Export limit exceeded: 80179 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80179 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29014 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. | ||||
| CVE-2022-29002 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | ||||
| CVE-2022-29001 | 1 Springbootmovie Project | 1 Springbootmovie | 2024-11-21 | 7.2 High |
| In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability | ||||
| CVE-2022-28999 | 1 Bloodshed | 1 Dev-c\+\+ | 2024-11-21 | 8.8 High |
| Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. | ||||
| CVE-2022-28998 | 1 Xlightftpd | 1 Xlight Ftp | 2024-11-21 | 8.1 High |
| Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. | ||||
| CVE-2022-28997 | 1 Cszcms | 1 Cszcms | 2024-11-21 | 7.5 High |
| CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | ||||
| CVE-2022-28992 | 1 Phpgurukul | 1 Online Banquet Booking System | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. | ||||
| CVE-2022-28991 | 1 Bdtask | 1 Multi Store Inventory Management System | 2024-11-21 | 7.5 High |
| Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. | ||||
| CVE-2022-28990 | 1 Wasm3 Project | 1 Wasm3 | 2024-11-21 | 7.8 High |
| WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. | ||||
| CVE-2022-28986 | 1 Lmsdoctor | 1 2 Factor Authentication | 2024-11-21 | 7.5 High |
| LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts. | ||||
| CVE-2022-28973 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2022-28972 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2022-28971 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2022-28970 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2022-28969 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-11-21 | 7.5 High |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2022-28964 | 1 Avast | 1 Premium Security | 2024-11-21 | 7.1 High |
| An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. | ||||
| CVE-2022-28961 | 1 Spip | 1 Spip | 2024-11-21 | 8.8 High |
| Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | ||||
| CVE-2022-28960 | 1 Spip | 1 Spip | 2024-11-21 | 8.8 High |
| A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | ||||
| CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 7.5 High |
| An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | ||||
| CVE-2022-28948 | 3 Netapp, Redhat, Yaml Project | 4 Astra Trident, Cryostat, Openshift Devspaces and 1 more | 2024-11-21 | 7.5 High |
| An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. | ||||