Export limit exceeded: 341121 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341121 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44846 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44845 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44844 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44843 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44842 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44841 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44840 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44839 | 1 Totolink | 2 Ca600-poe, Ca600-poe Firmware | 2025-05-22 | 6.5 Medium |
| TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44838 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44837 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44836 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2025-05-22 | 6.3 Medium |
| TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-41343 | 1 Dompdf Project | 1 Dompdf | 2025-05-22 | 7.5 High |
| registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | ||||
| CVE-2022-41340 | 1 Secp256k1-js Project | 1 Secp256k1-js | 2025-05-22 | 7.5 High |
| The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. | ||||
| CVE-2022-40748 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-22 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586. | ||||
| CVE-2022-40359 | 1 Kfm Project | 1 Kfm | 2025-05-22 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php. | ||||
| CVE-2022-40122 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. | ||||
| CVE-2022-40121 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. | ||||
| CVE-2022-40120 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. | ||||
| CVE-2022-40119 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. | ||||
| CVE-2022-40118 | 1 Online Banking System Project | 1 Online Banking System | 2025-05-22 | 9.8 Critical |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. | ||||