Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-20708 1 Cisco 8 Rv340, Rv340 Firmware, Rv340w and 5 more 2022-03-29 10.0 HIGH 9.8 CRITICAL
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-20706 1 Cisco 18 Rv160, Rv160 Firmware, Rv160w and 15 more 2022-03-29 9.3 HIGH 8.1 HIGH
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-20704 1 Cisco 18 Rv160, Rv160 Firmware, Rv160w and 15 more 2022-03-29 5.8 MEDIUM 4.8 MEDIUM
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-26272 1 Ionizecms 1 Ionize 2022-03-29 7.5 HIGH 9.8 CRITICAL
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.
CVE-2022-20703 1 Cisco 18 Rv160, Rv160 Firmware, Rv160w and 15 more 2022-03-29 7.2 HIGH 8.4 HIGH
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-24031 1 Insyde 1 Insydeh2o 2022-03-29 7.2 HIGH 8.2 HIGH
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-43615 1 Insyde 1 Insydeh2o 2022-03-29 7.2 HIGH 8.2 HIGH
An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-43323 1 Insyde 1 Insydeh2o 2022-03-29 7.2 HIGH 8.2 HIGH
An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-42113 1 Insyde 1 Insydeh2o 2022-03-29 4.6 MEDIUM 8.2 HIGH
An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-42060 1 Insyde 1 Insydeh2o 2022-03-29 7.2 HIGH 8.2 HIGH
An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
CVE-2021-41841 1 Insyde 1 Insydeh2o 2022-03-29 7.2 HIGH 8.2 HIGH
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.
CVE-2022-26187 1 Totolink 2 N600r, N600r Firmware 2022-03-29 7.5 HIGH 9.8 CRITICAL
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
CVE-2022-25575 1 Hongmen 1 Parking Management System 2022-03-29 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.
CVE-2021-43084 1 Dreamer Cms Project 1 Dreamer Cms 2022-03-29 7.5 HIGH 9.8 CRITICAL
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.
CVE-2022-0153 1 Fork-cms 1 Fork Cms 2022-03-29 4.3 MEDIUM 7.5 HIGH
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.
CVE-2022-1058 1 Gitea 1 Gitea 2022-03-29 5.8 MEDIUM 6.1 MEDIUM
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
CVE-2022-0955 1 Pimcore 1 Data-hub 2022-03-29 3.5 LOW 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.
CVE-2022-26186 1 Totolink 2 N600r, N600r Firmware 2022-03-29 7.5 HIGH 9.8 CRITICAL
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.
CVE-2021-39491 1 Rengine Project 1 Rengine 2022-03-29 3.5 LOW 5.4 MEDIUM
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
CVE-2021-43700 1 Apimanager Project 1 Apimanager 2022-03-29 7.5 HIGH 9.8 CRITICAL
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8.