Vulnerabilities (CVE)

Total 364749 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25062 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2026-07-09 5.0 MEDIUM 7.5 HIGH
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2022-25061 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2026-07-09 7.5 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
CVE-2022-25060 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2026-07-09 10.0 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
CVE-2022-25022 1 Htmly 1 Htmly 2026-07-09 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.
CVE-2022-25020 1 Pluxml 1 Pluxml 2026-07-09 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
CVE-2022-25018 1 Pluxml 1 Pluxml 2026-07-09 6.5 MEDIUM 8.8 HIGH
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
CVE-2022-24992 1 Qr Code Generator Project 1 Qr Code Generator 2026-07-09 N/A 7.5 HIGH
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.
CVE-2022-24654 1 Intelbras 2 Ata 200, Ata 200 Firmware 2026-07-09 N/A 5.4 MEDIUM
Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.
CVE-2022-24644 1 Zzinc 2 Keymouse, Keymouse Firmware 2026-07-09 6.8 MEDIUM 8.8 HIGH
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.
CVE-2022-24618 1 Heimdalsecurity 1 Heimdal Premium Security 2026-07-09 7.2 HIGH 7.8 HIGH
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
CVE-2022-24611 1 Silabs 10 Sd3502, Sd3502 Firmware, Sd3503 and 7 more 2026-07-09 6.1 MEDIUM 6.5 MEDIUM
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.
CVE-2022-24581 1 Aceware 1 Aceweb Online Portal 2026-07-09 5.0 MEDIUM 7.5 HIGH
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
CVE-2022-24573 1 Element-it 1 Http Commander 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.
CVE-2022-24562 1 Iobit 1 Iotransfer 2026-07-09 10.0 HIGH 9.8 CRITICAL
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.
CVE-2022-24255 1 Extensis 1 Portfolio 2026-07-09 9.0 HIGH 8.8 HIGH
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
CVE-2022-24254 1 Extensis 1 Portfolio 2026-07-09 6.5 MEDIUM 8.8 HIGH
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
CVE-2022-24253 1 Extensis 1 Portfolio 2026-07-09 6.5 MEDIUM 8.8 HIGH
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
CVE-2022-24252 1 Extensis 1 Portfolio 2026-07-09 6.5 MEDIUM 8.8 HIGH
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
CVE-2022-24251 1 Extensis 1 Portfolio 2026-07-09 6.5 MEDIUM 8.8 HIGH
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
CVE-2022-24241 1 Aceware 1 Aceweb Online Portal 2026-07-09 5.0 MEDIUM 7.5 HIGH
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.