8.7
CVE-2021-47718 - OpenBMCS Directory Listing Information Disclosure
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system infoβ¦
6.9
CVE-2021-47717 - IntelliChoice eFORCE Software Suite Username Enumeration
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
8.7
CVE-2021-47710 - COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request toβ¦
2.4
CVE-2025-13743 - Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
8.7
CVE-2021-47709 - COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
5.5
CVE-2025-64896 - Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-37β¦
Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipβ¦
9.3
CVE-2021-47708 - COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate datβ¦
9.3
CVE-2021-47707 - COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
8.7
CVE-2021-47706 - COMMAX Biometric Access Control System Authentication Bypass
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authβ¦
8.7
CVE-2021-47705 - CNC_Ctrl DllUnregisterServer Access Violation
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corrβ¦