Export limit exceeded: 349883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80244 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80244 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30571 | 1 Tibco | 1 Iway Service Manager | 2024-11-21 | 8.1 High |
| The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below. | ||||
| CVE-2022-30563 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 7.4 High |
| When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. | ||||
| CVE-2022-30560 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 7.4 High |
| When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. | ||||
| CVE-2022-30557 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 7.5 High |
| Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. | ||||
| CVE-2022-30551 | 1 Opcfoundation | 1 Ua-java | 2024-11-21 | 7.5 High |
| OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | ||||
| CVE-2022-30549 | 1 Fujielectric | 1 V-server | 2024-11-21 | 7.8 High |
| Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||
| CVE-2022-30546 | 1 Fujielectric | 1 Monitouch V-sft | 2024-11-21 | 7.8 High |
| Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||
| CVE-2022-30538 | 1 Fujielectric | 1 Monitouch V-sft | 2024-11-21 | 7.8 High |
| Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | ||||
| CVE-2022-30526 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | ||||
| CVE-2022-30524 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 7.8 High |
| There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2022-30523 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 7.8 High |
| Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. | ||||
| CVE-2022-30522 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2024-11-21 | 7.5 High |
| If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | ||||
| CVE-2022-30496 | 1 Mv | 1 Idce | 2024-11-21 | 7.5 High |
| SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information. | ||||
| CVE-2022-30475 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 7.5 High |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | ||||
| CVE-2022-30473 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | 7.5 High |
| Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | ||||
| CVE-2022-30469 | 1 Afian | 1 Filerun | 2024-11-21 | 8.8 High |
| In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | ||||
| CVE-2022-30463 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 8.8 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | ||||
| CVE-2022-30459 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2024-11-21 | 8.8 High |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | ||||
| CVE-2022-30452 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 7.2 High |
| ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php | ||||
| CVE-2022-30451 | 1 Waimairencms Project | 1 Waimairencms | 2024-11-21 | 8.8 High |
| An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. | ||||