CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2022/12/08 12:0 a.m.•3 views

PT-2022-27566 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the opttype parameter at the "/goform/IPSECsave" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, as a temporary workaround, consider...

Positive Technologies•added 2022/12/08 12:0 a.m.•4 views

PT-2022-27550 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the new account parameter at the "/goform/editUserName" API endpoint. This issue affects the specified version of the Tenda W30E device. Recommendations: Fo...

7.5CVSS7.5AI score0.00859EPSS

Positive Technologies•added 2022/12/08 12:0 a.m.•3 views

PT-2022-27554 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the page parameter at the "/goform/SafeEmailFilter" API endpoint. This issue affects the Tenda W30E router. Recommendations: For Tenda W30E version...

Positive Technologies•added 2022/12/08 12:0 a.m.•3 views

PT-2022-27549 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the editNameMit parameter at the "/goform/editFileName" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, as a temporary workaround, consid...

7.5CVSS7.5AI score0.00825EPSS

Positive Technologies•added 2022/12/08 12:0 a.m.•4 views

PT-2022-27559 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the page parameter at the "/goform/VirtualSer" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, consider disabling access to the...

7.5CVSS7.6AI score0.00859EPSS

Positive Technologies•added 2022/12/08 12:0 a.m.•3 views

PT-2022-27556 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered, which can be triggered via the page parameter at the "/goform/webExcptypemanFilter" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, consider...

Positive Technologies•added 2022/12/08 12:0 a.m.•3 views

PT-2022-27547 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the cmdinput parameter at the "/goform/exeCommand" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, consider restricting access to the...

Positive Technologies•added 2022/12/08 12:0 a.m.•3 views

PT-2022-27558 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered, which can be triggered via the page parameter at the "/goform/NatStaticSetting" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, consider...

Prion•added 2022/12/06 3:15 p.m.•13 views

Code injection

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...

7.5CVSS9.3AI score0.00692EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/12/06 12:0 a.m.•3 views

PT-2022-27846 · Rackn · Rackn Digital Rebar

Name of the Vulnerable Software and Affected Versions: RackN Digital Rebar versions 4.6.14 and earlier RackN Digital Rebar versions 4.7 through 4.7.22 RackN Digital Rebar versions 4.8 through 4.8.5 RackN Digital Rebar versions 4.9 through 4.9.12 RackN Digital Rebar versions 4.10 through 4.10.8...

9.8CVSS9.3AI score0.00692EPSS

Exploits0References4

CVE•added 2022/12/06 12:0 a.m.•57 views

CVE-2022-46383

CVE-2022-46383 affects RackN Digital Rebar up to versions 4.10.8. The vulnerability stems from Incorrect Access Control: a public API endpoint exposes a privileged token that an attacker can use to escalate privileges and gain full administrative access. Exploitation details are not provided in t...

9.8CVSS9.3AI score0.00692EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/12/06 12:0 a.m.•12 views

CVE-2022-46383

9.6AI score0.00692EPSS

Exploits0References2

Positive Technologies•added 2022/12/02 12:0 a.m.•4 views

PT-2022-27195 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the /goform/setSnmpInfo API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version 1.0.0.144656,...

9.8CVSS6.6AI score0.00755EPSS

Exploits0References5

Positive Technologies•added 2022/12/02 12:0 a.m.•4 views

PT-2022-27198 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/setUplinkInfo" API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version...

9.8CVSS9.2AI score0.00928EPSS

Positive Technologies•added 2022/12/02 12:0 a.m.•2 views

PT-2022-27162 · Unknown · Sanitization Management System

Name of the Vulnerable Software and Affected Versions: Sanitization Management System version 1.0 Description: The issue concerns SQL Injection, which can be exploited via the /php-sms/classes/Master.php?f=delete product API endpoint. This allows for potential manipulation of database queries...

7.2CVSS7.4AI score0.00726EPSS

Positive Technologies•added 2022/11/29 12:0 a.m.•5 views

PT-2022-27164 · Unknown · Garage Management System

Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the "/garage/php action/createBrand.php" API endpoint. This allows for potential malicious script injection. Recommendations: For Garage...

6.1CVSS6AI score0.00551EPSS

Exploits1References6

Positive Technologies•added 2022/11/28 12:0 a.m.•6 views

PT-2022-27210 · Unknown · Poultry Farm Management System

Name of the Vulnerable Software and Affected Versions: Poultry Farm Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the del parameter at the "/Redcock-Farm/farm/category.php" API endpoint. Recommendations: F...

9.8CVSS9.4AI score0.00752EPSS

Exploits1References4

Positive Technologies•added 2022/11/28 12:0 a.m.•3 views

PT-2022-27437 · Unknown · Sanitization Management System

Name of the Vulnerable Software and Affected Versions: Sanitization Management System version 1.0.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at the "/php-sms/classes/Login.php...

6.1CVSS6AI score0.00423EPSS

OSV•added 2022/11/23 6:15 p.m.•3 views

CVE-2022-39833

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...

7.2CVSS6.3AI score0.02619EPSS