Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42887 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||||
| CVE-2022-28397 | 1 Ghost | 1 Ghost | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional. | |||||
| CVE-2022-27139 | 1 Ghost | 1 Ghost | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality. | |||||
| CVE-2022-28945 | 1 Webbank | 1 Webcube | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | |||||
| CVE-2022-26869 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. | |||||
| CVE-2022-29084 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. | |||||
| CVE-2022-32271 | 1 Realnetworks | 1 Realplayer | 2022-06-13 | 6.8 MEDIUM | 9.6 CRITICAL |
| In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | |||||
| CVE-2022-30235 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2022-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||
| CVE-2022-30234 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||
| CVE-2022-30600 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | |||||
| CVE-2022-30599 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | |||||
| CVE-2021-45809 | 1 Globalprotect-openconnect Project | 1 Globalprotect-openconnect | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter. | |||||
| CVE-2022-0142 | 1 Vfbpro | 1 Visual Form Builder | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | |||||
| CVE-2021-45981 | 1 Netscout | 1 Ngeniusone | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. | |||||
| CVE-2022-23066 | 1 Solana | 1 Rbpf | 2022-06-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to transfer tokens or not. The vulnerability affects both integrity and may cause serious availability problems. | |||||
| CVE-2022-32270 | 1 Realnetworks | 1 Realplayer | 2022-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | |||||
| CVE-2020-36542 | 1 Demokratian | 1 Demokratian | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2020-36541 | 1 Demokratian | 1 Demokratian | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input -1%20union%20all%20select%201,2,3,4,database() leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2020-36540 | 1 Neetai | 1 Neetai Tech | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-36539 | 1 Logicoycreativo | 1 Logico Y Creativo | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Lógico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2022-32019 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | |||||
| CVE-2022-29704 | 1 Browsbox | 1 Brows Box | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2022-30722 | 1 Google | 1 Android | 2022-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | |||||
| CVE-2022-30713 | 1 Google | 1 Android | 2022-06-11 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30712 | 1 Google | 1 Android | 2022-06-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30711 | 1 Google | 1 Android | 2022-06-11 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30710 | 1 Google | 1 Android | 2022-06-11 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30797 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | |||||
| CVE-2022-30512 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | |||||
| CVE-2022-30506 | 1 Mingsoft | 1 Mcms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | |||||
| CVE-2022-30511 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | |||||
| CVE-2022-30510 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | |||||
| CVE-2022-32020 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. | |||||
| CVE-2022-30490 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. | |||||
| CVE-2022-24702 | 1 Winaprs | 1 Winaprs | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-30481 | 1 Food-order-and-table-reservation-system Project | 1 Food-order-and-table-reservation-system | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | |||||
| CVE-2022-30478 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. | |||||
| CVE-2022-30470 | 1 Afian | 1 Filerun | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | |||||
| CVE-2022-31946 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. | |||||
| CVE-2022-31945 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-31952 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. | |||||
| CVE-2022-31951 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. | |||||
| CVE-2022-31948 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. | |||||
| CVE-2022-31959 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. | |||||
| CVE-2022-32002 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. | |||||
| CVE-2022-31991 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. | |||||
| CVE-2022-31990 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. | |||||
| CVE-2022-31989 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-31993 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-31976 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. | |||||