CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-24259 An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24260 A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46453 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary com... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-29393 Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43517 FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27047 mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-29396 Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46454 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary comma... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46455 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary command... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28001 Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39675 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed.... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30063 ftcms <=2.1 was discovered to be vulnerable to code execution attacks . | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23402 The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46456 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary command... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46457 D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary comma... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27357 Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23730 The public API error causes for the attacker to be able to bypass API access control. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46230 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands vi... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22258 The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and resul... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25427 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27351 Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25428 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26100 SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-32986 After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupte... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25429 Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-32984 All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-32980 Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an exist... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25569 Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22810 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45998 D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27131 An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25431 Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27129 An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24144 Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gat... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27128 An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22813 A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they coul... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43474 An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30064 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28381 Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26728 A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to t... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24310 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends mu... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-20001 It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which cou... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-23555 The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arb... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28368 Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46361 An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46362 A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload ent... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27534 Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27177 A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24311 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in t... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25433 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.