread Context Map data to cause a
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. CVSSv3.1 5.9 (MEDIUM) · EPSS 99th percentile
CVE-2021-42912 — Fiberhome An5506-01-a_firmware: ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability.
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. CVSSv3.1 8.8 (HIGH) · EPSS 96th percentile
CVE-2021-42216 — Anonaddy Anonaddy: A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 69th percentile
CVE-2021-36450 — Verint Workforce_optimization: Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. CVSSv3.1 6.1 (MEDIUM) · EPSS 99th percentile
CVE-2021-4104 — Apache Log4j: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile
CVE-2021-41716 — Mahadiscom Mahavitaran: Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function CVSSv3.1 9.8 (CRITICAL) · EPSS 69th percentile
CVE-2021-41435 — Asus Gt-ax11000_firmware: A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via CVSSv3.1 9.8 (CRITICAL) · EPSS 92th percentile
CVE-2021-41653 — Tp-link Tl-wr840n_firmware: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2021-42237 — Sitecore Experience_platform: XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2020-25368 — Dlink Dir-823g_firmware: A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. CVSSv3.1 9.8 (CRITICAL) · EPSS 96th percentile
CVE-2020-25366 — Dlink Dir-823g_firmware: An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. CVSSv3.1 9.1 (CRITICAL) · EPSS 87th percentile
CVE-2020-25367 — Dlink Dir-823g_firmware: A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. CVSSv3.1 9.8 (CRITICAL) · EPSS 96th percentile
CVE-2020-25912 — Getsymphony Symphony: A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which
A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS). CVSSv3.1 9.1 (CRITICAL) · EPSS 69th percentile
CVE-2021-41646 — Janobe Online_reviewer_system: Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile
CVE-2021-31627 — Tendacn Ac9_firmware: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2021-31624 — Tendacn Ac9_firmware: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2021-29005 — Rconfig Rconfig: Insecure permission of chmod command on rConfig server 3.9.6 exists.
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. CVSSv3.1 8.8 (HIGH) · EPSS 76th percentile
CVE-2021-29004 — Rconfig Rconfig: 3.9.6 is affected by SQL Injection.
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile
CVE-2020-21548 — Saitoha Libsixel: 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. CVSSv3.1 8.8 (HIGH)
CVE-2020-21547 — Saitoha Libsixel: 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. CVSSv3.1 8.8 (HIGH)
CVE-2021-41326 — Misp-project Misp: In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. CVSSv3.1 9.8 (CRITICAL)
CVE-2021-36582 — Kooboo Kooboo_cms: In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx)
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile
CVE-2021-36581 — Kooboo Kooboo_cms: CMS 2.1.1.0 is vulnerable to Insecure file upload.
Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile