Vulnerabilities (CVE)

Total 15939 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26065 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-25880 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2020-13576 2 Fedoraproject, Genivia 2 Fedora, Gsoap 2022-06-29 7.5 HIGH 9.8 CRITICAL
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2020-28039 3 Canonical, Debian, Wordpress 3 Ubuntu Linux, Debian Linux, Wordpress 2022-06-29 6.4 MEDIUM 9.1 CRITICAL
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
CVE-2020-28032 3 Debian, Fedoraproject, Wordpress 3 Debian Linux, Fedora, Wordpress 2022-06-29 7.5 HIGH 9.8 CRITICAL
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
CVE-2022-2068 2 Debian, Openssl 2 Debian Linux, Openssl 2022-06-29 10.0 HIGH 9.8 CRITICAL
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
CVE-2022-33127 2 Diffy Project, Microsoft 2 Diffy, Windows 2022-06-29 7.5 HIGH 9.8 CRITICAL
The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.
CVE-2022-31787 1 Ideaco 1 Ideatms 2022-06-29 7.5 HIGH 9.8 CRITICAL
IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO
CVE-2021-26636 2 Linux, Maxb 2 Linux Kernel, Maxboard 2022-06-29 6.8 MEDIUM 9.6 CRITICAL
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.
CVE-2021-26637 1 Shinasys 6 Sihas Acm-300, Sihas Acm-300 Firmware, Sihas Gcm-300 and 3 more 2022-06-29 7.5 HIGH 9.8 CRITICAL
There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.
CVE-2021-40954 1 Laiketui 1 Laiketui 2022-06-29 7.5 HIGH 9.8 CRITICAL
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
CVE-2022-34181 1 Jenkins 1 Xunit 2022-06-29 6.4 MEDIUM 9.1 CRITICAL
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.
CVE-2022-26147 1 Quectel 2 Rg502q-ea, Rg502q-ea Firmware 2022-06-29 10.0 HIGH 9.8 CRITICAL
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.
CVE-2022-34005 1 Southrivertech 1 Titan Ftp Server Nextgen 2022-06-29 7.5 HIGH 9.8 CRITICAL
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.
CVE-2022-33139 1 Siemens 1 Wincc Open Architecture 2022-06-29 6.8 MEDIUM 9.8 CRITICAL
A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
CVE-2022-31374 1 Contec 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware 2022-06-29 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
CVE-2022-30311 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2022-06-29 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30310 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2022-06-29 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30309 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2022-06-29 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30308 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2022-06-29 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.