Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 200722 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45869 2022-11-29 N/A N/A
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
CVE-2022-44097 2022-11-29 N/A N/A
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
CVE-2022-44096 2022-11-29 N/A N/A
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
CVE-2022-41413 2022-11-29 N/A N/A
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
CVE-2022-41412 2022-11-29 N/A N/A
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
CVE-2022-45328 2022-11-29 N/A N/A
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.
CVE-2022-32966 1 Realtek 2 Rtl8111fp-cg, Rtl8111fp-cg Firmware 2022-11-29 N/A 6.5 MEDIUM
RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.
CVE-2022-45221 1 Web-based Student Clearance System Project 1 Web-based Student Clearance System 2022-11-29 N/A 4.8 MEDIUM
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter.
CVE-2022-45214 1 Sanitization Management System Project 1 Sanitization Management System 2022-11-29 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.
CVE-2022-42100 1 Klik Project 1 Klik 2022-11-29 N/A 5.4 MEDIUM
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.
CVE-2022-42099 1 Klik Project 1 Klik 2022-11-29 N/A 5.4 MEDIUM
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.
CVE-2022-32967 1 Realtek 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more 2022-11-29 N/A 2.1 LOW
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
CVE-2022-45329 1 Aerocms Project 1 Aerocms 2022-11-29 N/A 7.5 HIGH
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
CVE-2022-42109 1 Online-shopping-system-advanced Project 1 Online-shopping-system-advanced 2022-11-29 N/A 9.8 CRITICAL
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.
CVE-2022-45061 1 Python 1 Python 2022-11-29 N/A 7.5 HIGH
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
CVE-2022-38791 1 Mariadb 1 Mariadb 2022-11-29 N/A 5.5 MEDIUM
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
CVE-2022-32091 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-11-29 5.0 MEDIUM 7.5 HIGH
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-32089 1 Mariadb 1 Mariadb 2022-11-29 5.0 MEDIUM 7.5 HIGH
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32084 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-11-29 5.0 MEDIUM 7.5 HIGH
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32082 1 Mariadb 1 Mariadb 2022-11-29 5.0 MEDIUM 7.5 HIGH
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.