Search Results (363307 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32449 1 Totolink 2 Ex300 V2, Ex300 V2 Firmware 2024-11-21 9.8 Critical
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
CVE-2022-32444 1 Yuba 1 U5cms 2024-11-21 6.1 Medium
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.
CVE-2022-32442 1 Yuba 1 U5cms 2024-11-21 6.1 Medium
u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause html injection.
CVE-2022-32441 1 Hex-rays 1 Ida 2024-11-21 5.5 Medium
A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056.
CVE-2022-32434 1 Opener Project 1 Opener 2024-11-21 7.8 High
EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d.
CVE-2022-32433 1 Advanced School Management System Project 1 Advanced School Management System 2024-11-21 7.2 High
itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php.
CVE-2022-32430 1 Talelin 1 Lin-cms-spring-boot 2024-11-21 7.5 High
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
CVE-2022-32429 1 Megatech 2 Msnswitch, Msnswitch Firmware 2024-11-21 9.8 Critical
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.
CVE-2022-32425 1 Mealie 1 Mealie 2024-11-21 5.3 Medium
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.
CVE-2022-32420 1 College Management System Project 1 College Management System 2024-11-21 8.8 High
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.
CVE-2022-32417 1 Pbootcms 1 Pbootcms 2024-11-21 9.8 Critical
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
CVE-2022-32416 1 Product Show Room Site Project 1 Product Show Room Site 2024-11-21 7.2 High
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.
CVE-2022-32415 1 Product Show Room Site Project 1 Product Show Room Site 2024-11-21 8.8 High
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.
CVE-2022-32414 1 F5 1 Njs 2024-11-21 5.5 Medium
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
CVE-2022-32413 1 Dice Project 1 Dice 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-32412 1 Hongcms Project 1 Hongcms 2024-11-21 7.2 High
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32411 1 Hongcms Project 1 Hongcms 2024-11-21 7.2 High
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32409 1 Softwarepublico 1 I3geo 2024-11-21 9.8 Critical
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
CVE-2022-32406 1 Gtkradiant Project 1 Gtkradiant 2024-11-21 5.5 Medium
GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file.
CVE-2022-32405 1 Prison Management System Project 1 Prison Management System 2024-11-21 8.8 High
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4