Search Results (362972 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4321 1 Wpswings 1 Pdf Generator For Wordpress 2025-03-26 6.1 Medium
The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
CVE-2022-48140 1 Dedecms 1 Dedecms 2025-03-26 5.4 Medium
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
CVE-2022-48130 1 Tenda 2 W20e, W20e Firmware 2025-03-26 9.8 Critical
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.
CVE-2022-48022 1 Zammad 1 Zammad 2025-03-26 4.3 Medium
An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.
CVE-2022-48021 1 Zammad 1 Zammad 2025-03-26 9.8 Critical
A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.
CVE-2022-47762 1 Gin-vue-admin Project 1 Gin-vue-admin 2025-03-26 7.5 High
In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.
CVE-2022-47450 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47333 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47332 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47330 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47071 1 Nvs365 2 Nvs-365-v01, Nvs-365-v01 Firmware 2025-03-26 9.8 Critical
In NVS365 V01, the background network test function can trigger command execution.
CVE-2022-46496 1 Bticino 1 Door Entry For Hometouch 2025-03-26 5.9 Medium
BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
CVE-2022-45491 1 Json.h Project 1 Json.h 2025-03-26 7.8 High
Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
CVE-2022-44421 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure.
CVE-2022-43922 2 Ibm, Redhat 2 App Connect Enterprise Certified Container, Openshift 2025-03-26 5.3 Medium
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
CVE-2022-3560 3 Fedoraproject, Pesign Project, Redhat 7 Fedora, Pesign, Enterprise Linux and 4 more 2025-03-26 5.5 Medium
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
CVE-2022-38681 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-28923 1 Caddyserver 1 Caddy 2025-03-26 6.1 Medium
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
CVE-2021-37519 1 Memcached 1 Memcached 2025-03-26 5.5 Medium
Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
CVE-2021-37518 1 Vimium Project 1 Vimium 2025-03-26 6.1 Medium
Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.