Search Results (363357 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26251 1 Synametrics 1 Synaman 2024-11-21 7.2 High
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
CVE-2022-26250 1 Synametrics 1 Synaman 2024-11-21 7.8 High
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
CVE-2022-26249 1 Surveyking Project 1 Surveyking 2024-11-21 9.8 Critical
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
CVE-2022-26247 1 Teamwork Management System Project 1 Teamwork Management System 2024-11-21 5.9 Medium
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.
CVE-2022-26246 1 Tms Project 1 Tms 2024-11-21 6.1 Medium
TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.
CVE-2022-26245 1 Open-falcon 1 Falcon-plus 2024-11-21 9.8 Critical
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.
CVE-2022-26244 1 Hospital\'s Patient Records Management System Project 1 Hospital\'s Patient Records Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.
CVE-2022-26243 1 Tendacn 2 Ac10, Ac10 Firmware 2024-11-21 7.5 High
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.
CVE-2022-26240 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2024-11-21 6.5 Medium
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26239 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2024-11-21 5.5 Medium
The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26238 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2024-11-21 5.5 Medium
The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26237 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2024-11-21 5.5 Medium
The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26236 2 Beckmancoulter, Microsoft 2 Remisol Advance, Windows 2024-11-21 5.5 Medium
The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
CVE-2022-26235 1 Beckmancoulter 1 Remisol Advance 2024-11-21 7.8 High
A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.
CVE-2022-26233 1 Barco 1 Control Room Management Suite 2024-11-21 7.5 High
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
CVE-2022-26214 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
CVE-2022-26213 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 9.8 Critical
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26212 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26211 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26210 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 9.8 Critical
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.