Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36782 | 1 Pal-es | 1 Palgate | 2022-09-15 | N/A | 8.6 HIGH |
| Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time. | |||||
| CVE-2022-38638 | 1 Casbin | 1 Casdoor | 2022-09-15 | N/A | 9.1 CRITICAL |
| Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | |||||
| CVE-2022-38269 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-09-15 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=. | |||||
| CVE-2022-38268 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-09-15 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=. | |||||
| CVE-2022-38267 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-09-15 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=. | |||||
| CVE-2022-38265 | 1 Apartment Visitor Management System Project | 1 Apartment Visitor Management System | 2022-09-15 | N/A | 7.2 HIGH |
| Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php. | |||||
| CVE-2022-36095 | 1 Xwiki | 1 Xwiki | 2022-09-15 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there. | |||||
| CVE-2010-2179 | 3 Adobe, Google, Mozilla | 4 Air, Flash Player, Chrome and 1 more | 2022-09-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing. | |||||
| CVE-2022-38304 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-09-14 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php. | |||||
| CVE-2022-38303 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-09-14 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php. | |||||
| CVE-2022-38302 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-09-14 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php. | |||||
| CVE-2022-38297 | 1 Ucms Project | 1 Ucms | 2022-09-14 | N/A | 9.8 CRITICAL |
| UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. | |||||
| CVE-2022-38299 | 1 Appsmith | 1 Appsmith | 2022-09-14 | N/A | 4.3 MEDIUM |
| An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. | |||||
| CVE-2022-38298 | 1 Appsmith | 1 Appsmith | 2022-09-14 | N/A | 8.8 HIGH |
| Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. | |||||
| CVE-2022-38610 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-14 | N/A | 7.2 HIGH |
| Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php. | |||||
| CVE-2022-38606 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-14 | N/A | 7.2 HIGH |
| Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php. | |||||
| CVE-2022-38605 | 1 Church Management System Project | 1 Church Management System | 2022-09-14 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. | |||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2022-09-14 | N/A | 9.8 CRITICAL |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | |||||
| CVE-2022-38295 | 1 Cuppacms | 1 Cuppacms | 2022-09-14 | N/A | 6.1 MEDIUM |
| Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. | |||||
| CVE-2022-38292 | 1 Slims | 1 Senayan Library Management System | 2022-09-14 | N/A | 9.8 CRITICAL |
| SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | |||||