Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-27952
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.
Ecobee Ecobee3 Lite Firmware 4.5.81.200
8.2
CVSSv3
CVE-2021-27954
A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial o...
Ecobee Ecobee3 Lite Firmware 4.5.81.200
9.8
CVSSv3
CVE-2021-27965
The MsIo64.sys driver prior to 1.1.19.1016 in MSI Dragon Center prior to 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.
Msi Dragon Center
1 Github repository
7.8
CVSSv3
CVE-2021-27971
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.
Alpsalpine Touchpad Driver 10.3201.101.215
5.4
CVSSv3
CVE-2021-27989
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
4.9
CVSSv3
CVE-2021-27999
A SQL injection vulnerability exists in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database.
Local Services Search Engine Management System Project Local Services Search Engine Management System 1.0
5.4
CVSSv3
CVE-2021-28001
A cross-site scripting vulnerability exists in the Comments parameter in Textpattern CMS 4.8.4 which allows remote malicious users to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/article...
Textpattern Textpattern 4.8.4
6.1
CVSSv3
CVE-2021-28006
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.
Web Based Quiz System Project Web Based Quiz System 1.0
7.5
CVSSv3
CVE-2021-28022
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows malicious user to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.
Servicetonic Servicetonic
9.8
CVSSv3
CVE-2021-28024
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows malicious user to login without using a password.
Servicetonic Servicetonic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »