CVE-2021-22657
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. Devamını Oku
Devamını oku
CVE-2021-23175
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream. Devamını Oku
CVE-2021-20049
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. Devamını Oku
CVE-2021-20050
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. Devamını Oku
CVE-2020-20425 (s-cms)
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. Devamını Oku
CVE-2020-20426 (s-cms)
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. Devamını Oku
CVE-2020-20593
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account. Devamını Oku
CVE-2020-20595 (opms)
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. Devamını Oku
CVE-2020-20597 (lemon)
A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in webPortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. Devamını Oku
CVE-2020-20598 (lemon)
A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. Devamını Oku
CVE-2020-20600 (metinfo)
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. Devamını Oku
CVE-2020-20601
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. Devamını Oku