Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31466 1 Quickheal 1 Total Security 2024-11-21 7.9 High
Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
CVE-2022-31464 1 Adaware 1 Protect 2024-11-21 7.8 High
Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path.
CVE-2022-31463 1 Owllabs 2 Meeting Owl Pro, Meeting Owl Pro Firmware 2024-11-21 8.2 High
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.
CVE-2022-31462 1 Owllabs 2 Meeting Owl Pro, Meeting Owl Pro Firmware 2024-11-21 9.3 Critical
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.
CVE-2022-31461 1 Owllabs 2 Meeting Owl Pro, Meeting Owl Pro Firmware 2024-11-21 7.4 High
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.
CVE-2022-31460 1 Owllabs 2 Meeting Owl Pro, Meeting Owl Pro Firmware 2024-11-21 7.4 High
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.
CVE-2022-31459 1 Owllabs 2 Meeting Owl Pro, Meeting Owl Pro Firmware 2024-11-21 7.4 High
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.
CVE-2022-31458 1 Rtx Trap Project 1 Rtx Trap 2024-11-21 6.1 Medium
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.
CVE-2022-31457 1 Rtx Trap Project 1 Rtx Trap 2024-11-21 7.5 High
RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/.
CVE-2022-31456 1 Truedesk 1 Truedesk 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter.
CVE-2022-31455 1 Truedesk 1 Truedesk 2024-11-21 6.1 Medium
* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box.
CVE-2022-31454 1 Yiiframework 1 Yii 2024-11-21 6.1 Medium
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2.
CVE-2022-31447 1 Magicpin 1 Magicpin 2024-11-21 7.5 High
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.
CVE-2022-31446 1 Tendacn 2 Ac18, Ac18 Firmware 2024-11-21 9.8 Critical
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
CVE-2022-31415 1 Online Fire Reporting System Project 1 Online Fire Reporting System 2024-11-21 6.5 Medium
Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.
CVE-2022-31403 1 Combodo 1 Itop 2024-11-21 6.1 Medium
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
CVE-2022-31402 1 Combodo 1 Itop 2024-11-21 6.1 Medium
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.
CVE-2022-31400 1 Helpdeskz 1 Helpdeskz 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field.
CVE-2022-31398 1 Helpdeskz 1 Helpdeskz 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field.
CVE-2022-31395 1 Algosolutions 2 8373 Ip Zone Paging Adapter, 8373 Ip Zone Paging Adapter Firmware 2024-11-21 8.8 High
Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua.