Export limit exceeded: 47135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47135 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36615 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36614 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36613 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36612 | 1 Totolink | 2 A950rg, A950rg Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36611 | 1 Totolink | 2 A800r, A800r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36610 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||||
| CVE-2022-36600 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | 4.8 Medium |
| BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | ||||
| CVE-2022-36583 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.1 Medium |
| DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | ||||
| CVE-2022-36573 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. | ||||
| CVE-2022-36560 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2024-11-21 | 9.8 Critical |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. | ||||
| CVE-2022-36558 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | 9.8 Critical |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | ||||
| CVE-2022-36533 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2024-11-21 | 5.4 Medium |
| Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-36530 | 1 Rageframe | 1 Rageframe | 2024-11-21 | 6.1 Medium |
| An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page. | ||||
| CVE-2022-36527 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.4 Medium |
| Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | ||||
| CVE-2022-36311 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 6.1 Medium |
| Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-36305 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-36304 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-36303 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 6.1 Medium |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php. | ||||
| CVE-2022-36277 | 1 Tcman | 1 Gim | 2024-11-21 | 6.5 Medium |
| The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks. | ||||
| CVE-2022-36266 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | 6.1 Medium |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page. | ||||