Vulnerabilities (CVE)

Total 17668 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20800 1 Cherokee-project 1 Cherokee 2022-11-21 7.5 HIGH 9.8 CRITICAL
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host:" headers.
CVE-2020-2801 1 Oracle 2 Jdk, Weblogic Server 2022-11-21 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are,, and Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Note: The patch for this issue will address the vulnerability only if the WLS instance is using JDK 1.7.0_191 or later, or JDK 1.8.0_181 or later. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2021-46386 1 Mingsoft 1 Mcms 2022-11-21 7.5 HIGH 9.8 CRITICAL
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
CVE-2022-44584 1 Watchtowerhq 1 Watchtower 2022-11-21 N/A 9.1 CRITICAL
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
CVE-2022-42698 1 Api2cart 1 Api2cart Bridge Connector 2022-11-21 N/A 9.8 CRITICAL
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CVE-2022-42497 1 Api2cart 1 Api2cart Bridge Connector 2022-11-21 N/A 9.8 CRITICAL
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CVE-2022-24706 1 Apache 1 Couchdb 2022-11-21 10.0 HIGH 9.8 CRITICAL
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
CVE-2022-40797 1 Roxyfileman 1 Roxy Fileman 2022-11-21 N/A 9.8 CRITICAL
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
CVE-2022-44000 1 Backclick 1 Backclick 2022-11-21 N/A 9.8 CRITICAL
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.
CVE-2022-43999 1 Backclick 1 Backclick 2022-11-21 N/A 9.8 CRITICAL
An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server.
CVE-2021-20588 1 Mitsubishielectric 41 C Controller Module Setting And Monitoring Tool, Cpu Module Logging Configuration Tool, Cw Configurator and 38 more 2022-11-21 7.5 HIGH 9.8 CRITICAL
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions 5.4 and prior, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer versions 8.506C and prior, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link versions 1.03D and prior, MELFA-Works versions 4.4 and prior, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) versions 1.015R and prior, MELSOFT Navigator versions 2.74C and prior, MH11 SettingTool Version2 versions 2.004E and prior, MI Configurator versions 1.004E and prior, MT Works2 versions 1.167Z and prior, MX Component versions 5.001B and prior, Network Interface Board CC IE Control utility versions 1.29F and prior, Network Interface Board CC IE Field Utility versions 1.16S and prior, Network Interface Board CC-Link Ver.2 Utility versions 1.23Z and prior, Network Interface Board MNETH utility versions 34L and prior, PX Developer versions 1.53F and prior, RT ToolBox2 versions 3.73B and prior, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module (SW4PVC-CCPU) versions 4.12N and prior and SLMP Data Collector versions 1.04E and prior) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets.
CVE-2022-41652 1 Expresstech 1 Quiz And Survey Master 2022-11-21 N/A 9.8 CRITICAL
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2022-41781 1 Permalink Manager Lite Project 1 Permalink Manager Lite 2022-11-21 N/A 9.8 CRITICAL
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVE-2022-41840 1 Collne 1 Welcart E-commerce 2022-11-21 N/A 9.8 CRITICAL
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CVE-2022-42785 1 Wut 34 At-modem-emulator, At-modem-emulator Firmware, Com-server 20ma and 31 more 2022-11-21 N/A 9.8 CRITICAL
Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request.
CVE-2022-24942 1 Silabs 1 Micrium Uc-http 2022-11-21 N/A 9.8 CRITICAL
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.
CVE-2022-4051 1 Hostel Searching Project 1 Hostel Searching Project 2022-11-21 N/A 9.8 CRITICAL
A vulnerability has been found in Hostel Searching Project and classified as critical. This vulnerability affects unknown code of the file view-property.php. The manipulation of the argument property_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213844.
CVE-2019-18906 2 Opensuse, Suse 3 Cryptctl, Linux Enterprise Server, Manager Server 2022-11-21 7.5 HIGH 9.8 CRITICAL
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.
CVE-2022-38538 1 Archerydms 1 Archery 2022-11-21 N/A 9.8 CRITICAL
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.
CVE-2020-12460 3 Debian, Fedoraproject, Trusteddomain 3 Debian Linux, Fedora, Opendmarc 2022-11-21 7.5 HIGH 9.8 CRITICAL
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.