Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-25075 TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUER... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25076 TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUE... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25077 TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QU... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25078 TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QU... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25079 TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUE... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25080 TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25081 TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_ST... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25082 TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arb... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29324 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29325 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29326 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26723 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29327 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27919 Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administrat... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29328 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29329 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26268 Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29391 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26711 An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remo... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26708 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39737 Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23676 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43636 Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29392 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30516 In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30495 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30493 In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-21831 A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1715 Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43090 An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-33016 An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31969 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30500 Jfinal cms 5.1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30477 Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22282 SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Cont... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26301 TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30476 Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30474 Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30472 Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26279 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26272 A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28929 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28930 ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30765 Calibre-Web before 0.6.18 allows user table SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30011 In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42897 A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29351 An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a leg... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31965 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29353 An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43700 An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.