Search Results (365367 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-47186 1 Generex 3 Cs141, Cs141 Firmware, Ups-cs141 2024-11-21 7.5 High
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
CVE-2022-47175 1 Royal-elementor-addons 1 Royal Elementor Addons 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
CVE-2022-47172 1 Hasthemes 1 Woolentor - Woocommerce Elementor Addons \+ Builder 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
CVE-2022-47169 1 Staxwp 1 Visibility Logic For Elementor 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.
CVE-2022-47140 1 Reputeinfosystems 1 Armember 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.1 versions.
CVE-2022-47132 1 Creativeitem 1 Academy Lms 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
CVE-2022-47085 1 Ostree Project 1 Ostree 2024-11-21 7.5 High
An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.
CVE-2022-47083 1 Spitfire Project 1 Spitfire 2024-11-21 8.8 High
A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.
CVE-2022-47065 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-47022 1 Open-mpi 1 Hwloc 2024-11-21 4.7 Medium
An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.
CVE-2022-47011 1 Gnu 1 Binutils 2024-11-21 5.5 Medium
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVE-2022-47010 1 Gnu 1 Binutils 2024-11-21 5.5 Medium
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVE-2022-47008 1 Gnu 1 Binutils 2024-11-21 5.5 Medium
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVE-2022-47007 1 Gnu 1 Binutils 2024-11-21 5.5 Medium
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
CVE-2022-47002 1 Masacms 1 Masacms 2024-11-21 9.8 Critical
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.
CVE-2022-46966 1 Revenue Collection System Project 1 Revenue Collection System 2024-11-21 9.8 Critical
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.
CVE-2022-46902 1 Vocera 2 Report Server, Voice Server 2024-11-21 6.3 Medium
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.
CVE-2022-46901 1 Vocera 2 Report Server, Voice Server 2024-11-21 7.5 High
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.
CVE-2022-46900 1 Vocera 2 Report Server, Voice Server 2024-11-21 6.5 Medium
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.
CVE-2022-46899 1 Vocera 2 Report Server, Voice Server 2024-11-21 7.5 High
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter.