Unknown · CVSS Not scored
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
Published Nov 2, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
Published Nov 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
Published Nov 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
Published Nov 4, 2021 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.
Published Nov 24, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
Published Nov 10, 2020 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Microweber v1.1.18 is affected by no session expiry after log-out.
Published Nov 9, 2020 · Updated Jul 9, 2026
High · CVSS 7.5
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
Published Nov 12, 2020 · Updated Jun 2, 2026
High · CVSS 7.8
Microsoft Teams Remote Code Execution Vulnerability
Published Nov 11, 2020 · Updated May 29, 2026
High · CVSS 7.1
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
Published Nov 19, 2020 · Updated May 29, 2026
Medium · CVSS 5.5
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
Published Nov 19, 2020 · Updated May 29, 2026
Medium · CVSS 4.7
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.
Published Nov 28, 2020 · Updated May 29, 2026
High · CVSS 7.1
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.
Published Nov 19, 2020 · Updated May 29, 2026
High · CVSS 7.1
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
Published Nov 19, 2020 · Updated May 29, 2026
Medium · CVSS 6.3
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.
Published Nov 18, 2020 · Updated May 29, 2026
Medium · CVSS 6.3
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.
Published Nov 18, 2020 · Updated May 29, 2026
Medium · CVSS 6.3
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
Published Nov 18, 2020 · Updated May 29, 2026
High · CVSS 8.7
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.
Published Nov 26, 2025 · Updated May 14, 2026
High · CVSS 7.5
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
Published Nov 17, 2024 · Updated Apr 27, 2026
High · CVSS 8.7
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.
Published Nov 26, 2025 · Updated Apr 7, 2026
Critical · CVSS 9.6 · CISA KEV
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Published Nov 3, 2020 · Updated Jan 12, 2026
Critical · CVSS 9.8 · CISA KEV
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published Nov 1, 2020 · Updated Jan 12, 2026
High · CVSS 7.5
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
Published Nov 6, 2020 · Updated Dec 3, 2025
High · CVSS 8.7
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network.
Published Nov 26, 2025 · Updated Nov 28, 2025
High · CVSS 8.7
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that could facilitate further compromise of the camera or connected network.
Published Nov 26, 2025 · Updated Nov 28, 2025
Critical · CVSS 9.2
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server authentication, or screen mirroring are enabled to gain access or execute commands on affected devices. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-02-05 UTC.
Published Nov 7, 2025 · Updated Nov 20, 2025
Unknown · CVSS Not scored
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Published Nov 12, 2020 · Updated Nov 4, 2025
Critical · CVSS 9.8
The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip.
Published Nov 8, 2024 · Updated Nov 4, 2025
High · CVSS 7.5
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information includes the SSID and WPA2 key for the Wi-Fi network the device is connected to.
Published Nov 7, 2024 · Updated Nov 4, 2025
High · CVSS 8.8
An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetooth traffic encryption, it is possible to hijack an ongoing Bluetooth connection between the Lush 2 and a mobile phone. This allows an attacker to gain full control over the device.
Published Nov 7, 2024 · Updated Nov 4, 2025
High · CVSS 8
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.
Published Nov 7, 2024 · Updated Nov 4, 2025
Medium · CVSS 5.4
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file.
Published Nov 7, 2024 · Updated Nov 4, 2025
Medium · CVSS 4.3
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)
Published Nov 7, 2024 · Updated Nov 4, 2025
Medium · CVSS 6.3
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased.
Published Nov 7, 2024 · Updated Nov 4, 2025
Critical · CVSS 9.6 · CISA KEV
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published Nov 3, 2020 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published Nov 3, 2020 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Published Nov 6, 2020 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default
Published Nov 10, 2020 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
Windows Kernel Local Elevation of Privilege Vulnerability
Published Nov 11, 2020 · Updated Oct 21, 2025
High · CVSS 7.8 · CISA KEV
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Published Nov 19, 2020 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
Published Nov 20, 2020 · Updated Oct 21, 2025
Critical · CVSS 9.1 · CISA KEV
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Published Nov 23, 2020 · Updated Oct 21, 2025
Unknown · CVSS Not scored
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
Published Nov 4, 2020 · Updated May 30, 2025
Medium · CVSS 6.6
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.
This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.
Published Nov 1, 2022 · Updated May 5, 2025
Critical · CVSS 9.8
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
Published Nov 3, 2022 · Updated May 5, 2025
Critical · CVSS 9.8
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
Published Nov 3, 2022 · Updated May 5, 2025
Critical · CVSS 9.8
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
Published Nov 3, 2022 · Updated May 5, 2025
High · CVSS 7.5
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module.
Published Nov 7, 2022 · Updated May 2, 2025
Medium · CVSS 5.9
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.
Published Nov 1, 2022 · Updated May 2, 2025
High · CVSS 8.8
In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS.
Published Nov 7, 2022 · Updated May 1, 2025