Search Results (364837 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29735 1 Deltacontrols 2 Entelitouch, Entelitouch Firmware 2024-11-21 8.8 High
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2022-29734 1 Ict 2 Protege Gx, Protege Wx 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
CVE-2022-29733 1 Deltacontrols 2 Entelitouch, Entelitouch Firmware 2024-11-21 5.9 Medium
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.
CVE-2022-29732 1 Deltacontrols 2 Entelitouch, Entelitouch Firmware 2024-11-21 6.1 Medium
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-29731 1 Ict 4 Protege Gx, Protege Gx Firmware, Protege Wx and 1 more 2024-11-21 4.3 Medium
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.
CVE-2022-29730 1 Usr 10 Usr-g800v2, Usr-g800v2 Firmware, Usr-g806 and 7 more 2024-11-21 9.8 Critical
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
CVE-2022-29729 1 Verizon 2 4g Lte Network Extender, 4g Lte Network Extender Firmware 2024-11-21 7.5 High
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.
CVE-2022-29728 1 Surveysparrow 1 Enterprise Survey Software 2024-11-21 6.1 Medium
Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter.
CVE-2022-29727 1 Surveysparrow 1 Enterprise Survey Software 2024-11-21 5.4 Medium
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
CVE-2022-29725 1 Creatiwity 1 Witycms 2024-11-21 8.8 High
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-29721 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
CVE-2022-29720 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.
CVE-2022-29718 1 Caddyserver 1 Caddy 2024-11-21 6.1 Medium
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
CVE-2022-29712 1 Librenms 1 Librenms 2024-11-21 9.8 Critical
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
CVE-2022-29711 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
CVE-2022-29710 1 Limesurvey 1 Limesurvey 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
CVE-2022-29709 1 Communilink 1 Clink Office 2024-11-21 7.5 High
CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters.
CVE-2022-29704 1 Browsbox 1 Brows Box 2024-11-21 9.8 Critical
BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.
CVE-2022-29701 1 Zammad 1 Zammad 2024-11-21 7.5 High
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVE-2022-29700 1 Zammad 1 Zammad 2024-11-21 7.5 High
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.