Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28936 1 Fisco-bcos 1 Fisco-bcos 2024-11-21 7.5 High
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.
CVE-2022-28935 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 7.2 High
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.
CVE-2022-28932 1 Dlink 2 Dsl-g2452dg, Dsl-g2452dg Firmware 2024-11-21 9.8 Critical
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
CVE-2022-28930 1 Erp-pro Project 1 Erp-pro 2024-11-21 9.8 Critical
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..
CVE-2022-28929 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
CVE-2022-28927 1 Subconverter Project 1 Subconverter 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.
CVE-2022-28924 1 Universis 1 Universis-students 2024-11-21 6.5 Medium
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
CVE-2022-28921 1 Blogengine 1 Blogengine.net 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.
CVE-2022-28920 1 Moecraft 1 Tieba-cloud-sign 2024-11-21 4.8 Medium
Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.
CVE-2022-28919 2 Dokuwiki, Fedoraproject 2 Dokuwiki, Fedora 2024-11-21 6.1 Medium
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
CVE-2022-28918 1 Njtech 1 Greencms 2024-11-21 8.1 High
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.
CVE-2022-28917 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 High
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.
CVE-2022-28915 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
CVE-2022-28913 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
CVE-2022-28912 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
CVE-2022-28911 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
CVE-2022-28910 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
CVE-2022-28909 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
CVE-2022-28908 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
CVE-2022-28907 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.