CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-39067 There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial o... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-39070 There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any ope... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43212 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3500 A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors ... | 5.1 | MEDIUM | — | 0 |
| CVE-2020-23587 A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) ... | 3.1 | LOW | — | 0 |
| CVE-2022-4116 A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45330 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. | 7.5 | HIGH | — | 0 |
| CVE-2022-45331 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. | 7.5 | HIGH | — | 0 |
| CVE-2022-45529 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database infor... | 4.9 | MEDIUM | — | 0 |
| CVE-2022-45535 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | 4.9 | MEDIUM | — | 0 |
| CVE-2022-45536 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. | 4.9 | MEDIUM | — | 0 |
| CVE-2022-37773 An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-37774 There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This previ... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-38724 Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-40303 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an at... | 7.5 | HIGH | — | 0 |
| CVE-2022-40870 The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload inje... | 8.1 | HIGH | — | 0 |
| CVE-2024-51243 The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. | 7.2 | HIGH | — | 0 |
| CVE-2022-43751 McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unpri... | 7.8 | HIGH | — | 0 |
| CVE-2020-23583 OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXE... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-23585 A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient C... | 8.8 | HIGH | — | 0 |
| CVE-2020-23593 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to e... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-23584 Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_trac... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-23586 A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) atta... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-45036 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-23588 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to ... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-23589 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-23590 A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to c... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-23591 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete ever... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-23592 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to ... | 8.8 | HIGH | — | 0 |
| CVE-2022-35500 Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-34830 An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. | 7.5 | HIGH | — | 0 |
| CVE-2022-37429 Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-37430 Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | 5.4 | MEDIUM | — | 0 |
| CVE-2022-37772 Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potenti... | 7.5 | HIGH | — | 0 |
| CVE-2022-38145 Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history co... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-42095 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | 4.8 | MEDIUM | — | 0 |
| CVE-2022-36337 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI vari... | 8.2 | HIGH | — | 0 |
| CVE-2022-37421 Silverstripe silverstripe/cms through 4.11.0 allows XSS. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-38147 Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | 5.4 | MEDIUM | — | 0 |
| CVE-2022-40770 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. | 7.2 | HIGH | — | 0 |
| CVE-2022-41446 An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-43213 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45472 CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-46854 mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | 7.5 | HIGH | — | 0 |
| CVE-2022-45462 Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45149 A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-45150 A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to ope... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-48311 Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function. | 8.8 | HIGH | — | 0 |
| CVE-2022-45151 The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-44139 Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.