Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,392
Quick preset (or use dates below)
Clear Filters
Showing 14,161 - 14,180 of 14,400 CVEs
CVE-2022-50804 HIGH - 8.8

JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery (CSRF) attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their knowledge or consent.

Vendor: jm-data
Product: onu_jf511-tv_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50800 HIGH - 7.5

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-e...

Published: Dec 30, 2025
Source: NVD
CVE-2022-50799 HIGH - 7.5

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the app...

Published: Dec 30, 2025
Source: NVD
CVE-2022-50795 HIGH - 7.8

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the traceroute.php script, which...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50793 HIGH - 8.8

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'se...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50792 HIGH - 7.5

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the a...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50791 HIGH - 7.8

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script, ...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50790 HIGH - 7.5

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream detai...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50789 HIGH - 7.8

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the vu...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50788 HIGH - 7.5

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication.

Vendor: sound4
Product: first_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50787 HIGH - 7.2

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim b...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50695 HIGH - 7.5

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2022-50692 HIGH - 7.5

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the applicati...

Vendor: sound4
Product: impact_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15360 HIGH - 7.2

A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attack m...

Vendor: newbee-ltd
Product: newbee-mall-plus
Published: Dec 30, 2025
Source: NVD
CVE-2025-66723 HIGH - 7.5

inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.

Vendor: inmusicbrands
Product: engine_dj_desktop
Published: Dec 30, 2025
Source: NVD
CVE-2025-15356 HIGH - 8.8

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit ha...

Vendor: tenda
Product: ac20_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-69256 HIGH - 7.5

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package (@serverless/mcp). This...

Published: Dec 30, 2025
Source: NVD
CVE-2025-66835 HIGH - 7.1

TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context.

Vendor: trueconf
Product: trueconf
Published: Dec 30, 2025
Source: NVD
CVE-2025-66834 HIGH - 7.3

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.

Vendor: trueconf
Product: server
Published: Dec 30, 2025
Source: NVD
CVE-2025-66824 HIGH - 8.7

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meeting_room parameter and executed when users visit the Conference Info page, allowing attackers...

Vendor: trueconf
Product: server
Published: Dec 30, 2025
Source: NVD