Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27332 1 Zammad 1 Zammad 2024-11-21 9.1 Critical
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
CVE-2022-27331 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
CVE-2022-27330 1 E-commerce Website Project 1 E-commerce Website 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
CVE-2022-27313 1 Gitea 1 Gitea 2024-11-21 7.5 High
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.
CVE-2022-27311 1 Gibbon Project 1 Gibbon 2024-11-21 9.8 Critical
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.
CVE-2022-27308 1 Phprojekt Phpsimplygest Project 1 Phprojekt Phpsimplygest 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.
CVE-2022-27305 1 Gibbonedu 1 Gibbon 2024-11-21 8.8 High
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
CVE-2022-27299 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
CVE-2022-27295 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
CVE-2022-27294 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
CVE-2022-27293 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
CVE-2022-27292 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter.
CVE-2022-27291 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter.
CVE-2022-27290 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.
CVE-2022-27289 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.
CVE-2022-27288 1 Dlink 2 Dir-619, Dir-619 Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.
CVE-2022-27287 1 Dlink 2 Dir-619 Ax, Dir-619 Ax Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.
CVE-2022-27286 1 Dlink 2 Dir-619 Ax, Dir-619 Ax Firmware 2024-11-21 7.5 High
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.
CVE-2022-27280 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 5.4 Medium
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi.
CVE-2022-27279 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 7.5 High
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0.