Latest CVE Feed
-
9.8
CRITICALCVE-2022-46170
CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if ... Read more
Affected Products : codeigniter- Published: Dec. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versio... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware ecostruxure_control_expert +62 more products- Published: Jan. 31, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware ecostruxure_control_expert +98 more products- Published: Jan. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46383
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within... Read more
Affected Products : digital_rebar- Published: Dec. 06, 2022
- Modified: Apr. 23, 2025
-
9.8
CRITICALCVE-2022-46071
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.... Read more
Affected Products : helmet_store_showroom_site- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-46319
Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.... Read more
- Published: Dec. 20, 2022
- Modified: Apr. 16, 2025
-
9.8
CRITICALCVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.... Read more
Affected Products : pytorch- Published: Nov. 26, 2022
- Modified: Apr. 25, 2025
-
9.8
CRITICALCVE-2022-45830
Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.... Read more
Affected Products : analytify_-_google_analytics_dashboard- Published: Jan. 02, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2022-45637
An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.... Read more
Affected Products : bofei_dbd\+- Published: Mar. 21, 2023
- Modified: Feb. 26, 2025
-
9.8
CRITICALCVE-2022-45479
PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H... Read more
Affected Products : pc_keyboard_wifi\&bluetooth- Published: Dec. 05, 2022
- Modified: Apr. 23, 2025
-
9.8
CRITICALCVE-2022-45553
An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.... Read more
- Published: Mar. 03, 2023
- Modified: Mar. 07, 2025
-
9.8
CRITICALCVE-2022-45481
The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H... Read more
- Published: Dec. 05, 2022
- Modified: Apr. 24, 2025
-
9.8
CRITICALCVE-2022-45806
Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.... Read more
- Published: Dec. 13, 2024
- Modified: Feb. 05, 2025
-
9.8
CRITICALCVE-2022-45400
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more
Affected Products : japex- Published: Nov. 15, 2022
- Modified: Apr. 30, 2025
-
9.8
CRITICALCVE-2022-45396
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more
Affected Products : sourcemonitor- Published: Nov. 15, 2022
- Modified: Apr. 30, 2025
-
9.8
CRITICALCVE-2022-45377
Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. ... Read more
Affected Products : drag_and_drop_multiple_file_upload_for_woocommerce- Published: Dec. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-45370
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. ... Read more
Affected Products : wordpress_comments_import_and_export- Published: Nov. 07, 2023
- Modified: Feb. 19, 2025
-
9.8
CRITICALCVE-2022-45719
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function.... Read more
- Published: Dec. 23, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2022-45140
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.... Read more
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-45135
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.... Read more
Affected Products : cocoon- Published: Nov. 30, 2023
- Modified: Feb. 13, 2025