Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363994 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-39888 1 Samsung 3 Mobile, Samsung Mobile, Samsung Mobile Devices 2026-04-15 4.3 Medium
Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information.
CVE-2022-4001 1 Motorola 1 Q14 Mesh Router Firmware 2026-04-15 7.3 High
An authentication bypass vulnerability could allow an attacker to access API functions without authentication.
CVE-2022-39997 1 Teldat 2 Rs123 Firmware, Rs123w Firmware 2026-04-15 8 High
A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges
CVE-2022-41324 2026-04-15 6.5 Medium
Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information.
CVE-2022-41573 2026-04-15 9.8 Critical
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution.
CVE-2024-29276 1 Seeyonao 1 Seeyonoa 2026-04-15 9.8 Critical
An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component.
CVE-2024-29278 2026-04-15 6.5 Medium
funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ."
CVE-2024-29309 1 Alfresco 1 Alfresco Content Services 2026-04-15 7.7 High
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.
CVE-2022-42974 1 Kostal Piko 1 Mp Plus Hmi Oem 2026-04-15 4.8 Medium
In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML.
CVE-2022-43110 1 Voltronicpower 1 Viewpower 2026-04-15 9.8 Critical
Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.
CVE-2022-45070 2026-04-15 5.3 Medium
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.
CVE-2022-45147 1 Siemens 2 Simatic Pcs Neo, Simatic Step 7 2026-04-15 7.8 High
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.
CVE-2022-45157 1 Rancher 1 Rancher 2026-04-15 9.1 Critical
A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.
CVE-2022-4532 2026-04-15 6.5 Medium
The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.
CVE-2022-4534 1 Wp-buy 1 Limit Login Attempts 2026-04-15 5.3 Medium
The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.
CVE-2022-45368 2026-04-15 7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.
CVE-2022-45929 1 Northern.tech 1 Mender 2026-04-15 8.8 High
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.
CVE-2022-47036 1 Siklu 1 Tg Terragraph 2026-04-15 9.8 Critical
Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later.
CVE-2022-47090 2026-04-15 7.8 High
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c, check needed for num_exp_tile_columns
CVE-2022-48682 2026-04-15 6 Medium
In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.