Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sdk vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-27372
Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow malicious users to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands.
Realtek Xpon Rtl9601d Software Development Kit 1.9
9.8
CVSSv3
CVE-2020-28472
This affects the package @aws-sdk/shared-ini-file-loader prior to 1.0.0-rc.9; the package aws-sdk prior to 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This c...
Amazon Aws Sdk For Javascipt
Amazon Aws Shared Configuration File Loader 1.0.0
9.8
CVSSv3
CVE-2020-25462
Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.
Moddable Moddable
9.8
CVSSv3
CVE-2020-11829
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
Oppo Coloros 2.0.0 5493e40 200722
9.8
CVSSv3
CVE-2020-8752
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
Intel Active Management Technology Firmware
Netapp Cloud Backup -
Intel Standard Manageability
9.8
CVSSv3
CVE-2020-12828
An issue exists in AnchorFree VPN SDK prior to 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file...
Pango Virtual Private Network Software Development Kit
1 Github repository
1 Article
9.8
CVSSv3
CVE-2016-11038
An issue exists on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ...
Google Android -
9.8
CVSSv3
CVE-2019-19825
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid...
Totolink A3002ru Firmware
Totolink A702r Firmware
Totolink N301rt Firmware
Totolink N302r Firmware
Totolink N300rt Firmware
Totolink N200re Firmware
Totolink N150rt Firmware
Totolink N100re Firmware
9.8
CVSSv3
CVE-2020-5499
Baidu Rust SGX SDK up to and including 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.
Apache Rust Sgx Sdk
9.8
CVSSv3
CVE-2019-15301
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows malicious users to execute arbitrary SQL commands via the value parameter.
Terrasoft Bpm Online Crm System Sdk 7.13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »