Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32027 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. | |||||
| CVE-2022-32028 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. | |||||
| CVE-2022-24700 | 1 Winaprs | 1 Winaprs | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-24701 | 1 Winaprs | 1 Winaprs | 2022-06-10 | 4.6 MEDIUM | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2022-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-31500 | 1 Knime | 1 Analytics Platform | 2022-06-10 | 4.6 MEDIUM | 7.8 HIGH |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | |||||
| CVE-2022-27782 | 1 Haxx | 1 Curl | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | |||||
| CVE-2022-29729 | 1 Verizon | 2 4g Lte Network Extender, 4g Lte Network Extender Firmware | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | |||||
| CVE-2022-31782 | 1 Freedesktop | 1 Freetype Demo Programs | 2022-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. | |||||
| CVE-2022-30034 | 1 Flower Project | 1 Flower | 2022-06-10 | 7.5 HIGH | 8.6 HIGH |
| Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. | |||||
| CVE-2022-32008 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. | |||||
| CVE-2022-32007 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. | |||||
| CVE-2022-32011 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. | |||||
| CVE-2022-32010 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. | |||||
| CVE-2022-32013 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. | |||||
| CVE-2022-32012 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. | |||||
| CVE-2022-32015 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. | |||||
| CVE-2022-32014 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. | |||||
| CVE-2022-32017 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. | |||||
| CVE-2022-32016 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. | |||||
| CVE-2022-32018 | 1 Complete Online Job Search System Project | 1 Complete Online Job Search System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. | |||||
| CVE-2022-31994 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. | |||||
| CVE-2022-32003 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. | |||||
| CVE-2022-32004 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. | |||||
| CVE-2022-32006 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. | |||||
| CVE-2022-32005 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. | |||||
| CVE-2022-31985 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. | |||||
| CVE-2022-31988 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. | |||||
| CVE-2022-31986 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. | |||||
| CVE-2022-31992 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. | |||||
| CVE-2022-32001 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. | |||||
| CVE-2022-32200 | 1 Libdwarf Project | 1 Libdwarf | 2022-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. | |||||
| CVE-2022-31998 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. | |||||
| CVE-2022-31996 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. | |||||
| CVE-2022-32000 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. | |||||
| CVE-2022-31974 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. | |||||
| CVE-2022-31975 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-31980 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. | |||||
| CVE-2022-31981 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. | |||||
| CVE-2022-31983 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. | |||||
| CVE-2022-31982 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. | |||||
| CVE-2022-31984 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. | |||||
| CVE-2022-31004 | 1 Mitre | 1 Cve-services | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. | |||||
| CVE-2022-31339 | 1 Simple Inventory System Project | 1 Simple Inventory System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. | |||||
| CVE-2020-20971 | 1 Pbootcms | 1 Pbootcms | 2022-06-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | |||||
| CVE-2022-30835 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. | |||||
| CVE-2022-31971 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. | |||||
| CVE-2022-30834 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= | |||||
| CVE-2022-30832 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. | |||||
| CVE-2022-30831 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. | |||||