Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30072 1 Wbce 1 Wbce Cms 2024-11-21 5.4 Medium
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
CVE-2022-30067 2 Gimp, Redhat 2 Gimp, Enterprise Linux 2024-11-21 5.5 Medium
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
CVE-2022-30065 2 Busybox, Siemens 13 Busybox, Scalance Sc622-2c, Scalance Sc622-2c Firmware and 10 more 2024-11-21 7.8 High
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
CVE-2022-30063 1 Ftcms 1 Ftcms 2024-11-21 9.8 Critical
ftcms <=2.1 was discovered to be vulnerable to code execution attacks .
CVE-2022-30062 1 Ftcms 1 Ftcms 2024-11-21 6.5 Medium
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php
CVE-2022-30061 1 Ftcms 1 Ftcms 2024-11-21 6.5 Medium
ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.
CVE-2022-30060 1 Ftcms 1 Ftcms 2024-11-21 8.8 High
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php
CVE-2022-30059 1 Shopwind 1 Shopwind 2024-11-21 6.5 Medium
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.
CVE-2022-30058 1 Shopwind 1 Shopwind 2024-11-21 5.3 Medium
Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.
CVE-2022-30057 1 Shopwind 1 Shopwind 2024-11-21 5.4 Medium
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.
CVE-2022-30055 2 Mersenne, Microsoft 2 Prime95, Windows 2024-11-21 9.8 Critical
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.
CVE-2022-30054 1 Covid 19 Travel Pass Management Project 1 Covid 19 Travel Pass Management 2024-11-21 9.8 Critical
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.
CVE-2022-30052 1 Home Clean Service System Project 1 Home Clean Service System 2024-11-21 9.8 Critical
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.
CVE-2022-30050 1 Sir 1 Gnuboard 2024-11-21 6.1 Medium
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
CVE-2022-30049 1 Ruifang-tech 1 Rebuild 2024-11-21 7.5 High
A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.
CVE-2022-30048 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
CVE-2022-30047 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
CVE-2022-30045 1 Ezxml Project 1 Ezxml 2024-11-21 6.5 Medium
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.
CVE-2022-30040 1 Tenda 2 Ax1803, Ax1803 Firmware 2024-11-21 7.5 High
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service.
CVE-2022-30036 1 Malighting 2 Grandma2 Light, Grandma2 Light Firmware 2024-11-21 8.8 High
MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability.