Export limit exceeded: 350687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80635 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80635 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 8.8 High |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | ||||
| CVE-2022-37189 | 1 Ddmal | 1 Mei2volpiano | 2024-11-21 | 7.5 High |
| DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input. | ||||
| CVE-2022-37185 | 1 Ems Project | 1 Ems | 2024-11-21 | 7.5 High |
| SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage. | ||||
| CVE-2022-37184 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 8.8 High |
| The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | ||||
| CVE-2022-37178 | 1 72crm | 1 Wukong Crm | 2024-11-21 | 8.8 High |
| An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar. | ||||
| CVE-2022-37177 | 1 Hirevue | 1 Hiring Platform | 2024-11-21 | 7.5 High |
| HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption. | ||||
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2024-11-21 | 7.8 High |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | ||||
| CVE-2022-37172 | 1 Msys2 | 1 Msys2 | 2024-11-21 | 7.8 High |
| Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | ||||
| CVE-2022-37151 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | 7.5 High |
| There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | ||||
| CVE-2022-37145 | 1 Plextrac | 1 Plextrac | 2024-11-21 | 7.5 High |
| The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider. | ||||
| CVE-2022-37144 | 1 Plextrac | 1 Plextrac | 2024-11-21 | 8.8 High |
| The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user. | ||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2024-11-21 | 8.0 High |
| PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file. | ||||
| CVE-2022-37133 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 7.5 High |
| D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. | ||||
| CVE-2022-37129 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | ||||
| CVE-2022-37123 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 8.8 High |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | ||||
| CVE-2022-37122 | 1 Carel | 4 Applica, Pcoweb Card, Pcoweb Card Firmware and 1 more | 2024-11-21 | 7.5 High |
| Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. | ||||
| CVE-2022-37108 | 1 Securonix | 1 Snypr | 2024-11-21 | 8.7 High |
| An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner. | ||||
| CVE-2022-37084 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. | ||||
| CVE-2022-37083 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. | ||||
| CVE-2022-37082 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. | ||||