Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44789 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2025-04-25 | N/A | 8.8 HIGH |
| A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. | |||||
| CVE-2022-44400 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. | |||||
| CVE-2022-44399 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. | |||||
| CVE-2022-44284 | 1 Dinstar | 2 Dag2000-16o, Dag2000-16o Firmware | 2025-04-25 | N/A | 5.4 MEDIUM |
| Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-44283 | 1 Avs4you | 1 Avs Audio Converter | 2025-04-25 | N/A | 9.8 CRITICAL |
| AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. | |||||
| CVE-2022-44280 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-25 | N/A | 6.5 MEDIUM |
| Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-44278 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-44260 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. | |||||
| CVE-2022-44259 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. | |||||
| CVE-2022-44258 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. | |||||
| CVE-2022-44257 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. | |||||
| CVE-2022-44256 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. | |||||
| CVE-2022-44255 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | |||||
| CVE-2022-44254 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | |||||
| CVE-2022-44253 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | |||||
| CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | |||||
| CVE-2022-43705 | 1 Botan Project | 1 Botan | 2025-04-25 | N/A | 9.1 CRITICAL |
| In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016). | |||||
| CVE-2022-3839 | 1 Analytics For Wp Project | 1 Analytics For Wp | 2025-04-25 | N/A | 4.8 MEDIUM |
| The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3834 | 1 Google Forms Project | 1 Google Forms | 2025-04-25 | N/A | 4.8 MEDIUM |
| The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3603 | 1 Piwebsolution | 1 Export Customers List Csv For Woocommerce | 2025-04-25 | N/A | 9.8 CRITICAL |
| The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection. | |||||