Search Results (364922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28590 1 Pixelimity 1 Pixelimity 2024-11-21 7.2 High
A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.
CVE-2022-28589 1 Pixelimity 1 Pixelimity 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new
CVE-2022-28588 1 Springbootmovie Project 1 Springbootmovie 2024-11-21 5.4 Medium
In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS.
CVE-2022-28586 1 Hoosk 1 Hoosk 2024-11-21 6.1 Medium
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
CVE-2022-28585 1 Phome 1 Empirecms 2024-11-21 9.8 Critical
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
CVE-2022-28584 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28583 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28582 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28581 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28580 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28579 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28578 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28577 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28575 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
CVE-2022-28573 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.
CVE-2022-28572 1 Tenda 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more 2024-11-21 8.8 High
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
CVE-2022-28571 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 9.8 Critical
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.
CVE-2022-28568 1 Simple Doctor\'s Appointment System Project 1 Simple Doctor\'s Appointment System 2024-11-21 9.8 Critical
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.
CVE-2022-28561 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 9.8 Critical
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVE-2022-28560 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload