| Page(s) : 1 ... 611 612 613 614 615 616 617 618 619 620 [621] 622 623 624 625 626 627 628 629 630 631 ... | Result(s) : 43431 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.1 | 2022-04-04 | CVE-2022-1165 | cve | The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, ... |
| 9.1 | 2022-04-04 | CVE-2022-0990 | cve | Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18. |
| 9.8 | 2022-04-04 | CVE-2022-25569 | cve | Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a ke... |
| 9.8 | 2022-04-04 | CVE-2021-32980 | cve | Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to... |
| 9.8 | 2022-04-04 | CVE-2021-32984 | cve | All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs... |
| 9.8 | 2022-04-04 | CVE-2021-32986 | cve | After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming... |
| 9.8 | 2022-04-04 | CVE-2021-33008 | cve | AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity. |
| 9.8 | 2022-04-04 | CVE-2022-1162 | cve | A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and... |
| 9.8 | 2022-04-03 | CVE-2022-28368 | cve | Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). |
| 9.8 | 2022-04-03 | CVE-2022-28381 | cve | Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue... |
| 9.1 | 2022-04-03 | CVE-2022-26530 | cve | swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. |
| 9.8 | 2022-04-03 | CVE-2021-30064 | cve | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcod... |
| 9.8 | 2022-04-01 | CVE-2021-32976 | cve | Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service at... |
| 9.1 | 2022-04-01 | CVE-2022-25158 | cve | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all... |
| 10 | 2022-04-01 | CVE-2022-22570 | cve | A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to... |
| 9.8 | 2022-04-01 | CVE-2022-24803 | cve | Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc m... |
| 9.8 | 2022-04-01 | CVE-2022-22963 | cve | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as ... |
| 9.8 | 2022-04-01 | CVE-2022-22965 | cve | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to ... |
| 9.1 | 2022-04-01 | CVE-2022-25157 | cve | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F ser... |
| 9.8 | 2022-04-01 | CVE-2022-21223 | cve | The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or ... |
| Page(s) : 1 ... 611 612 613 614 615 616 617 618 619 620 [621] 622 623 624 625 626 627 628 629 630 631 ... | Result(s) : 43431 |
