2021-10-31
2021-10-31 19:15Z
CRIT

CVE-2020-25912 — Getsymphony Symphony: A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-25912

A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS). CVSSv3.1 9.1 (CRITICAL) · EPSS 69th percentile

CWECWE 611VNDGetsymphonyTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2021-10-29
2021-10-29 18:15Z
CRIT

CVE-2021-41646 — Janobe Online_reviewer_system: Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-41646

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile

CWECWE 434VNDJanobeVNDCodeTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2021-10-29
2021-10-29 11:15Z
HIGH

CVE-2021-31627 — Tendacn Ac9_firmware: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-31627

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 120VNDBufferVNDTendacnTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-10-29
2021-10-29 11:15Z
HIGH

CVE-2021-31624 — Tendacn Ac9_firmware: Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-31624

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 120VNDBufferVNDTendacnTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-10-11
2021-10-11 13:15Z
HIGH

CVE-2021-29005 — Rconfig Rconfig: Insecure permission of chmod command on rConfig server 3.9.6 exists.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-29005

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. CVSSv3.1 8.8 (HIGH) · EPSS 76th percentile

CWECWE 276VNDRconfigTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2021-10-11
2021-10-11 12:15Z
HIGH

CVE-2021-29004 — Rconfig Rconfig: 3.9.6 is affected by SQL Injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-29004

rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile

CWECWE 89VNDRconfigTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2021-09-17
2021-09-17 21:15Z
HIGH

CVE-2020-21548 — Saitoha Libsixel: 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21548

Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDLibsixelVNDSaitohaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2021-09-17
2021-09-17 21:15Z
HIGH

CVE-2020-21547 — Saitoha Libsixel: 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-21547

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDLibsixelVNDSaitohaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-09-17
2021-09-17 18:15Z
CRIT

CVE-2021-41326 — Misp-project Misp: In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-41326

In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. CVSSv3.1 9.8 (CRITICAL)

VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-09-14
2021-09-14 12:15Z
CRIT

CVE-2021-36582 — Kooboo Kooboo_cms: In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL. CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile

CWECWE 434VNDKoobooTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-09-14
2021-09-14 12:15Z
CRIT

CVE-2021-36581 — Kooboo Kooboo_cms: CMS 2.1.1.0 is vulnerable to Insecure file upload.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 434VNDKoobooTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-08-19
2021-08-19 17:15Z
CRIT

CVE-2021-39302 — Misp-project Misp: 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-39302

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-08-11
2021-08-11 15:15Z
CRIT

CVE-2019-25052 — Trustedfirmware Op-tee: In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25052

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. CVSSv3.1 9.1 (CRITICAL) · EPSS 42th percentile

CWECWE 327VNDTrustedfirmwareVNDLinaroTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2021-08-03
2021-08-03 16:15Z
CRIT

CVE-2021-33485 — Codesys Control: Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-33485

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. CVSSv3.1 9.8 (CRITICAL) · EPSS 60th percentile

CWECWE 787CWECWE 122VNDCodesysTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-07-26
2021-07-26 20:15Z
HIGH

CVE-2020-18171 — Techsmith Snagit: 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-18171

TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details. CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile

CWECWE 269VNDTechsmithTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-07-14
2021-07-14 15:15Z
CRIT

CVE-2021-22779 — Schneider-electric Ecostruxure_control_expert: Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unautho CVSSv3.1 9.1 (CRITICAL) · EPSS 41th percentile

CWECWE 290VNDSchneider ElectricTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2021-07-09
2021-07-09 15:15Z
HIGH

CVE-2021-33012 — Rockwellautomation Micrologix_1100_firmware: Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-33012

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. CVSSv3.1 8.6 (HIGH) · EPSS 86th percentile

CWECWE 20VNDRockwellautomationVNDRockwellTYPVulnerability
8.6
CVSS v3.1
94
Edit Score
2021-06-25
2021-06-25 21:15Z
CRIT

CVE-2021-35502 — Misp-project Misp: app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-35502

app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. CVSSv3.1 9.8 (CRITICAL) · EPSS 61th percentile

VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-06-16
2021-06-16 20:15Z
HIGH

CVE-2021-34203 — Dlink Dir-2640-us_firmware: D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-34203

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a CVSSv3.1 8.1 (HIGH) · EPSS 73th percentile

CWECWE 1188VNDDlinkVNDLinkTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2021-06-11
2021-06-11 16:15Z
CRIT

CVE-2021-22768 — Schneider-electric Powerlogic_egx100_firmware: A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-22768

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767 CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile

CWECWE 20VNDSchneider ElectricVNDCweTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-06-11
2021-06-11 16:15Z
CRIT

CVE-2021-22767 — Schneider-electric Powerlogic_egx100_firmware: A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-22767

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276 CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile

CWECWE 20VNDSchneider ElectricVNDCweTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-06-11
2021-06-11 16:15Z
CRIT

CVE-2021-22765 — Schneider-electric Powerlogic_egx100_firmware: A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-22765

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile

CWECWE 20VNDSchneider ElectricVNDCweTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-06-11
2021-06-11 16:15Z
CRIT

CVE-2021-22763 — Schneider-electric Powerlogic_pm5560_firmware: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-22763

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile

CWECWE 640VNDSchneider ElectricVNDCweTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2021-06-10
2021-06-10 15:15Z
HIGH

CVE-2021-31659 — Tp-link Tl-sg2005_firmware: 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-31659

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile

CWECWE 352VNDTp LinkVNDLinkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2021-06-10
2021-06-10 15:15Z
HIGH

CVE-2021-31658 — Tp-link Tl-sg2005_firmware: TL-SG2005, TL-SG2008, etc.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-31658

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased. CVSSv3.1 8.1 (HIGH) · EPSS 60th percentile

CWECWE 129VNDTp LinkVNDLinkTYPVulnerability
8.1
CVSS v3.1
91
Edit Score