Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25104 1 Horizontcms Project 1 Horizontcms 2024-11-21 7.5 High
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.
CVE-2022-25101 1 Wbce 1 Wbce Cms 2024-11-21 7.8 High
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25099 1 Wbce 1 Wbce Cms 2024-11-21 7.8 High
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25098 1 Ectouch 1 Ectouch 2024-11-21 9.1 Critical
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.
CVE-2022-25096 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
CVE-2022-25095 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
CVE-2022-25094 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 8.8 High
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
CVE-2022-25090 1 Kofax 1 Printix 2024-11-21 8.1 High
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.
CVE-2022-25089 1 Kofax 1 Printix 2024-11-21 9.8 Critical
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.
CVE-2022-25084 1 Totolink 2 T6, T6 Firmware 2024-11-21 9.8 Critical
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25083 1 Totolink 2 A860r, A860r Firmware 2024-11-21 9.8 Critical
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25082 1 Totolink 2 A950rg, A950rg Firmware 2024-11-21 9.8 Critical
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25081 1 Totolink 2 T10 V2, T10 V2 Firmware 2024-11-21 9.8 Critical
TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25080 1 Totolink 2 A830r, A830r Firmware 2024-11-21 9.8 Critical
TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25079 1 Totolink 1 A810r Firmware 2024-11-21 9.8 Critical
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25078 1 Totolink 1 A3600r Firmware 2024-11-21 9.8 Critical
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25077 1 Totolink 2 A3100r, A3100r Firmware 2024-11-21 9.8 Critical
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25076 1 Totolink 2 A800r, A800r Firmware 2024-11-21 9.8 Critical
TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25075 1 Totolink 2 A3000ru, A3000ru Firmware 2024-11-21 9.8 Critical
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2022-25074 1 Tp-link 2 Tl-wr902ac, Tl-wr902ac Firmware 2024-11-21 9.8 Critical
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.