Total
364749 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25062 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2026-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2022-25061 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | |||||
| CVE-2022-25060 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2026-07-09 | 10.0 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | |||||
| CVE-2022-25022 | 1 Htmly | 1 Htmly | 2026-07-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | |||||
| CVE-2022-25020 | 1 Pluxml | 1 Pluxml | 2026-07-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | |||||
| CVE-2022-25018 | 1 Pluxml | 1 Pluxml | 2026-07-09 | 6.5 MEDIUM | 8.8 HIGH |
| Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. | |||||
| CVE-2022-24992 | 1 Qr Code Generator Project | 1 Qr Code Generator | 2026-07-09 | N/A | 7.5 HIGH |
| A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. | |||||
| CVE-2022-24654 | 1 Intelbras | 2 Ata 200, Ata 200 Firmware | 2026-07-09 | N/A | 5.4 MEDIUM |
| Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. | |||||
| CVE-2022-24644 | 1 Zzinc | 2 Keymouse, Keymouse Firmware | 2026-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. | |||||
| CVE-2022-24618 | 1 Heimdalsecurity | 1 Heimdal Premium Security | 2026-07-09 | 7.2 HIGH | 7.8 HIGH |
| Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer. | |||||
| CVE-2022-24611 | 1 Silabs | 10 Sd3502, Sd3502 Firmware, Sd3503 and 7 more | 2026-07-09 | 6.1 MEDIUM | 6.5 MEDIUM |
| Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. | |||||
| CVE-2022-24581 | 1 Aceware | 1 Aceweb Online Portal | 2026-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. | |||||
| CVE-2022-24573 | 1 Element-it | 1 Http Commander | 2026-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | |||||
| CVE-2022-24562 | 1 Iobit | 1 Iotransfer | 2026-07-09 | 10.0 HIGH | 9.8 CRITICAL |
| In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. | |||||
| CVE-2022-24255 | 1 Extensis | 1 Portfolio | 2026-07-09 | 9.0 HIGH | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. | |||||
| CVE-2022-24254 | 1 Extensis | 1 Portfolio | 2026-07-09 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2022-24253 | 1 Extensis | 1 Portfolio | 2026-07-09 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | |||||
| CVE-2022-24252 | 1 Extensis | 1 Portfolio | 2026-07-09 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-24251 | 1 Extensis | 1 Portfolio | 2026-07-09 | 6.5 MEDIUM | 8.8 HIGH |
| Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | |||||
| CVE-2022-24241 | 1 Aceware | 1 Aceweb Online Portal | 2026-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | |||||
