Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2022-09-06 | N/A | 7.8 HIGH |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | |||||
| CVE-2022-36202 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2022-09-06 | N/A | 9.8 CRITICAL |
| Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. | |||||
| CVE-2022-36203 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2022-09-06 | N/A | 6.1 MEDIUM |
| Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS. | |||||
| CVE-2022-37172 | 1 Msys2 | 1 Msys2 | 2022-09-06 | N/A | 7.8 HIGH |
| Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-36565 | 1 Wampserver | 1 Wampserver | 2022-09-06 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-37183 | 1 Piwigo | 1 Piwigo | 2022-09-06 | N/A | 6.1 MEDIUM |
| Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | |||||
| CVE-2022-36566 | 1 Rengine Project | 1 Rengine | 2022-09-06 | N/A | 9.8 CRITICAL |
| Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. | |||||
| CVE-2022-36564 | 2 Microsoft, Strawberryperl | 2 Windows, Strawberryperl | 2022-09-06 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-0812 | 1 Linux | 1 Linux Kernel | 2022-09-06 | N/A | 4.3 MEDIUM |
| An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | |||||
| CVE-2022-0850 | 1 Linux | 1 Linux Kernel | 2022-09-06 | N/A | 7.1 HIGH |
| A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | |||||
| CVE-2022-1115 | 1 Imagemagick | 1 Imagemagick | 2022-09-06 | N/A | 5.5 MEDIUM |
| A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. | |||||
| CVE-2022-38116 | 1 Leyan | 1 Salary Management System | 2022-09-06 | N/A | 9.8 CRITICAL |
| Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service. | |||||
| CVE-2022-3121 | 2022-09-05 | N/A | N/A | ||
| A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. | |||||
| CVE-2022-3127 | 2022-09-05 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8. | |||||
| CVE-2022-2775 | 2022-09-05 | N/A | N/A | ||
| The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2565 | 2022-09-05 | N/A | N/A | ||
| The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins | |||||
| CVE-2022-2543 | 2022-09-05 | N/A | N/A | ||
| The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts | |||||
| CVE-2022-2376 | 2022-09-05 | N/A | N/A | ||
| The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users | |||||
| CVE-2022-3120 | 2022-09-05 | N/A | N/A | ||
| A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847. | |||||
| CVE-2022-39840 | 2022-09-05 | N/A | N/A | ||
| Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). | |||||