Search Results (363504 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27969 1 Cynet 1 Cynet 360 2024-11-21 5.3 Medium
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.
CVE-2022-27968 1 Cynet 1 Cynet 360 2024-11-21 5.3 Medium
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles.
CVE-2022-27967 1 Cynet 1 Cynet 360 2024-11-21 5.3 Medium
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles.
CVE-2022-27966 2 Microsoft, Netsarang 2 Windows, Xshell 2024-11-21 6.5 Medium
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27965 2 Microsoft, Netsarang 2 Windows, Xlpd 2024-11-21 6.5 Medium
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27964 2 Microsoft, Netsarang 2 Windows, Xmanager 2024-11-21 6.5 Medium
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27963 2 Microsoft, Netsarang 2 Windows, Xftp 2024-11-21 6.5 Medium
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-27962 1 Bluecms Project 1 Bluecms 2024-11-21 9.8 Critical
Bluecms 1.6 has a SQL injection vulnerability at cooike.
CVE-2022-27961 1 Ofcms Project 1 Ofcms 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
CVE-2022-27960 1 Ofcms Project 1 Ofcms 2024-11-21 5.4 Medium
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.
CVE-2022-27958 1 Febs-security Project 1 Febs-security 2024-11-21 5.4 Medium
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information.
CVE-2022-27952 1 Payloadcms 1 Payload 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2022-27950 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2024-11-21 5.5 Medium
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.
CVE-2022-27948 1 Tesla 6 Model 3, Model 3 Firmware, Model S and 3 more 2024-11-21 7.2 High
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended
CVE-2022-27947 1 Netgear 2 R8500, R8500 Firmware 2024-11-21 8.8 High
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
CVE-2022-27946 1 Netgear 2 R8500, R8500 Firmware 2024-11-21 8.8 High
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
CVE-2022-27945 1 Netgear 2 R8500, R8500 Firmware 2024-11-21 8.8 High
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
CVE-2022-27944 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2024-11-21 7.5 High
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
CVE-2022-27943 2 Fedoraproject, Gnu 2 Fedora, Gcc 2024-11-21 5.5 Medium
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
CVE-2022-27942 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-11-21 7.8 High
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.