Search Results (363285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27276 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet.
CVE-2022-27275 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet.
CVE-2022-27274 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet.
CVE-2022-27273 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet.
CVE-2022-27272 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet.
CVE-2022-27271 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet.
CVE-2022-27270 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet.
CVE-2022-27269 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet.
CVE-2022-27268 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet.
CVE-2022-27263 1 Strapi 1 Strapi 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-27262 1 Sailsjs 1 Skipper 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-27261 1 Express-fileupload Project 1 Express-fileupload 2024-11-21 7.5 High
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.
CVE-2022-27260 1 Buttercms 1 Buttercms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2022-27258 1 Hubzilla 1 Hubzilla 2024-11-21 6.1 Medium
Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter.
CVE-2022-27257 1 Hubzilla 1 Hubzilla 2024-11-21 7.5 High
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.
CVE-2022-27256 1 Hubzilla 1 Hubzilla 2024-11-21 6.1 Medium
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.
CVE-2022-27255 1 Realtek 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more 2024-11-21 9.8 Critical
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
CVE-2022-27254 1 Honda 2 Civic 2018, Civic 2018 Firmware 2024-11-21 5.3 Medium
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
CVE-2022-27250 1 Unisoc 1 Unisoc Chipset 2024-11-21 9.8 Critical
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.
CVE-2022-27249 1 Idearespa 1 Reftree 2024-11-21 8.8 High
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.