Export limit exceeded: 342962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10082 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10082 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28755 | 1 Zoom | 2 Virtual Desktop Infrastructure, Zoom | 2024-11-21 | 9.6 Critical |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths. | ||||
| CVE-2022-28747 | 1 Gosecure | 1 Titan Inbox Detection \& Response | 2024-11-21 | 9.8 Critical |
| Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload. | ||||
| CVE-2022-28590 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 7.2 High |
| A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | ||||
| CVE-2022-28464 | 1 Apifox | 1 Apifox | 2024-11-21 | 9.0 Critical |
| Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. | ||||
| CVE-2022-28375 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | 9.8 Critical |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root, | ||||
| CVE-2022-28374 | 1 Verizon | 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware | 2024-11-21 | 8.8 High |
| Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root. | ||||
| CVE-2022-28373 | 1 Verizon | 2 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware | 2024-11-21 | 9.8 Critical |
| Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root. | ||||
| CVE-2022-28368 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 9.8 Critical |
| Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | ||||
| CVE-2022-28219 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 9.8 Critical |
| Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | ||||
| CVE-2022-28096 | 1 Skycaiji | 1 Skycaiji | 2024-11-21 | 7.2 High |
| Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. | ||||
| CVE-2022-28021 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2024-11-21 | 9.8 Critical |
| Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. | ||||
| CVE-2022-28005 | 1 3cx | 1 3cx | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482. | ||||
| CVE-2022-27982 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 9.8 Critical |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. | ||||
| CVE-2022-27919 | 1 Gradle | 1 Enterprise | 2024-11-21 | 9.8 Critical |
| Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. | ||||
| CVE-2022-27634 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.5 Medium |
| On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-27478 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 8.8 High |
| Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. | ||||
| CVE-2022-27474 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.2 High |
| SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. | ||||
| CVE-2022-27438 | 29 3cx, Boom, Caphyon and 26 more | 99 Call Flow Designer, Crm Template Generator, Boomtv Streamer Portal and 96 more | 2024-11-21 | 8.1 High |
| Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. | ||||
| CVE-2022-27336 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. | ||||
| CVE-2022-27276 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 9.8 Critical |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet. | ||||