Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23255 | 2022-10-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-44597 | 2022-10-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43857. Reason: This candidate is a reservation duplicate of CVE-2021-43857. Notes: All CVE users should reference CVE-2021-43857 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-40739 | 1 Ragic | 1 Ragic | 2022-10-31 | N/A | 5.4 MEDIUM |
| Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-10-31 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3735 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. | |||||
| CVE-2022-3732 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3731 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. | |||||
| CVE-2022-3730 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. | |||||
| CVE-2022-3729 | 1 Ehoney Project | 1 Ehoney | 2022-10-31 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. | |||||
| CVE-2022-26884 | 1 Apache | 1 Dolphinscheduler | 2022-10-31 | N/A | 6.5 MEDIUM |
| Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | |||||
| CVE-2022-42055 | 1 Gl-inet | 1 Goodcloud | 2022-10-31 | N/A | 6.5 MEDIUM |
| Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | |||||
| CVE-2022-43365 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2022-10-31 | N/A | 7.5 HIGH |
| IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-2864 | 1 Superwhite | 1 Demon Image Annotation | 2022-10-31 | N/A | 8.8 HIGH |
| The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-40876 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2022-10-31 | N/A | 9.8 CRITICAL |
| In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | |||||
| CVE-2022-43366 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2022-10-31 | N/A | 7.5 HIGH |
| IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. | |||||
| CVE-2022-43367 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2022-10-31 | N/A | 9.8 CRITICAL |
| IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. | |||||
| CVE-2022-43364 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2022-10-31 | N/A | 7.5 HIGH |
| An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. | |||||
| CVE-2022-43286 | 1 F5 | 1 Njs | 2022-10-31 | N/A | 9.8 CRITICAL |
| Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. | |||||
| CVE-2022-39366 | 1 Datahub Project | 1 Datahub | 2022-10-31 | N/A | 9.8 CRITICAL |
| DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. | |||||
| CVE-2022-39027 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 5.4 MEDIUM |
| U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. | |||||