Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2022-02-04 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | |||||
| CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2022-02-04 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. | |||||
| CVE-2021-45742 | 1 Totolink | 2 A720r, A720r Firmware | 2022-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2021-45738 | 1 Totolink | 2 X5000r, X5000r Firmware | 2022-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName. | |||||
| CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2022-02-04 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | |||||
| CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | |||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2022-02-04 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | |||||
| CVE-2022-22510 | 1 Codesys | 1 Profinet | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP. | |||||
| CVE-2021-41018 | 1 Fortinet | 1 Fortiweb | 2022-02-04 | 9.0 HIGH | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2021-28096 | 1 Stormshield | 1 Stormshield Network Security | 2022-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | |||||
| CVE-2022-0401 | 1 W-zip Project | 1 W-zip | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in NPM w-zip prior to 1.0.12. | |||||
| CVE-2022-0320 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques. | |||||
| CVE-2022-0220 | 1 Welaunch | 1 Wordpress Gdpr\&ccpa | 2022-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce) | |||||
| CVE-2021-23520 | 1 Juce | 1 Juce | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object. | |||||
| CVE-2021-34805 | 1 Land-software | 1 Faust Iserver | 2022-02-04 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. | |||||
| CVE-2022-23409 | 1 Ethercreative | 1 Logs | 2022-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | |||||
| CVE-2021-46459 | 1 Victor Cms Project | 1 Victor Cms | 2022-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. | |||||
| CVE-2020-36064 | 1 Online Course Registration Project | 1 Online Course Registration | 2022-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | |||||
| CVE-2021-46253 | 1 Anchorcms | 1 Anchor Cms | 2022-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-45416 | 1 Rosariosis | 1 Rosariosis | 2022-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | |||||