Search Results (363419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46591 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function.
CVE-2022-46590 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function.
CVE-2022-46589 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function.
CVE-2022-46588 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.
CVE-2022-46586 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function.
CVE-2022-46585 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function.
CVE-2022-46442 1 Dedecms 1 Dedecms 2025-04-11 9.8 Critical
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
CVE-2022-44621 1 Apache 1 Kylin 2025-04-11 9.8 Critical
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
CVE-2022-43396 1 Apache 1 Kylin 2025-04-11 8.8 High
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.
CVE-2021-41823 1 Kemptechnologies 1 Web Application Firewall 2025-04-11 6.1 Medium
The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism.
CVE-2024-34452 1 Cmsimple-xh 1 Cmsimple Xh 2025-04-11 6.1 Medium
CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.
CVE-2022-42261 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.8 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
CVE-2024-37231 1 Salonbookingsystem 1 Salon Booking System 2025-04-11 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.
CVE-2024-39930 1 Gogs 1 Gogs 2025-04-11 9.9 Critical
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
CVE-2022-42262 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
CVE-2024-41304 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2024-5595 1 Wpdeveloper 1 Essential Blocks 2025-04-11 5.4 Medium
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-42263 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.
CVE-2024-6651 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-6494 2 Iptanus, Wordpress File Upload Project 2 Wordpress File Upload, Wordpress File Upload 2025-04-11 6.1 Medium
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.