Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sec-consult.com vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-10679
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.
Thomsonreuters Eikon 4.0.42144
8.8
CVSSv3
CVE-2019-16745
eBrigade prior to 5.0 has evenement_choice.php chxCal SQL Injection.
Ebrigade Ebrigade
9.8
CVSSv3
CVE-2019-12549
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
Wago 852-303 Firmware
Wago 852-1305 Firmware
Wago 852-1505 Firmware
9.8
CVSSv3
CVE-2019-12550
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
Wago 852-303 Firmware
Wago 852-1305 Firmware
Wago 852-1505 Firmware
8.8
CVSSv3
CVE-2018-11476
An issue exists on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication.
Vgate Icar 2 Wi-fi Obd2 Firmware -
6.5
CVSSv3
CVE-2018-11477
An issue exists on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car da...
Vgate Icar 2 Wi-fi Obd2 Firmware -
9.1
CVSSv3
CVE-2020-29551
An issue exists in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake...
Urve Urve 24.03.2020
9.8
CVSSv3
CVE-2022-26479
An issue exists in Poly EagleEye Director II prior to 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
Poly Eagleeye Director Ii Firmware
8.8
CVSSv3
CVE-2022-26481
An issue exists in Poly Studio prior to 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.
Poly Studio X30 Firmware
Poly Studio X70 Firmware
Poly G7500 Firmware
Poly Studio X50 Firmware
7.2
CVSSv3
CVE-2022-26482
An issue exists in Poly EagleEye Director II prior to 2.2.2.1. os.system command injection can be achieved by an admin.
Poly Eagleeye Director Ii Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »