Total
291504 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51052 | 1 S-cms | 1 S-cms | 2025-04-24 | 9.8 Critical |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | ||||
| CVE-2023-49032 | 1 Ltb-project | 1 Self Service Password | 2025-04-24 | 9.8 Critical |
| An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone. | ||||
| CVE-2022-45645 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2025-04-24 | 7.5 High |
| Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. | ||||
| CVE-2022-44944 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | ||||
| CVE-2022-44930 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2025-04-24 | 9.8 Critical |
| D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | ||||
| CVE-2022-44929 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2025-04-24 | 9.8 Critical |
| An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | ||||
| CVE-2022-44928 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2025-04-24 | 9.8 Critical |
| D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. | ||||
| CVE-2022-44533 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | 7.2 High |
| A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | ||||
| CVE-2022-44532 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | 4.9 Medium |
| An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | ||||
| CVE-2022-44366 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo. | ||||
| CVE-2022-44365 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd. | ||||
| CVE-2022-44363 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. | ||||
| CVE-2022-43542 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | 7.2 High |
| Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | ||||
| CVE-2022-43541 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | 7.2 High |
| Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | ||||
| CVE-2022-43518 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-04-24 | 4.9 Medium |
| An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | ||||
| CVE-2022-43479 | 1 Ss-proj | 1 Shirasagi | 2025-04-24 | 6.1 Medium |
| Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | ||||
| CVE-2022-43470 | 1 Fsi | 8 Fs020w, Fs020w Firmware, Fs030w and 5 more | 2025-04-24 | 7.3 High |
| Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed. | ||||
| CVE-2022-43442 | 1 Fsi | 2 Fs040u, Fs040u Firmware | 2025-04-24 | 4.6 Medium |
| Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console. | ||||
| CVE-2022-43097 | 1 User Registration \& User Management System Project | 1 User Registration \& User Management System | 2025-04-24 | 5.4 Medium |
| Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. | ||||
| CVE-2022-42706 | 1 Sangoma | 2 Asterisk, Certified Asterisk | 2025-04-24 | 4.9 Medium |
| An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal. | ||||