Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35689 1 Adobe 2 Commerce, Magento Open Source 2026-06-17 N/A 5.3 MEDIUM
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
CVE-2022-35621 1 Evohclaimable Project 1 Evohclaimable 2026-06-17 N/A 5.3 MEDIUM
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.
CVE-2022-35538 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35537 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35536 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.
CVE-2022-35535 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.
CVE-2022-35534 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.
CVE-2022-35533 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.
CVE-2022-35526 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.
CVE-2022-35525 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.
CVE-2022-35524 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.
CVE-2022-35523 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
CVE-2022-35522 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.
CVE-2022-35521 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.
CVE-2022-35520 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml.
CVE-2022-35519 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
CVE-2022-35518 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 9.8 CRITICAL
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
CVE-2022-35517 1 Wavlink 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more 2026-06-17 N/A 8.8 HIGH
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
CVE-2022-35276 1 Intel 10 Nuc 8 Compute Element Cm8ccb, Nuc 8 Compute Element Cm8ccb Firmware, Nuc 8 Compute Element Cm8i3cb and 7 more 2026-06-17 N/A 7.5 HIGH
Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-35246 1 Rocket.chat 1 Rocket.chat 2026-06-17 N/A 4.3 MEDIUM
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access.