Search Results (362966 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25125 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
CVE-2022-25115 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 7.8 High
A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.
CVE-2022-25114 1 Event Management Project 1 Event Management 2024-11-21 6.1 Medium
Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php.
CVE-2022-25108 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2024-11-21 5.5 Medium
Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation.
CVE-2022-25106 1 Dlink 4 Dir-859, Dir-859 A3, Dir-859 A3 Firmware and 1 more 2024-11-21 5.5 Medium
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.
CVE-2022-25104 1 Horizontcms Project 1 Horizontcms 2024-11-21 7.5 High
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.
CVE-2022-25101 1 Wbce 1 Wbce Cms 2024-11-21 7.8 High
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25099 1 Wbce 1 Wbce Cms 2024-11-21 7.8 High
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25098 1 Ectouch 1 Ectouch 2024-11-21 9.1 Critical
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.
CVE-2022-25096 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
CVE-2022-25095 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
CVE-2022-25094 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 8.8 High
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
CVE-2022-25090 1 Kofax 1 Printix 2024-11-21 8.1 High
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.
CVE-2022-25089 1 Kofax 1 Printix 2024-11-21 9.8 Critical
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.
CVE-2022-25084 1 Totolink 2 T6, T6 Firmware 2024-11-21 9.8 Critical
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25083 1 Totolink 2 A860r, A860r Firmware 2024-11-21 9.8 Critical
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25082 1 Totolink 2 A950rg, A950rg Firmware 2024-11-21 9.8 Critical
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25081 1 Totolink 2 T10 V2, T10 V2 Firmware 2024-11-21 9.8 Critical
TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25080 1 Totolink 2 A830r, A830r Firmware 2024-11-21 9.8 Critical
TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25079 1 Totolink 1 A810r Firmware 2024-11-21 9.8 Critical
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.