Filtered by CWE-425
Filtered by vendor Subscriptions
Total 177 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-4057 1 Optimizingmatters 1 Autooptimize 2024-11-21 5.3 Medium
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.
CVE-2022-47700 1 Comfast Project 2 Cf-wr623n, Cf-wr623n Firmware 2024-11-21 7.5 High
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.
CVE-2022-45276 1 Eyunjing 1 Yjcms 2024-11-21 9.8 Critical
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.
CVE-2022-42953 1 Zkteco 20 Zem500, Zem500 Firmware, Zem510 and 17 more 2024-11-21 7.5 High
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210).
CVE-2022-42438 2 Ibm, Linux 2 Cloud Pak For Multicloud Management Monitoring, Linux Kernel 2024-11-21 7.5 High
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.
CVE-2022-42238 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 8.8 High
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.
CVE-2022-42197 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2024-11-21 6.5 Medium
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.
CVE-2022-41746 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 9.1 Critical
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.
CVE-2022-40845 1 Tenda 2 Ac1200 V-w15ev2, W15e Firmware 2024-11-21 6.5 Medium
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have.
CVE-2022-36158 1 Contec 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more 2024-11-21 8.0 High
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).
CVE-2022-34574 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 5.7 Medium
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.
CVE-2022-34573 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 6.3 Medium
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.
CVE-2022-34572 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 5.7 Medium
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
CVE-2022-34571 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 8.0 High
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml.
CVE-2022-34570 1 Wavlink 2 Wl-wn579x3, Wl-wn579x3 Firmware 2024-11-21 7.5 High
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
CVE-2022-31847 1 Wavlink 2 Wn579x3, Wn579x3 Firmware 2024-11-21 7.5 High
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.
CVE-2022-31485 2 Carrier, Hidglobal 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more 2024-11-21 5.3 Medium
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.
CVE-2022-31484 2 Carrier, Hidglobal 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more 2024-11-21 7.5 High
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.
CVE-2022-31480 2 Carrier, Hidglobal 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more 2024-11-21 7.5 High
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.
CVE-2022-2551 1 Snapcreek 1 Duplicator 2024-11-21 7.5 High
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.