Total
291526 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45640 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-24 | 7.5 High |
| Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). | ||||
| CVE-2022-45337 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2025-04-24 | 7.5 High |
| Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | ||||
| CVE-2022-45332 | 1 Gnu | 1 Libredwg | 2025-04-24 | 7.8 High |
| LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. | ||||
| CVE-2022-45328 | 1 Church Management System Project | 1 Church Management System | 2025-04-24 | 7.2 High |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. | ||||
| CVE-2022-45215 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-24 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. | ||||
| CVE-2022-45045 | 1 Xiongmaitech | 144 Mbd6304t, Mbd6304t Firmware, Nbd6808t-pl and 141 more | 2025-04-24 | 8.8 High |
| Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd. | ||||
| CVE-2022-44962 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. | ||||
| CVE-2022-44961 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2022-44960 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | ||||
| CVE-2022-44955 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | ||||
| CVE-2022-44954 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add". | ||||
| CVE-2022-44953 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". | ||||
| CVE-2022-44952 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". | ||||
| CVE-2022-44951 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | 5.4 Medium |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2022-44367 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo. | ||||
| CVE-2022-44362 | 1 Tenda | 2 I21, I21 Firmware | 2025-04-24 | 9.8 Critical |
| Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. | ||||
| CVE-2022-44348 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=. | ||||
| CVE-2022-44347 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=. | ||||
| CVE-2022-44345 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=. | ||||
| CVE-2022-44296 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=. | ||||