U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CVSS Version: 3
  • CVSS V3 Severity: Critical (9-10)
There are 23,540 matching records.
Displaying matches 8,381 through 8,400.
Vuln ID Summary CVSS Severity
CVE-2022-28577

It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

Published: May 05, 2022; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-28575

It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload

Published: May 05, 2022; 2:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-29592

Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).

Published: May 05, 2022; 1:15:15 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-29502

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.

Published: May 05, 2022; 1:15:15 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-28606

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server.

Published: May 05, 2022; 1:15:14 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-28533

Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php.

Published: May 05, 2022; 1:15:14 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-28530

Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory.

Published: May 05, 2022; 1:15:14 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.

Published: May 05, 2022; 1:15:14 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-27588

We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later

Published: May 05, 2022; 1:15:12 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-26415

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published: May 05, 2022; 1:15:12 PM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0: 6.0 MEDIUM
CVE-2022-1388

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published: May 05, 2022; 1:15:10 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-44057

An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later

Published: May 05, 2022; 1:15:10 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-44056

An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later

Published: May 05, 2022; 1:15:10 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-44055

An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later

Published: May 05, 2022; 1:15:10 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-38487

RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.

Published: May 05, 2022; 1:15:09 PM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2021-38445

OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.

Published: May 05, 2022; 1:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.

Published: May 05, 2022; 1:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

Published: May 05, 2022; 1:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-38439

All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.

Published: May 05, 2022; 1:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-38435

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.

Published: May 05, 2022; 1:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH