Export limit exceeded: 342065 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2927 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30780 | 1 Lighttpd | 1 Lighttpd | 2024-11-21 | 7.5 High |
| Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. | ||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2024-11-21 | 8.8 High |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | ||||
| CVE-2022-2733 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-2633 | 1 Plugins360 | 1 All-in-one Video Gallery | 2024-11-21 | 7.5 High |
| The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server. | ||||
| CVE-2022-2414 | 2 Dogtagpki, Redhat | 7 Dogtagpki, Certificate System, Enterprise Linux and 4 more | 2024-11-21 | 7.5 High |
| Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. | ||||
| CVE-2022-2314 | 1 Vr Calendar Project | 1 Vr Calendar | 2024-11-21 | 9.8 Critical |
| The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. | ||||
| CVE-2022-2185 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.9 Critical |
| A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution. | ||||
| CVE-2022-29847 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 7.5 High |
| In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | ||||
| CVE-2022-29298 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 7.5 High |
| SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | ||||
| CVE-2022-29153 | 2 Fedoraproject, Hashicorp | 2 Fedora, Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5. | ||||
| CVE-2022-29078 | 1 Ejs | 1 Ejs | 2024-11-21 | 9.8 Critical |
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | ||||
| CVE-2022-29014 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. | ||||
| CVE-2022-29013 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 9.8 Critical |
| A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2022-29009 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | ||||
| CVE-2022-29007 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | ||||
| CVE-2022-29006 | 1 Phpgurukul | 1 Directory Management System | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | ||||
| CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 7.5 High |
| An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | ||||
| CVE-2022-28219 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 9.8 Critical |
| Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | ||||
| CVE-2022-28171 | 1 Hikvision | 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more | 2024-11-21 | 7.5 High |
| The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. | ||||
| CVE-2022-28108 | 1 Selenium | 1 Selenium Grid | 2024-11-21 | 8.8 High |
| Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. | ||||