2.4
CVE-2025-13743 - Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
8.7
CVE-2021-47709 - COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
5.5
CVE-2025-64896 - Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-37β¦
Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipβ¦
9.3
CVE-2021-47708 - COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate datβ¦
9.3
CVE-2021-47707 - COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
8.7
CVE-2021-47706 - COMMAX Biometric Access Control System Authentication Bypass
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authβ¦
8.7
CVE-2021-47705 - CNC_Ctrl DllUnregisterServer Access Violation
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corrβ¦
8.7
CVE-2021-47704 - OpenBMCS SQL Injection via obix_test.php
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.
6.9
CVE-2021-47703 - OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' pβ¦
5.3
CVE-2021-47702 - OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.