Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2020-25912 |
|
XXE (XML External Entity) in dos (CVE-2020-25912)
vulnerability in dos (CVE-2020-25912). Confidential information can be exposed externally.
|
| CVE-2021-3825 |
|
Vulnerability in pardus (CVE-2021-3825)
vulnerability in pardus (CVE-2021-3825). Successful exploitation can lead to full system takeover.
|
| CVE-2021-41326 |
|
Vulnerability in misp-project (CVE-2021-41326)
vulnerability in misp-project (CVE-2021-41326). Successful exploitation can lead to full system takeover.
|
| CVE-2021-36582 |
|
Unrestricted File Upload in kooboo (CVE-2021-36582)
vulnerability in kooboo (CVE-2021-36582). Successful exploitation can lead to full system takeover.
|
| CVE-2021-36581 |
|
Unrestricted File Upload in kooboo (CVE-2021-36581)
vulnerability in kooboo (CVE-2021-36581). Successful exploitation can lead to full system takeover.
|
| CVE-2021-39302 |
|
SQL Injection in sqli (CVE-2021-39302)
SQL injection in sqli (CVE-2021-39302). Successful exploitation can lead to full system takeover.
|
| CVE-2021-33485 |
|
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
|
| CVE-2021-22779 |
|
Vulnerability in schneider-electric (CVE-2021-22779)
vulnerability in schneider-electric (CVE-2021-22779). Confidential information can be exposed externally.
|
| CVE-2021-35502 |
|
Vulnerability in misp-project (CVE-2021-35502)
vulnerability in misp-project (CVE-2021-35502). Successful exploitation can lead to full system takeover.
|
| CVE-2021-27132 |
|
Vulnerability in sercomm (CVE-2021-27132)
vulnerability in sercomm (CVE-2021-27132). Successful exploitation can lead to full system takeover.
|
| CVE-2020-27285 |
|
Vulnerability in redlion (CVE-2020-27285)
vulnerability in redlion (CVE-2020-27285). Confidential information can be exposed externally.
|
| CVE-2020-35276 |
|
SQL Injection in sqli (CVE-2020-35276)
SQL injection in sqli (CVE-2020-35276). Successful exploitation can lead to full system takeover.
|
| CVE-2020-29006 |
|
Vulnerability in misp-project (CVE-2020-29006)
vulnerability in misp-project (CVE-2020-29006). Successful exploitation can lead to full system takeover.
|
| CVE-2020-25466 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2020-25466)
SSRF in ssrf (CVE-2020-25466). Successful exploitation can lead to full system takeover.
|
| CVE-2018-5353 |
|
Vulnerability in zohocorp (CVE-2018-5353)
vulnerability in zohocorp (CVE-2018-5353). Successful exploitation can lead to full system takeover.
|
| CVE-2020-24193 |
|
SQL Injection in sqli (CVE-2020-24193)
SQL injection in sqli (CVE-2020-24193). Successful exploitation can lead to full system takeover.
|
| CVE-2020-15411 |
|
Privilege Escalation in misp-project (CVE-2020-15411)
vulnerability in misp-project (CVE-2020-15411). Successful exploitation can lead to full system takeover.
|
| CVE-2022-28932 |
|
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
|
| CVE-2015-0987 |
|
Information Disclosure in omron (CVE-2015-0987)
vulnerability in omron (CVE-2015-0987). Confidential information can be exposed externally.
|
| CVE-2022-29351 |
|
Unrestricted File Upload in tiddlywiki (CVE-2022-29351)
vulnerability in tiddlywiki (CVE-2022-29351). Successful exploitation can lead to full system takeover.
|
| CVE-2018-8851 |
|
Vulnerability in echelon (CVE-2018-8851)
vulnerability in echelon (CVE-2018-8851). Successful exploitation can lead to full system takeover.
|
| CVE-2018-11091 |
|
Unrestricted File Upload in mybiz (CVE-2018-11091)
vulnerability in mybiz (CVE-2018-11091). Successful exploitation can lead to full system takeover.
|
| CVE-2018-7791 |
|
Authentication Bypass in schneider-electric (CVE-2018-7791)
authentication bypass in schneider-electric (CVE-2018-7791). Successful exploitation can lead to full system takeover.
|
| CVE-2018-7790 |
|
Vulnerability in schneider-electric (CVE-2018-7790)
vulnerability in schneider-electric (CVE-2018-7790). Successful exploitation can lead to full system takeover.
|
| CVE-2022-28568 |
|
Unrestricted File Upload in simple-doctors-appointment-system-project (CVE-2022-28568)
vulnerability in simple-doctors-appointment-system-project (CVE-2022-28568). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29347 |
|
Unrestricted File Upload in web-at-rchiv-project (CVE-2022-29347)
vulnerability in web-at-rchiv-project (CVE-2022-29347). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43163 |
|
Command Injection in ruijienetworks (CVE-2021-43163)
command injection in ruijienetworks (CVE-2021-43163). Successful exploitation can lead to full system takeover.
|
| CVE-2022-28118 |
|
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
|
| CVE-2021-44596 |
|
Vulnerability in wondershare (CVE-2021-44596)
vulnerability in wondershare (CVE-2021-44596). Successful exploitation can lead to full system takeover.
|
| CVE-2021-41945 |
|
Vulnerability in encode (CVE-2021-41945)
vulnerability in encode (CVE-2021-41945). Confidential information can be exposed externally. Exploitable via ``httpx.URL``.
|
| CVE-2022-27984 |
|
SQL Injection in sqli (CVE-2022-27984)
SQL injection in sqli (CVE-2022-27984). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27985 |
|
SQL Injection in sqli (CVE-2022-27985)
SQL injection in sqli (CVE-2022-27985). Successful exploitation can lead to full system takeover.
|
| CVE-2022-28093 |
|
Vulnerability in online-sports-complex-booking-system-project (CVE-2022-28093)
vulnerability in online-sports-complex-booking-system-project (CVE-2022-28093). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29528 |
|
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
|
| CVE-2022-28397 |
|
Unrestricted File Upload in ghost (CVE-2022-28397)
vulnerability in ghost (CVE-2022-28397). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27262 |
|
Unrestricted File Upload in sailsjs (CVE-2022-27262)
vulnerability in sailsjs (CVE-2022-27262). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27260 |
|
Unrestricted File Upload in buttercms (CVE-2022-27260)
vulnerability in buttercms (CVE-2022-27260). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37291 |
|
SQL Injection in sqli (CVE-2021-37291)
SQL injection in sqli (CVE-2021-37291). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26645 |
|
Unrestricted File Upload in oretnom23 (CVE-2022-26645)
vulnerability in oretnom23 (CVE-2022-26645). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26646 |
|
Vulnerability in oretnom23 (CVE-2022-26646)
vulnerability in oretnom23 (CVE-2022-26646). Successful exploitation can lead to full system takeover.
|
| CVE-2021-46009 |
|
Vulnerability in totolink (CVE-2021-46009)
vulnerability in totolink (CVE-2021-46009). Successful exploitation can lead to full system takeover.
|
| CVE-2021-46007 |
|
OS Command Injection in totolink (CVE-2021-46007)
OS command injection in totolink (CVE-2021-46007). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25521 |
|
UNNO v03.11.00 was discovered to contain access control issue.
UNNO v03.11.00 was discovered to contain access control issue.
|
| CVE-2021-42237 KEV |
|
[KEV] Unsafe Deserialization in Sitecore xp (CVE-2021-42237)
vulnerability in Sitecore xp (CVE-2021-42237). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2018-1273 KEV |
|
[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
code injection in Vmware tanzu vmware-tanzu (CVE-2018-1273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24293 |
|
Vulnerability in dos (CVE-2022-24293)
vulnerability in dos (CVE-2022-24293). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24292 |
|
Vulnerability in dos (CVE-2022-24292)
vulnerability in dos (CVE-2022-24292). Successful exploitation can lead to full system takeover.
|
| CVE-2021-45756 |
|
Vulnerability in asus (CVE-2021-45756)
vulnerability in asus (CVE-2021-45756). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25578 |
|
Code Injection in taogogo (CVE-2022-25578)
code injection in taogogo (CVE-2022-25578). Successful exploitation can lead to full system takeover.
|
| CVE-2021-45834 |
|
Unrestricted File Upload in opendocman (CVE-2021-45834)
vulnerability in opendocman (CVE-2021-45834). Successful exploitation can lead to full system takeover.
|