CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-41381 The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected ver... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42233 Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41382 The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected versio... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41408 Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45400 Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45397 Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45396 Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45395 Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44542 lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37611 Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-38947 SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-38580 Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37454 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43101 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43102 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40889 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29006 By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational probl... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40887 SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43025 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42245 Dreamer CMS 4.0.01 is vulnerable to SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43103 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43104 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41495 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43105 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43106 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2437 The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5.... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3600 The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43107 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42058 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43108 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29943 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43109 D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22818 MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45474 drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41383 The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected ve... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42984 WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22819 MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41384 The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32941 The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffe... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22425 "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27582 Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the passwo... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27584 Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password r... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41570 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40664 Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40055 An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3393 The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42149 kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27585 Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as Recover... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22730 Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40881 SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.