Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26148 2 Grafana, Redhat 3 Grafana, Ceph Storage, Storage 2022-05-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
CVE-2022-28584 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28583 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28582 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28581 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28580 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28578 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28577 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28575 1 Totolink 2 A7100ru, A7100ru Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
CVE-2021-25268 1 Sophos 2 Firewall, Firewall Firmware 2022-05-12 6.0 MEDIUM 8.4 HIGH
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.
CVE-2021-25267 1 Sophos 2 Firewall, Firewall Firmware 2022-05-12 8.5 HIGH 8.4 HIGH
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.
CVE-2022-29592 1 Tenda 2 Tx9 Pro, Tx9 Pro Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).
CVE-2022-28606 1 Bosscms 1 Bosscms 2022-05-12 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.
CVE-2022-28120 1 Rainier 1 Open Virtual Simulation Experiment Teaching Management Platform 2022-05-12 7.5 HIGH 9.8 CRITICAL
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.
CVE-2022-27411 1 Totolink 2 N600r, N600r Firmware 2022-05-12 10.0 HIGH 9.8 CRITICAL
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.
CVE-2022-27360 1 Bladex 1 Springblade 2022-05-12 7.5 HIGH 9.8 CRITICAL
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
CVE-2022-27634 1 F5 1 Big-ip Access Policy Manager 2022-05-12 6.5 MEDIUM 7.2 HIGH
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27588 1 Qnap 1 Qvr 2022-05-12 7.5 HIGH 9.8 CRITICAL
We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later
CVE-2022-27495 1 F5 1 Nginx Service Mesh 2022-05-12 3.3 LOW 6.5 MEDIUM
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2021-38487 1 Rti 3 Connext Dds Micro, Connext Dds Professional, Connext Dds Secure 2022-05-12 6.4 MEDIUM 9.1 CRITICAL
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.