Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41504 | 1 Billing System Project | 1 Billing System | 2022-10-18 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40889 | 1 Phpok | 1 Phpok | 2022-10-18 | N/A | 9.8 CRITICAL |
| Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | |||||
| CVE-2022-3585 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-18 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3584 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-18 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edituser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211193 was assigned to this vulnerability. | |||||
| CVE-2022-3583 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-18 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192. | |||||
| CVE-2022-3582 | 1 Simple Cold Storage Management System Project | 1 Simple Cold Storage Management System | 2022-10-18 | N/A | 3.5 LOW |
| A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability. | |||||
| CVE-2022-3581 | 1 Cashier Queuing System Project | 1 Cashier Queuing System | 2022-10-18 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188. | |||||
| CVE-2022-3580 | 1 Cashier Queuing System Project | 1 Cashier Queuing System | 2022-10-18 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-211187. | |||||
| CVE-2022-3579 | 1 Cashier Queuing System Project | 1 Cashier Queuing System | 2022-10-18 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Cashier Queuing System 1.0. This vulnerability affects unknown code of the file /queuing/login.php of the component Login Page. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-211186 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-40469 | 1 Ikuai8 | 1 Ikuaios | 2022-10-18 | N/A | 8.8 HIGH |
| iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. | |||||
| CVE-2021-28566 | 1 Magento | 1 Magento | 2022-10-18 | 4.0 MEDIUM | 2.7 LOW |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated attacker. Access to the admin console is required for successful exploitation. | |||||
| CVE-2021-28597 | 3 Adobe, Apple, Microsoft | 3 Photoshop Elements, Macos, Windows | 2022-10-18 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-28798 | 1 Qnap | 2 Qts, Quts Hero | 2022-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected. | |||||
| CVE-2021-28805 | 1 Qnap | 5 Qss, Qsw-m2108-2c, Qsw-m2108-2s and 2 more | 2022-10-18 | 2.1 LOW | 5.5 MEDIUM |
| Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versions prior to 1.0.3 build 20210505 on QSW-M2108-2S; versions prior to 1.0.3 build 20210505 on QSW-M2108R-2C; versions prior to 1.0.12 build 20210506 on QSW-M408. | |||||
| CVE-2020-19907 | 1 Mitre | 1 Caldera | 2022-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | |||||
| CVE-2022-33171 | 1 Typeorm | 1 Typeorm | 2022-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation. | |||||
| CVE-2021-28812 | 1 Qnap | 4 Qts, Quts Hero, Qutscloud and 1 more | 2022-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3. | |||||
| CVE-2021-28814 | 1 Qnap | 1 Helpdesk | 2022-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4. | |||||
| CVE-2021-38294 | 1 Apache | 1 Storm | 2022-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication. | |||||
| CVE-2021-36160 | 6 Apache, Broadcom, Debian and 3 more | 13 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 10 more | 2022-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | |||||