Vulnerabilities (CVE)

Total 17668 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44255 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
CVE-2022-44252 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
CVE-2022-44251 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
CVE-2022-44250 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
CVE-2022-44249 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
CVE-2022-44139 1 Apartment Visitors Management System Project 1 Apartment Visitors Management System 2022-11-26 N/A 9.8 CRITICAL
Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.
CVE-2022-45462 1 Apache 1 Alarm Instance Management 2022-11-26 N/A 9.8 CRITICAL
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
CVE-2022-4116 1 Redhat 1 Build Of Quarkus 2022-11-26 N/A 9.8 CRITICAL
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
CVE-2022-40602 1 Zyxel 2 Lte3301-m209, Lte3301-m209 Firmware 2022-11-26 N/A 9.8 CRITICAL
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.
CVE-2022-41326 1 Mitel 1 Micollab 2022-11-26 N/A 9.8 CRITICAL
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application.
CVE-2022-45474 1 Drachtio 1 Drachtio-server 2022-11-25 N/A 9.8 CRITICAL
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.
CVE-2022-37598 1 Uglifyjs Project 1 Uglifyjs 2022-11-25 N/A 9.8 CRITICAL
** DISPUTED ** Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.
CVE-2021-36751 1 Encsecurity 1 Datavault 2022-11-25 6.4 MEDIUM 9.1 CRITICAL
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)
CVE-2022-0318 2 Apple, Vim 2 Macos, Vim 2022-11-24 7.5 HIGH 9.8 CRITICAL
Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVE-2022-34827 1 Carel 2 Boss Mini, Boss Mini Firmware 2022-11-24 N/A 9.9 CRITICAL
Carel Boss Mini 1.5.0 has Improper Access Control.
CVE-2020-23591 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2022-11-23 N/A 9.8 CRITICAL
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.
CVE-2020-23584 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2022-11-23 N/A 9.8 CRITICAL
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.
CVE-2019-20041 2 Debian, Wordpress 2 Debian Linux, Wordpress 2022-11-23 7.5 HIGH 9.8 CRITICAL
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
CVE-2020-23583 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2022-11-23 N/A 9.8 CRITICAL
OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.
CVE-2022-44807 1 Dlink 2 Dir-882, Dir-882 Firmware 2022-11-23 N/A 9.8 CRITICAL
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.