Total
291501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45330 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | 7.5 High |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-44808 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-04-25 | 9.8 Critical |
| A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability. | ||||
| CVE-2022-44252 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | ||||
| CVE-2022-44251 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | ||||
| CVE-2022-44250 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | ||||
| CVE-2022-44249 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | 9.8 Critical |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | ||||
| CVE-2022-44139 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2025-04-25 | 9.8 Critical |
| Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | ||||
| CVE-2022-44120 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-25 | 9.8 Critical |
| dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | ||||
| CVE-2022-42985 | 1 Scratch-wiki | 1 Scratch Login | 2025-04-25 | 4.8 Medium |
| The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). | ||||
| CVE-2022-39833 | 1 Filecloud | 1 Filecloud | 2025-04-25 | 7.2 High |
| FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | ||||
| CVE-2022-38753 | 1 Microfocus | 1 Netiq Advanced Authentication | 2025-04-25 | 6.3 Medium |
| This update resolves a multi-factor authentication bypass attack | ||||
| CVE-2022-38147 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | ||||
| CVE-2022-38145 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. | ||||
| CVE-2022-37772 | 1 Maarch | 1 Maarch Rm | 2025-04-25 | 7.5 High |
| Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts. | ||||
| CVE-2022-37430 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | ||||
| CVE-2022-37429 | 1 Silverstripe | 1 Framework | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | ||||
| CVE-2022-37421 | 1 Silverstripe | 1 Silverstripe | 2025-04-25 | 5.4 Medium |
| Silverstripe silverstripe/cms through 4.11.0 allows XSS. | ||||
| CVE-2022-36784 | 1 Elsight | 2 Halo, Halo Firmware | 2025-04-25 | 9.8 Critical |
| Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. | ||||
| CVE-2022-36337 | 1 Insyde | 1 Kernel | 2025-04-25 | 8.2 High |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. | ||||
| CVE-2021-3942 | 1 Hp | 5400 Color Laserjet Cm4540 Mfp Cc419a, Color Laserjet Cm4540 Mfp Cc419a Firmware, Color Laserjet Cm4540 Mfp Cc420a and 5397 more | 2025-04-25 | 9.8 Critical |
| Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. | ||||