Advisory

2024
ZA ID CVE Tittle CVSS 4.0 Base Published
ZA-2024-01 CVE-2024-5262 ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties 9.3 2024-06-05
ZA-2024-02 CVE-2024-6117 Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type 9.3 2024-08-05
ZA-2024-03 CVE-2024-6118 Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password 9.3 2024-08-05
ZA-2024-04 CVE-2024-7871 Huachu Easytest Online Learning Test Platform - SQL Injection 8.7 2024-09-02
ZA-2024-05 CVE-2024-43772 Huachu Easytest Online Learning Test Platform - SQL Injection 9.3 2024-09-02
ZA-2024-06 CVE-2024-43773 Huachu Easytest Online Learning Test Platform - SQL Injection 9.3 2024-09-02
ZA-2024-07 CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection 8.7 2024-09-02
ZA-2024-08 CVE-2024-43775 Huachu Easytest Online Learning Test Platform - SQL Injection 8.7 2024-09-02
ZA-2024-09 CVE-2024-43776 Huachu Easytest Online Learning Test Platform - SQL Injection 8.7 2024-09-02
ZA-2024-11 CVE-2024-52958 iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature 9.3 2024-11-27
ZA-2024-12 CVE-2024-52959 iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection') 9.3 2024-11-27
ZA-2024-10 CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type 9.4 2024-12-19
ZA-2024-13 CVE-2024-12652 Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection') 9.3 2024-12-26
2023
ZA ID CVE Tittle CVSS Published
ZA-2023-01 CVE-2023-25131 CyberPower PowerPanel Business - Use of Default Password 9.4 2023-03-31
ZA-2023-02 CVE-2023-25132 CyberPower PowerPanel Business - Unrestricted Upload of File with Dangerous Type 9.1 2023-03-31
ZA-2023-03 CVE-2023-25133 CyberPower PowerPanel Business - Improper Privilege Management 9.1 2023-03-31
ZA-2023-04 CVE-2023-34207 EasyUse MailHunter Ultimate - Unrestricted Upload of File with Dangerous Type 9.9 2023-10-17
ZA-2023-05 CVE-2023-34208 EasyUse MailHunter Ultimate - Path Traversal 6.5 2023-10-17
ZA-2023-06 CVE-2023-34209 EasyUse MailHunter Ultimate - Exposure of Sensitive System Information to an Unauthorized Control Sphere 5.0 2023-10-17
ZA-2023-07 CVE-2023-34210 EasyUse MailHunter Ultimate - SQL Injection 7.7 2023-10-17
2022
ZA ID CVE Tittle CVSS Published
ZA-2022-01 CVE-2022-45796 SHARP Multifunction Printer - Command Injection 9.1 2022-12-16
2021
CVE Tittle CVSS Published
CVE-2021-44164 Chainsea - Arbitrary File Upload 9.8 2021-12-17
CVE-2021-44163 Chainsea - Reflected XSS 6.1 2021-12-17
CVE-2021-44162 Chainsea - Path Traversal 7.5 2021-12-17
CVE-2021-32535 QSAN SANOS - Use of Hard-coded Credentials 9.8 2021-07-07
CVE-2021-32534 QSAN SANOS - Command Injection 9.8 2021-07-07
CVE-2021-32533 QSAN SANOS - Command Injection 9.8 2021-07-07
CVE-2021-32532 QSAN XEVO - Path Traversal 7.5 2021-07-07
CVE-2021-32531 QSAN XEVO - Command Injection Following via Init function 9.8 2021-07-07
CVE-2021-32530 QSAN XEVO - Command Injection Following via Array function 9.8 2021-07-07
CVE-2021-32529 QSAN XEVO, SANOS - Command Injection -1 9.8 2021-07-07
CVE-2021-32528 QSAN Storage Manager - Exposure of Sensitive Information to an Unauthorized Actor 5.3 2021-07-07
CVE-2021-32527 QSAN Storage Manager - Path Traversal-2 7.5 2021-07-07
CVE-2021-32526 QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource 6.5 2021-07-07
CVE-2021-32525 QSAN Storage Manager - Use of Hard-coded Password-2 9.1 2021-07-07
CVE-2021-32524 QSAN Storage Manager - Command Injection-3 9.1 2021-07-07
CVE-2021-32523 QSAN Storage Manager - Improper Authorization 9.1 2021-07-07
CVE-2021-32522 QSAN Storage Manager, XEVO, SANOS - Improper Restriction of Excessive Authentication Attempts 9.8 2021-07-07
CVE-2021-32521 QSAN Storage Manager, XEVO, SANOS- Use of Hard-coded Password 7.3 2021-07-07
CVE-2021-32520 QSAN Storage Manager - Use of Hard-coded Cryptographic Key 9.8 2021-07-07
CVE-2021-32519 QSAN Storage Manager, XEVO, SANOS - Use of Password Hash With Insufficient Computational Effort 9.8 2021-07-07
CVE-2021-32518 QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following 7.5 2021-07-07
CVE-2021-32517 QSAN Storage Manager - Improper Access Control 7.5 2021-07-07
CVE-2021-32516 QSAN Storage Manager - Path Traversal 7.5 2021-07-07
CVE-2021-32515 QSAN Storage Manager - Exposure of Information Through Directory Listing 5.3 2021-07-07
CVE-2021-32514 QSAN Storage Manager - Improper Access Control Following via FirwareUpgrade function 7.5 2021-07-07
CVE-2021-32513 QSAN Storage Manager - Command Injection Following via QsanTorture function 9.8 2021-07-07
CVE-2021-32512 QSAN Storage Manager - Command Injection Following via QuickInstall function 9.8 2021-07-07
CVE-2021-32511 QSAN Storage Manager - Exposure of Information Through Directory Listing Following via ViewBroserList function 4.3 2021-07-07
CVE-2021-32510 QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function 4.3 2021-07-07
CVE-2021-32509 QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function 6.5 2021-07-07
CVE-2021-32508 QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function 6.5 2021-07-07
CVE-2021-32507 QSAN Storage Manager - Absolute Path Traversal via FileDownload function 6.5 2021-07-07
CVE-2021-32506 QSAN Storage Manager - Absolute Path Traversal via GetImage function 6.5 2021-07-07
CVE-2021-28799 QNAP Storage - Backdoor SID RCE 10.0 2021-05-12
CVE-2021-28798 QNAP Storage - Low privilege user write file RCE 8.8 2021-05-20
top