Search Results (363401 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28927 1 Subconverter Project 1 Subconverter 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.
CVE-2022-28924 1 Universis 1 Universis-students 2024-11-21 6.5 Medium
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
CVE-2022-28921 1 Blogengine 1 Blogengine.net 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.
CVE-2022-28920 1 Moecraft 1 Tieba-cloud-sign 2024-11-21 4.8 Medium
Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.
CVE-2022-28919 2 Dokuwiki, Fedoraproject 2 Dokuwiki, Fedora 2024-11-21 6.1 Medium
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
CVE-2022-28918 1 Njtech 1 Greencms 2024-11-21 8.1 High
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.
CVE-2022-28917 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 High
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.
CVE-2022-28915 1 Dlink 2 Dir-816, Dir-816 Firmware 2024-11-21 9.8 Critical
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.
CVE-2022-28913 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.
CVE-2022-28912 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.
CVE-2022-28911 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.
CVE-2022-28910 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.
CVE-2022-28909 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.
CVE-2022-28908 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.
CVE-2022-28907 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.
CVE-2022-28906 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.
CVE-2022-28905 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.
CVE-2022-28901 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 9.8 Critical
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28896 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 9.8 Critical
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.
CVE-2022-28895 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 9.8 Critical
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.