Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27958 | 1 Febs-security Project | 1 Febs-security | 2022-04-14 | 5.5 MEDIUM | 5.4 MEDIUM |
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information. | |||||
CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | |||||
CVE-2022-27133 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. | |||||
CVE-2022-27131 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2022-1007 | 1 Elbtide | 1 Advanced Booking Calendar | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | |||||
CVE-2022-1006 | 1 Elbtide | 1 Advanced Booking Calendar | 2022-04-14 | 6.5 MEDIUM | 7.2 HIGH |
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | |||||
CVE-2022-27129 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2022-27128 | 1 Zbzcms | 1 Zbzcms | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. | |||||
CVE-2021-43521 | 1 Zlog Project | 1 Zlog | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. | |||||
CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 4.8 MEDIUM | 8.1 HIGH |
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | |||||
CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 4.8 MEDIUM | 8.1 HIGH |
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | |||||
CVE-2022-27022 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-04-14 | 10.0 HIGH | 9.8 CRITICAL |
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload. | |||||
CVE-2022-27016 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-04-14 | 10.0 HIGH | 9.8 CRITICAL |
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. | |||||
CVE-2022-0936 | 1 Autolabproject | 1 Autolab | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. | |||||
CVE-2022-23973 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 5.8 MEDIUM | 8.8 HIGH |
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. | |||||
CVE-2021-32157 | 1 Webmin | 1 Webmin | 2022-04-14 | 6.8 MEDIUM | 9.6 CRITICAL |
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | |||||
CVE-2022-27961 | 1 Ofcms Project | 1 Ofcms | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. | |||||
CVE-2022-25595 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2022-04-14 | 6.1 MEDIUM | 6.5 MEDIUM |
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | |||||
CVE-2022-27046 | 1 Libsixel Project | 1 Libsixel | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. | |||||
CVE-2022-27044 | 1 Libsixel Project | 1 Libsixel | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. |