Threat Intelligence
Secure Today. Defend Tomorrow.
Real-time threat feed from trusted sources. Updated continuously to keep you informed of the latest malicious activity.
SAP Solution Manager Missing Authentication for Critical Function Vulnerability
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.
Read More →SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
Read More →SIMalliance Toolbox Browser Command Injection Vulnerability
SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.
Read More →SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
Read More →SolarWinds Serv-U Remote Code Execution Vulnerability
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.
Read More →SolarWinds Virtualization Manager Privilege Escalation Vulnerability
SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.
Read More →Sonatype Nexus Repository Remote Code Execution Vulnerability
Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.
Read More →SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Read More →SonicWall SMA100 SQL Injection Vulnerability
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
Read More →SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
Read More →SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.
Read More →SonicWall SSLVPN SMA100 SQL Injection Vulnerability
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
Read More →Sophos SFOS SQL Injection Vulnerability
Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).
Read More →Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability
Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.
Read More →Symantec Messaging Gateway Remote Code Execution Vulnerability
Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.
Read More →TeamViewer Desktop Bypass Remote Login Vulnerability
TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).
Read More →Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.
Read More →Tenda AC11 Router Stack Buffer Overflow Vulnerability
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
Read More →Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.
Read More →Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Read More →Sources
- AlienVault OTX
- CISA KEV
- URLhaus
Stay Ahead of Threats
Secure Today. Defend Tomorrow.
Get daily threat intelligence and CVE digests delivered to your inbox.