CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

364 matches found

VulnCheck KEV•added 2023/02/01 12:0 a.m.•1 views

VulnCheck KEV: CVE-2023-27076

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter...

9.8CVSS7.6AI score0.02927EPSS

Exploits1References1

CNNVD•added 2023/01/08 12:0 a.m.•2 views

web-cyradm SQL注入漏洞

web-cyradm is web-cyradm open source a web-based software. web-cyradm has a SQL injection vulnerability , the vulnerability stems from the wrong operation of the parameter login/loginpassword/LANG leads to sql injection...

9.8CVSS7.6AI score0.00444EPSS

Exploits0References4

BDU FSTEC•added 2022/12/22 12:0 a.m.•1 views

The vulnerability of the “Language” parameter in the web interface of the POWER METER SICAM Q100 microprogramming system allows a hacker to disable the device (with subsequent automatic reboot) or execute arbitrary code.

The vulnerability of the “Language” parameter in the web interface of the POWER METER SICAM Q100 microprogramming system for power measurement devices is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disable the device remotely, causing it to...

9CVSS7.3AI score0.02104EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/11/23 12:0 a.m.•2 views

PT-2022-27155 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the lang parameter in the setLanguageCfg function. This allows for potential exploitation after authentication has be...

8.8CVSS7.6AI score0.0071EPSS

Exploits1References5

Positive Technologies•added 2022/11/08 12:0 a.m.•2 views

PT-2022-5906 · Siemens · Sicam P855 +2

Name of the Vulnerable Software and Affected Versions: POWER METER SICAM Q100 versions prior to V2.50 SICAM P850 versions prior to V3.10 SICAM P855 versions prior to V3.10 Description: The issue is related to errors in processing input data, specifically with the Language parameter in the web...

9.9CVSS9.1AI score0.02104EPSS

Exploits0References7

CNNVD•added 2022/10/06 12:0 a.m.•3 views

TOTOLINK NR1800X 缓冲区错误漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A buffer overflow vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which stems from the lack...

8.8CVSS7.8AI score0.00387EPSS

Exploits1References2

OSV•added 2022/08/25 3:15 p.m.•2 views

CVE-2022-37078

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg...

7.8CVSS7.1AI score0.0018EPSS

Exploits1References1

ATTACKERKB•added 2022/08/25 2:15 p.m.•2 views

CVE-2022-36462

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg...

7.8CVSS7.6AI score0.00055EPSS

Exploits1References2

Positive Technologies•added 2022/08/25 12:0 a.m.•2 views

PT-2022-23404 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N350RT version 9.3.5u.6139 B20201216 Description: A command injection issue was found via the lang parameter in the setLanguageCfg function. Recommendations: For version 9.3.5u.6139 B20201216, avoid using the lang parameter in the...

7.8CVSS7.9AI score0.0018EPSS

Exploits1References2

CNNVD•added 2022/03/10 12:0 a.m.•16 views

phpMyAdmin 信息泄露漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 5.1.1 and prio...

7.5CVSS7.4AI score0.00317EPSS

Exploits0References4

NVD•added 2021/12/15 8:15 a.m.•14 views

CVE-2021-45043

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...

7.5CVSS0.81328EPSS

Exploits1References2

OSV•added 2021/12/15 8:15 a.m.•1 views

CVE-2021-45043

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...

7.5CVSS7.1AI score0.81328EPSS

Exploits1References2

CVE•added 2021/12/15 7:13 a.m.•76 views

CVE-2021-45043

HD-Network Real-time Monitoring System 2.0 is affected by a Local File Inclusion vulnerability. The NUCLEI template for CVE-2021-45043 describes an LFI flaw exposed via the /language/lang s_Language parameter, enabling remote unauthenticated attackers to view confidential information (e.g., /etc/...

7.5CVSS7.4AI score0.81328EPSS

Exploits1References2Affected Software1

OSV•added 2021/08/19 12:15 a.m.•1 views

CVE-2021-32602

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform ...

6.1CVSS6.4AI score0.00443EPSS

Exploits0References1

CNNVD•added 2021/04/14 12:0 a.m.•2 views

Group Office CRM 跨站脚本漏洞

Group Office CRM is a software application. Share projects, calendars, files and emails with colleagues and clients online. Easy to use and fully customizable. A cross-site scripting vulnerability exists in Group Office CRM version 6.4.196. An attacker can exploit this vulnerability via the...

6.1CVSS5.2AI score0.00201EPSS

Exploits1References2