Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (32 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1134 1 Deltaww 1 Infrasuite Device Master 2025-01-16 7.1 High
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges.
CVE-2023-1142 1 Deltaww 1 Infrasuite Device Master 2025-01-16 7.5 High
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1136 1 Deltaww 1 Infrasuite Device Master 2025-01-16 9.8 Critical
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass.
CVE-2023-1141 1 Deltaww 1 Infrasuite Device Master 2025-01-16 8.8 High
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution.
CVE-2023-1140 1 Deltaww 1 Infrasuite Device Master 2025-01-16 9.8 Critical
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.
CVE-2023-1145 1 Deltaww 1 Infrasuite Device Master 2025-01-16 7.8 High
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1135 1 Deltaww 1 Infrasuite Device Master 2025-01-16 7.8 High
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.
CVE-2023-47207 1 Deltaww 1 Infrasuite Device Master 2024-11-21 9.8 Critical
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
CVE-2023-46690 1 Deltaww 1 Infrasuite Device Master 2024-11-21 8.8 High
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.
CVE-2023-39226 1 Deltaww 1 Infrasuite Device Master 2024-11-21 9.8 Critical
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
CVE-2023-34347 1 Deltaww 1 Infrasuite Device Master 2024-11-21 9.8 Critical
​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code.
CVE-2024-10456 1 Deltaww 1 Infrasuite Device Master 2024-11-01 9.8 Critical
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.