Search Results (363359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26290 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.
CVE-2022-26289 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.
CVE-2022-26285 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVE-2022-26284 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVE-2022-26281 1 Bigantsoft 1 Bigant Server 2024-11-21 7.5 High
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVE-2022-26279 1 Eyoucms 1 Eyoucms 2024-11-21 9.8 Critical
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVE-2022-26278 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
CVE-2022-26276 1 Onenav 1 Onenav 2024-11-21 5.3 Medium
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
CVE-2022-26273 1 Eyoucms 1 Eyoucms 2024-11-21 9.8 Critical
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
CVE-2022-26272 1 Ionizecms 1 Ionize 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.
CVE-2022-26271 1 74cms 1 74cms 2024-11-21 7.5 High
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.
CVE-2022-26269 1 Globalsuzuki 1 Suzuki Connect 2024-11-21 4.6 Medium
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.
CVE-2022-26268 1 Xiaohuanxiong Project 1 Xiaohuanxiong 2024-11-21 9.8 Critical
Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.
CVE-2022-26267 1 Piwigo 1 Piwigo 2024-11-21 7.5 High
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.
CVE-2022-26266 1 Piwigo 1 Piwigo 2024-11-21 8.8 High
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.
CVE-2022-26265 1 Contao 1 Contao 2024-11-21 9.8 Critical
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
CVE-2022-26263 1 Yonyou 1 U8\+ 2024-11-21 6.1 Medium
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
CVE-2022-26260 1 Simple-plist Project 1 Simple-plist 2024-11-21 9.8 Critical
Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().
CVE-2022-26259 1 Xiongmaitech 20 Ahb80n16t-gs, Ahb80n16t-gs Firmware, Ahb80n32f4-lme and 17 more 2024-11-21 7.8 High
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.
CVE-2022-26255 1 Clash Project 1 Clash 2024-11-21 9.8 Critical
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.