Uncategorized CVEs — 2022 (Page 8/27)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2022-08-25

Critical

CVE-2022-28747

Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload.

CVSS: 9.8CWE: N/A

Medium

CVE-2022-23235

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Acti…

CVSS: 5.3CWE: N/A

2022-08-24

Medium

CVE-2022-33172

de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.

CVSS: 5.5CWE: N/A

High

CVE-2022-27812

Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.

CVSS: 7.5CWE: N/A

2022-08-23

Medium

CVE-2022-35242

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.

CVSS: 6.5CWE: CWE-264

High

CVE-2022-34868

Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress.

CVSS: 8.8CWE: CWE-264

Low

CVE-2022-28883

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can…

CVSS: 3.5CWE: N/A

Critical

CVE-2021-42627

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and al…

CVSS: 9.8CWE: N/A

High

CVE-2022-25302

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeId…

CVSS: 7.5CWE: N/A

High

CVE-2022-33916

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.

CVSS: 7.5CWE: N/A

2022-08-22

Medium

CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific…

CVSS: 6.3CWE: N/A

Medium

CVE-2022-34771

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: ph…

CVSS: 5.5CWE: N/A

Critical

CVE-2022-34149

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

CVSS: 9.8CWE: CWE-264

2022-08-19

Critical

CVE-2022-35201

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-36220

Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.

CVSS: 9.8CWE: N/A

High

CVE-2022-35909

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.

CVSS: 8.8CWE: N/A

High

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

CVSS: 7.5CWE: N/A

High

CVE-2022-2074

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.

CVSS: 7.5CWE: N/A

High

CVE-2022-2049

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

CVSS: 7.5CWE: N/A

2022-08-18

Medium

CVE-2022-28697

Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS: 6.8CWE: N/A

Medium

CVE-2022-28709

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4CWE: N/A

Medium

CVE-2022-26373

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS: 5.5CWE: N/A

High

CVE-2022-26017

Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVSS: 8.0CWE: N/A

High

CVE-2022-25966

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8CWE: N/A

High

CVE-2022-23182

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS: 8.8CWE: N/A

High

CVE-2022-21812

Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8CWE: N/A

Medium

CVE-2022-21793

Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare be…

CVSS: 5.5CWE: N/A

Medium

CVE-2022-21233

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 5.5CWE: N/A

High

CVE-2022-21229

Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8CWE: N/A

High

CVE-2022-21225

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVSS: 8.0CWE: N/A

Medium

CVE-2022-21152

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.5CWE: N/A

High

CVE-2022-21148

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.8CWE: N/A

Medium

CVE-2022-21140

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 5.5CWE: N/A

Medium

CVE-2021-33128

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4CWE: N/A

Medium

CVE-2021-33126

Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial o…

CVSS: 4.4CWE: N/A

Low

CVE-2021-23188

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 3.3CWE: N/A

Medium

CVE-2022-33311

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2022-32583

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2022-32544

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2022-32283

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2022-25986

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.

CVSS: 4.3CWE: N/A

High

CVE-2021-30070

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the oper…

CVSS: 7.5CWE: N/A

2022-08-17

High

CVE-2022-36215

DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php.

CVSS: 7.2CWE: N/A

Medium

CVE-2022-38392

Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a…

CVSS: 5.3CWE: N/A

Critical

CVE-2022-22455

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesse…

CVSS: 9.8CWE: N/A

High

CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon.

CVSS: 7.5CWE: N/A

2022-08-16

Medium

CVE-2022-35004

JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT at /src/jpeg.inl.

CVSS: 5.5CWE: N/A

Medium

CVE-2022-35002

JPEGDEC commit be4843c was discovered to contain a segmentation fault via TIFFSHORT at /src/jpeg.inl.

CVSS: 5.5CWE: N/A

Medium

CVE-2022-35000

JPEGDEC commit be4843c was discovered to contain a segmentation fault via fseek at /libio/fseek.c.

CVSS: 5.5CWE: N/A

High

CVE-2022-38362

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

CVSS: 8.8CWE: N/A

High

CVE-2022-33939

CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploi…

CVSS: 7.5CWE: N/A

2022-08-15

High

CVE-2022-35822

Windows Defender Credential Guard Security Feature Bypass Vulnerability

CVSS: 7.1CWE: N/A

High

CVE-2022-34711

Windows Defender Credential Guard Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-36526

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin.

CVSS: 7.5CWE: N/A

High

CVE-2022-33990

Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpr…

CVSS: 7.5CWE: N/A

Medium

CVE-2022-33993

Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their m…

CVSS: 5.3CWE: N/A

High

CVE-2022-33992

DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolver…

CVSS: 7.5CWE: N/A

2022-08-12

High

CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows by…

CVSS: 8.3CWE: CWE-16

Medium

CVE-2022-2622

Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.

CVSS: 6.5CWE: N/A

Medium

CVE-2022-2616

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (…

CVSS: 6.5CWE: N/A

Medium

CVE-2022-2611

Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A

High

CVE-2022-28636

A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Pri…

CVSS: 7.4CWE: N/A

High

CVE-2022-28635

CVSS: 7.4CWE: N/A

Medium

CVE-2022-28634

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerabil…

CVSS: 6.7CWE: N/A

High

CVE-2022-28633

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unpr…

CVSS: 7.3CWE: N/A

High

CVE-2022-28632

A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.…

CVSS: 8.8CWE: N/A

High

CVE-2022-28631

CVSS: 8.8CWE: N/A

High

CVE-2022-28630

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. An unprivileged user could locally exploit this vulnerability…

CVSS: 7.3CWE: N/A

High

CVE-2022-28629

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A low privileged user could locally exploit this vulnerability…

CVSS: 7.8CWE: N/A

High

CVE-2022-28628

CVSS: 8.4CWE: N/A

High

CVE-2022-28627

CVSS: 8.4CWE: N/A

Medium

CVE-2022-28626

CVSS: 6.7CWE: N/A

Low

CVE-2022-20339

In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no a…

CVSS: 3.3CWE: N/A

Medium

CVE-2022-20332

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclo…

CVSS: 5.5CWE: N/A

Medium

CVE-2022-20317

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no additional execution privile…

CVSS: 5.5CWE: N/A

High

CVE-2022-20308

In hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution privileges needed…

CVSS: 7.5CWE: N/A

High

CVE-2022-20302

In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if the attacker has physical access to the device, w…

CVSS: 7.6CWE: N/A

High

CVE-2022-20297

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges nee…

CVSS: 7.8CWE: N/A

High

CVE-2022-20292

CVSS: 7.8CWE: N/A

Medium

CVE-2022-20290

In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User…

CVSS: 5.5CWE: N/A

Medium

CVE-2022-20289

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disc…

CVSS: 5.5CWE: N/A

Medium

CVE-2022-20288

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informati…

CVSS: 5.5CWE: N/A

Medium

CVE-2022-20287

CVSS: 5.5CWE: N/A

High

CVE-2022-20286

In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. This could lead to local escalation of privilege with User execution…

CVSS: 7.8CWE: N/A

Medium

CVE-2022-20285

CVSS: 5.5CWE: N/A

High

CVE-2022-20271

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. This could lead to local escalation of privilege with no addition…

CVSS: 7.8CWE: N/A

Medium

CVE-2022-20270

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges need…

CVSS: 5.5CWE: N/A

High

CVE-2022-20268

In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could lead to local escalation of privilege on an enterp…

CVSS: 7.8CWE: N/A

Medium

CVE-2022-20265

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. This could lead to local escalation of privilege with physical access to the device with no addit…

CVSS: 4.6CWE: N/A

Medium

CVE-2022-20260

In the Phone app, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interac…

CVSS: 5.5CWE: N/A

High

CVE-2022-20258

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges nee…

CVSS: 7.8CWE: N/A

Low

CVE-2022-20257

In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. This could lead to local escalation of privilege with no additional exec…

CVSS: 3.3CWE: N/A

High

CVE-2022-20254

In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploi…

CVSS: 8.8CWE: N/A

2022-08-11

High

CVE-2022-20408

Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A

CVSS: 7.5CWE: N/A

High

CVE-2022-20407

Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A

CVSS: 7.5CWE: N/A

High

CVE-2022-20406

Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A

CVSS: 7.5CWE: N/A

Critical

CVE-2022-20405

Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A

CVSS: 9.8CWE: N/A

High

CVE-2022-20404

Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A

CVSS: 7.5CWE: N/A

Critical

CVE-2022-20403

Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A

CVSS: 9.8CWE: N/A

Critical

CVE-2022-20402

Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A

CVSS: 9.8CWE: N/A

Critical

CVE-2022-20384

Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A

CVSS: 9.8CWE: N/A

Critical

CVE-2022-20381

Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A

CVSS: 9.8CWE: N/A

High

CVE-2022-20380

Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A

CVSS: 7.5CWE: N/A

Critical

CVE-2022-20378

Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A

CVSS: 9.8CWE: N/A

Medium

CVE-2022-20377

In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This could lead to local escalation of privilege with no additional execution…

CVSS: 6.7CWE: N/A

High

CVE-2022-20370

Product: AndroidVersions: Android kernelAndroid ID: A-215730643References: N/A

CVSS: 7.5CWE: N/A

High

CVE-2022-20368

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

CVSS: 7.8CWE: N/A

Critical

CVE-2022-20365

Product: AndroidVersions: Android kernelAndroid ID: A-229632566References: N/A

CVSS: 9.8CWE: N/A

High

CVE-2022-20250

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional e…

CVSS: 7.8CWE: N/A

High

CVE-2022-20248

In Settings, there is a possible way to connect to an open network bypassing DISALLOW_CONFIG_WIFI restriction due to a logic error in the code. This could lead to local escalation of privilege with n…

CVSS: 7.8CWE: N/A

Low

CVE-2022-20245

In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution pr…

CVSS: 2.4CWE: N/A

High

CVE-2022-20180

In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution pr…

CVSS: 7.8CWE: N/A

High

CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reaso…

CVSS: 7.5CWE: N/A

2022-08-10

High

CVE-2022-37024

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) all…

CVSS: 8.8CWE: N/A

High

CVE-2022-37004

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.

CVSS: 7.5CWE: N/A

Critical

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

CVSS: 9.8CWE: N/A

High

CVE-2022-37001

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash.

CVSS: 7.5CWE: N/A

Critical

CVE-2022-36270

Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35538

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in pa…

CVSS: 9.8CWE: N/A