CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2021-37475 In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backe... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28165 The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28890 J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39497 eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38390 A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the u... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18175 SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32983 A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-co... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22160 If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none"... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33806 The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38306 Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28121 Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37538 Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year param... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-35961 Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and ob... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33191 From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26765 SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36452 An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tagβs attributes could perform a double evaluation if a developer applied forced OGNL evaluat... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25404 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3242 DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22885 Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24984 Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26998 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25070 The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44868 A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0664 Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0846 The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46314 A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backti... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0631 Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25299 This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside t... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46315 Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46319 Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22916 O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0787 The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated u... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22922 TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0784 The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0479 The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0679 The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX act... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26278 Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26999 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27000 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27001 Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27002 Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddnsγddns_host parameters. This vulnerability allows attackers to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27003 Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27004 Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27005 Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43958 Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26100 SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27952 An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39737 Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45786 In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.