Export limit exceeded: 333853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333853 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41496 | 1 Idreamsoft | 1 Icms | 2025-05-15 | 9.8 Critical |
| iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | ||||
| CVE-2022-41495 | 1 Clippercms | 1 Clippercms | 2025-05-15 | 9.8 Critical |
| ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | ||||
| CVE-2022-41489 | 1 Wayos | 12 Lq-04, Lq-04 Firmware, Lq-05 and 9 more | 2025-05-15 | 8.1 High |
| WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm. | ||||
| CVE-2022-41485 | 1 Tenda | 3 Ac6, Ac6 Firmware, Ac6v2.0 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2022-41484 | 1 Tenda | 2 Ap500, Ap500v1 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2022-41483 | 1 Tenda | 2 Ac6, Ac6v2.0 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2022-41482 | 1 Tenda | 2 Ac6, Ac6v2.0 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2022-41481 | 1 Tenda | 2 Ac6, Ac6v2.0 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2022-41480 | 1 Tenda | 2 Ac6, Ac6v2.0 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2022-41479 | 1 Devexpress | 1 Asp.net Web Forms Controls | 2025-05-15 | 7.5 High |
| The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code. NOTE: the vendor disputes this because the retrieved source code is only the DevExpress client-side application code that is, of course, intentionally readable by web browsers (a site's custom code and data is never accessible via an IDOR approach). | ||||
| CVE-2022-38902 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-15 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic. | ||||
| CVE-2022-37208 | 1 Jflyfox | 1 Jfinal Cms | 2025-05-15 | 8.8 High |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | ||||
| CVE-2022-35612 | 1 Bevywise | 1 Mqttroute | 2025-05-15 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. | ||||
| CVE-2022-35611 | 1 Bevywise | 1 Mqttroute | 2025-05-15 | 4.3 Medium |
| A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. | ||||
| CVE-2022-35136 | 1 Boodskap | 1 Iot Platform | 2025-05-15 | 6.5 Medium |
| Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. | ||||
| CVE-2022-35135 | 1 Boodskap | 1 Iot Platform | 2025-05-15 | 8.8 High |
| Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | ||||
| CVE-2022-35134 | 1 Boodskap | 1 Iot Platform | 2025-05-15 | 5.4 Medium |
| Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-35081 | 1 Swftools | 1 Swftools | 2025-05-15 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c. | ||||
| CVE-2022-35080 | 1 Swftools | 1 Swftools | 2025-05-15 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. | ||||
| CVE-2022-35050 | 1 Otfcc Project | 1 Otfcc | 2025-05-15 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de. | ||||