| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-0352 | Cross-site Scripting (XSS) - Reflected in janeczku/calibre-web | janeczku | janeczku/calibre-web | 中危 | - | 2022-01-28 21:29:15 | Deep Dive |
| CVE-2021-41807 | Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts. | M-Files | M-Files Server | High | 7.5 | 2022-01-18 16:51:51 | Deep Dive |
| CVE-2021-4164 | Cross-Site Request Forgery (CSRF) in janeczku/calibre-web | janeczku | janeczku/calibre-web | 高危 | - | 2022-01-17 12:35:10 | Deep Dive |
| CVE-2021-4171 | Business Logic Errors in janeczku/calibre-web | janeczku | janeczku/calibre-web | 高危 | - | 2022-01-17 09:45:10 | Deep Dive |
| CVE-2021-4170 | Cross-site Scripting (XSS) - Stored in janeczku/calibre-web | janeczku | janeczku/calibre-web | 高危 | - | 2022-01-16 20:55:10 | Deep Dive |
| CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability | Microsoft | Microsoft SharePoint Enterprise Server 2016 | High | 8.8 | 2022-01-11 20:22:19 | Deep Dive |
| CVE-2021-35232 | Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries | SolarWinds | Web Help Desk | Medium | 6.8 | 2021-12-27 18:48:18 | Deep Dive |
| CVE-2021-35243 | HTTP PUT & DELETE Methods Enabled | SolarWinds | Web Help Desk | Medium | 5.3 | 2021-12-23 19:48:35 | Deep Dive |
| CVE-2021-43256 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft | Office Online Server | High | 7.8 | 2021-12-15 14:15:29 | Deep Dive |
| CVE-2021-38891 | IBM Sterling Connect:Direct 加密问题漏洞 | IBM | Connect:Direct Web Services | 高危 | - | 2021-11-23 19:15:35 | Deep Dive |
| CVE-2021-38890 | IBM Sterling Connect:Direct 安全漏洞 | IBM | Connect:Direct Web Services | 高危 | - | 2021-11-23 19:15:33 | Deep Dive |
| CVE-2021-40831 | Missing SNI validation and inconsistent CA override function behavior within AWS IoT Device SDKs on Apple devices | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:19 | Deep Dive |
| CVE-2021-40830 | Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:18 | Deep Dive |
| CVE-2021-40829 | TLS hostname validation issues within AWS IoT Device SDKs on macOS | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:17 | Deep Dive |
| CVE-2021-40828 | TLS hostname validation issues within AWS IoT Device SDKs on Windows | Amazon Web Services | AWS IoT Device SDK v2 for Java | Medium | 6.3 | 2021-11-22 23:41:16 | Deep Dive |
| CVE-2021-43549 | OSIsoft PI Web API | OSIsoft | PI Web API | Medium | 6.9 | 2021-11-18 14:18:49 | Deep Dive |
| CVE-2021-40442 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | High | 7.8 | 2021-11-10 00:46:31 | Deep Dive |
| CVE-2021-2474 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Web Analytics | High | 8.1 | 2021-10-20 10:49:39 | Deep Dive |
| CVE-2021-24752 | Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change | CatchThemes | Essential Widgets | 中危 | - | 2021-10-18 13:46:10 | Deep Dive |
| CVE-2021-41132 | Inconsistent input sanitisation leads to XSS vectors | ome | omero-web | Critical | 9.8 | 2021-10-14 15:45:12 | Deep Dive |