Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-25453 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37291 An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43484 A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27115 In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0949 The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25452 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25451 Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25450 Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1295 Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43479 A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26100 SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43722 D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25449 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27276 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27275 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27274 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26520 In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection prop... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27273 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27272 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27271 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is trigger... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27270 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is trig... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27269 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is trigge... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26600 ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27268 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability i... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26599 ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27126 zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1286 heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1276 Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26255 Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25448 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25447 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25446 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43517 FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25445 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44127 In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27047 mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46007 totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead t... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25441 Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26245 Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28001 Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25440 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27357 Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26205 Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via inje... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27351 Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25439 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-21194 The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25438 Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26198 Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25437 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25435 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.