Search Results (363726 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-26342 1 Asus 3 4g-ac68u, 4g-ac68u Firmware, Ac68u 2025-04-28 7.5 High
A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.
CVE-2023-52048 1 Ruoyi 1 Ruoyi 2025-04-28 4.7 Medium
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/.
CVE-2024-6096 1 Progress 1 Telerik Reporting 2025-04-25 8.8 High
In ProgressĀ® TelerikĀ® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVE-2018-5733 4 Canonical, Debian, Isc and 1 more 9 Ubuntu Linux, Debian Linux, Dhcp and 6 more 2025-04-25 7.5 High
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
CVE-2022-45535 1 Aerocms Project 1 Aerocms 2025-04-25 4.9 Medium
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.
CVE-2022-45529 1 Aerocms Project 1 Aerocms 2025-04-25 4.9 Medium
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.
CVE-2022-45331 1 Aerocms Project 1 Aerocms 2025-04-25 7.5 High
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.
CVE-2022-45330 1 Aerocms Project 1 Aerocms 2025-04-25 7.5 High
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.
CVE-2022-44808 1 Dlink 2 Dir-823g, Dir-823g Firmware 2025-04-25 9.8 Critical
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
CVE-2022-44252 1 Totolink 2 Lr350, Lr350 Firmware 2025-04-25 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
CVE-2022-44251 1 Totolink 2 Lr350, Lr350 Firmware 2025-04-25 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
CVE-2022-44250 1 Totolink 2 Lr350, Lr350 Firmware 2025-04-25 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
CVE-2022-44249 1 Totolink 2 Lr350, Lr350 Firmware 2025-04-25 9.8 Critical
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
CVE-2022-44139 1 Apartment Visitors Management System Project 1 Apartment Visitors Management System 2025-04-25 9.8 Critical
Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.
CVE-2022-44120 1 Dedebiz 1 Dedecmsv6 2025-04-25 9.8 Critical
dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.
CVE-2022-42985 1 Scratch-wiki 1 Scratch Login 2025-04-25 4.8 Medium
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
CVE-2022-39833 1 Filecloud 1 Filecloud 2025-04-25 7.2 High
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.
CVE-2022-38753 1 Microfocus 1 Netiq Advanced Authentication 2025-04-25 6.3 Medium
This update resolves a multi-factor authentication bypass attack
CVE-2022-38147 1 Silverstripe 1 Framework 2025-04-25 5.4 Medium
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
CVE-2022-38145 1 Silverstripe 1 Framework 2025-04-25 5.4 Medium
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.