Filtered by CWE-284
Total 3781 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-0722 1 Needyamin 1 Image Gallery Management System 2025-04-16 4.7 Medium
A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-29984 2025-04-16 6.7 Medium
Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2025-27649 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-04-15 9.8 Critical
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016.
CVE-2025-27646 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-04-15 9.8 Critical
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001.
CVE-2022-44643 2 Amd, Grafana 2 Amd64, Enterprise Metrics 2025-04-15 5.7 Medium
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.
CVE-2022-3186 1 Dataprobe 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more 2025-04-15 8.6 High
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.
CVE-2021-40404 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2025-04-15 6.5 Medium
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40413 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2025-04-15 7.1 High
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40414 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2025-04-15 7.1 High
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters.
CVE-2021-40415 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2025-04-15 6.5 Medium
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device.
CVE-2021-40416 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2025-04-15 8.8 High
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-21964 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2025-04-15 7.4 High
A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2021-21965 1 Sealevel 2 Seaconnect 370w, Seaconnect 370w Firmware 2025-04-15 9.3 Critical
A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2021-40405 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2025-04-15 6.5 Medium
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-21182 1 Inhandnetworks 2 Inrouter302, Inrouter302 Firmware 2025-04-15 8.8 High
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-26346 1 Tcl 1 Linkhub Mesh Wifi Ac1200 2025-04-15 9.8 Critical
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
CVE-2022-27178 1 Tcl 1 Linkhub Mesh Wifi Ac1200 2025-04-15 9.8 Critical
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
CVE-2022-27185 1 Tcl 1 Linkhub Mesh Wifi Ac1200 2025-04-15 7.5 High
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
CVE-2022-27660 1 Tcl 1 Linkhub Mesh Wifi Ac1200 2025-04-15 7.5 High
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
CVE-2022-38546 1 Zyxel 2 Nbg7510, Nbg7510 Firmware 2025-04-15 5.3 Medium
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.