Export limit exceeded: 333455 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333455 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33012 | 1 Microweber | 1 Microweber | 2025-04-29 | 8.8 High |
| Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. | ||||
| CVE-2021-3919 | 1 Hp | 106 Command Center, Envy 13t-bd100, Envy 13z-ay100 and 103 more | 2025-04-29 | 9.8 Critical |
| A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability. | ||||
| CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2025-04-29 | 8.8 High |
| An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | ||||
| CVE-2020-23593 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 6.5 Medium |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port. | ||||
| CVE-2020-23592 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 8.8 High |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials. | ||||
| CVE-2020-23591 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 9.8 Critical |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor. | ||||
| CVE-2020-23590 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 6.5 Medium |
| A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp". | ||||
| CVE-2020-23589 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 6.5 Medium |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through " /mgm_dev_reboot.asp." | ||||
| CVE-2025-28035 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | 9.8 Critical |
| TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | ||||
| CVE-2025-28036 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2025-04-29 | 9.8 Critical |
| TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | ||||
| CVE-2025-28037 | 1 Totolink | 4 A810r, A810r Firmware, A950rg and 1 more | 2025-04-29 | 9.8 Critical |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter. | ||||
| CVE-2025-28038 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-04-29 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. | ||||
| CVE-2025-28039 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-04-29 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. | ||||
| CVE-2022-42001 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | ||||
| CVE-2022-24939 | 1 Silabs | 2 Gecko Software Development Kit, Zigbee Emberznet | 2025-04-29 | 5.7 Medium |
| A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. | ||||
| CVE-2022-0222 | 1 Schneider-electric | 28 Modicon M340 Bmxnoe0100, Modicon M340 Bmxnoe0100 Firmware, Modicon M340 Bmxnoe0110 and 25 more | 2025-04-29 | 7.5 High |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) | ||||
| CVE-2022-45210 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | ||||
| CVE-2022-45208 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | ||||
| CVE-2022-45207 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 9.8 Critical |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. | ||||
| CVE-2022-45206 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 9.8 Critical |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. | ||||