Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 201129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4280 2022-12-03 N/A N/A
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.
CVE-2022-4279 2022-12-03 N/A N/A
A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.
CVE-2022-4278 2022-12-03 N/A N/A
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.
CVE-2022-4277 2022-12-03 N/A N/A
A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability.
CVE-2022-4276 2022-12-03 N/A N/A
A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.
CVE-2022-4275 2022-12-03 N/A N/A
A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.
CVE-2022-4274 2022-12-03 N/A N/A
A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.
CVE-2021-37533 2022-12-03 N/A N/A
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
CVE-2020-15861 3 Canonical, Net-snmp, Netapp 5 Ubuntu Linux, Net-snmp, Cloud Backup and 2 more 2022-12-03 7.2 HIGH 7.8 HIGH
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2020-17507 3 Debian, Fedoraproject, Qt 3 Debian Linux, Fedora, Qt 2022-12-03 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
CVE-2019-4439 1 Ibm 1 Cloud Private 2022-12-03 4.6 MEDIUM 5.3 MEDIUM
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.
CVE-2019-4415 1 Ibm 1 Cloud Private 2022-12-03 4.6 MEDIUM 7.8 HIGH
IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.
CVE-2019-4430 1 Ibm 1 Maximo Asset Management 2022-12-03 5.0 MEDIUM 7.5 HIGH
IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.
CVE-2019-4039 1 Ibm 1 Websphere Mq 2022-12-03 2.1 LOW 5.5 MEDIUM
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163.
CVE-2019-4030 1 Ibm 2 Websphere Application Server, Websphere Virtual Enterprise 2022-12-03 3.5 LOW 5.4 MEDIUM
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.
CVE-2019-3920 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2022-12-03 6.5 MEDIUM 8.8 HIGH
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
CVE-2019-3919 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2022-12-03 6.5 MEDIUM 8.8 HIGH
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.
CVE-2019-3918 1 Nokia 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware 2022-12-03 10.0 HIGH 9.8 CRITICAL
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
CVE-2019-4032 1 Ibm 1 Financial Transaction Manager 2022-12-03 7.5 HIGH 9.8 CRITICAL
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.
CVE-2019-4029 1 Ibm 1 Sterling B2b Integrator 2022-12-03 3.5 LOW 5.4 MEDIUM
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907.