Export limit exceeded: 10065 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333444 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28038 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-04-29 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. | ||||
| CVE-2025-28039 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-04-29 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. | ||||
| CVE-2022-42001 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | ||||
| CVE-2022-24939 | 1 Silabs | 2 Gecko Software Development Kit, Zigbee Emberznet | 2025-04-29 | 5.7 Medium |
| A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | ||||
| CVE-2022-0222 | 1 Schneider-electric | 28 Modicon M340 Bmxnoe0100, Modicon M340 Bmxnoe0100 Firmware, Modicon M340 Bmxnoe0110 and 25 more | 2025-04-29 | 7.5 High |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) | ||||
| CVE-2022-45210 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | ||||
| CVE-2022-45208 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | ||||
| CVE-2022-45207 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 9.8 Critical |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. | ||||
| CVE-2022-45206 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 9.8 Critical |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. | ||||
| CVE-2022-45205 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 5.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. | ||||
| CVE-2022-45193 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2025-04-29 | 5.9 Medium |
| CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | ||||
| CVE-2022-45152 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-04-29 | 9.1 Critical |
| A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | ||||
| CVE-2022-44860 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. | ||||
| CVE-2022-44859 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. | ||||
| CVE-2022-44858 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. | ||||
| CVE-2022-44844 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-29 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | ||||
| CVE-2022-44843 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-29 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | ||||
| CVE-2022-44725 | 1 Opcfoundation | 1 Local Discovery Server | 2025-04-29 | 7.8 High |
| OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | ||||
| CVE-2022-44411 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2025-04-29 | 7.5 High |
| Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. | ||||
| CVE-2022-44403 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. | ||||