Search Results (363654 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28956 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 9.8 Critical
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
CVE-2022-28955 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 7.5 High
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
CVE-2022-28948 3 Netapp, Redhat, Yaml Project 4 Astra Trident, Cryostat, Openshift Devspaces and 1 more 2024-11-21 7.5 High
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
CVE-2022-28946 1 Openpolicyagent 1 Open Policy Agent 2024-11-21 7.5 High
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
CVE-2022-28945 1 Webbank 1 Webcube 2024-11-21 9.8 Critical
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.
CVE-2022-28944 2 Emcosoftware, Microsoft 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more 2024-11-21 8.8 High
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ΒΆΒΆ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.
CVE-2022-28940 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 7.5 High
In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.
CVE-2022-28937 1 Fisco-bcos 1 Fisco-bcos 2024-11-21 7.5 High
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.
CVE-2022-28936 1 Fisco-bcos 1 Fisco-bcos 2024-11-21 7.5 High
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.
CVE-2022-28935 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 7.2 High
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.
CVE-2022-28932 1 Dlink 2 Dsl-g2452dg, Dsl-g2452dg Firmware 2024-11-21 9.8 Critical
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
CVE-2022-28930 1 Erp-pro Project 1 Erp-pro 2024-11-21 9.8 Critical
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..
CVE-2022-28929 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
CVE-2022-28927 1 Subconverter Project 1 Subconverter 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.
CVE-2022-28924 1 Universis 1 Universis-students 2024-11-21 6.5 Medium
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.
CVE-2022-28921 1 Blogengine 1 Blogengine.net 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.
CVE-2022-28920 1 Moecraft 1 Tieba-cloud-sign 2024-11-21 4.8 Medium
Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.
CVE-2022-28919 2 Dokuwiki, Fedoraproject 2 Dokuwiki, Fedora 2024-11-21 6.1 Medium
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
CVE-2022-28918 1 Njtech 1 Greencms 2024-11-21 8.1 High
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.
CVE-2022-28917 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 High
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.