Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-45957 Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26260 Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26187 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27263 An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27262 An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26188 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27260 An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27140 An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27139 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's sec... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25439 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26189 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45756 Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43735 CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43736 CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21692 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2021-38278 Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-25981 In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25440 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25441 Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27426 GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27428 GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of fir... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25445 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25446 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24995 Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25447 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25448 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24652 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45617 Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R640... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28036 AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24651 sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28035 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25449 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28034 AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24609 Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24607 Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24606 Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28033 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28032 AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27473 SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-45331 An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27472 SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27165 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27164 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27163 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24605 Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27162 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27161 Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24604 Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluat... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24603 Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.