Search

Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46601 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function.
CVE-2022-46594 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the update_file_name parameter in the auto_up_fw (sub_420A04) function.
CVE-2022-46593 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function.
CVE-2022-46592 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function.
CVE-2022-46591 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function.
CVE-2022-46590 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function.
CVE-2022-46589 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function.
CVE-2022-46588 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.
CVE-2022-46586 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function.
CVE-2022-46585 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function.
CVE-2022-46442 1 Dedecms 1 Dedecms 2025-04-11 9.8 Critical
dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.
CVE-2022-44621 1 Apache 1 Kylin 2025-04-11 9.8 Critical
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
CVE-2022-43396 1 Apache 1 Kylin 2025-04-11 8.8 High
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf.
CVE-2021-41823 1 Kemptechnologies 1 Web Application Firewall 2025-04-11 6.1 Medium
The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism.
CVE-2024-34452 1 Cmsimple-xh 1 Cmsimple Xh 2025-04-11 6.1 Medium
CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.
CVE-2022-42261 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.8 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
CVE-2024-37231 1 Salonbookingsystem 1 Salon Booking System 2025-04-11 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.
CVE-2024-39930 1 Gogs 1 Gogs 2025-04-11 9.9 Critical
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
CVE-2022-42262 5 Citrix, Linux, Nvidia and 2 more 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more 2025-04-11 7.1 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.
CVE-2024-41304 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.