Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27958 1 Febs-security Project 1 Febs-security 2022-04-14 5.5 MEDIUM 5.4 MEDIUM
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information.
CVE-2022-27477 1 Newbee-mall Project 1 Newbee-mall 2022-04-14 7.5 HIGH 9.8 CRITICAL
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
CVE-2022-27133 1 Zbzcms 1 Zbzcms 2022-04-14 6.4 MEDIUM 9.1 CRITICAL
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.
CVE-2022-27131 1 Zbzcms 1 Zbzcms 2022-04-14 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-1007 1 Elbtide 1 Advanced Booking Calendar 2022-04-14 4.3 MEDIUM 6.1 MEDIUM
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
CVE-2022-1006 1 Elbtide 1 Advanced Booking Calendar 2022-04-14 6.5 MEDIUM 7.2 HIGH
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks
CVE-2022-27129 1 Zbzcms 1 Zbzcms 2022-04-14 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27128 1 Zbzcms 1 Zbzcms 2022-04-14 7.5 HIGH 9.8 CRITICAL
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.
CVE-2021-43521 1 Zlog Project 1 Zlog 2022-04-14 5.0 MEDIUM 7.5 HIGH
A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c.
CVE-2022-23971 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2022-04-14 4.8 MEDIUM 8.1 HIGH
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.
CVE-2022-23970 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2022-04-14 4.8 MEDIUM 8.1 HIGH
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.
CVE-2022-27022 1 Tenda 2 Ac9, Ac9 Firmware 2022-04-14 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
CVE-2022-27016 1 Tenda 2 Ac9, Ac9 Firmware 2022-04-14 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
CVE-2022-0936 1 Autolabproject 1 Autolab 2022-04-14 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.
CVE-2022-23973 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2022-04-14 5.8 MEDIUM 8.8 HIGH
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.
CVE-2021-32157 1 Webmin 1 Webmin 2022-04-14 6.8 MEDIUM 9.6 CRITICAL
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
CVE-2022-27961 1 Ofcms Project 1 Ofcms 2022-04-14 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
CVE-2022-25595 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2022-04-14 6.1 MEDIUM 6.5 MEDIUM
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.
CVE-2022-27046 1 Libsixel Project 1 Libsixel 2022-04-14 6.8 MEDIUM 8.8 HIGH
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.
CVE-2022-27044 1 Libsixel Project 1 Libsixel 2022-04-14 6.8 MEDIUM 8.8 HIGH
libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.