Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36754 | 2022-09-02 | N/A | N/A | ||
| Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. | |||||
| CVE-2022-36647 | 2022-09-02 | N/A | N/A | ||
| PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. | |||||
| CVE-2022-36639 | 2022-09-02 | N/A | N/A | ||
| A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2022-36638 | 2022-09-02 | N/A | N/A | ||
| An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. | |||||
| CVE-2022-35933 | 2022-09-02 | N/A | N/A | ||
| This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2. | |||||
| CVE-2022-31196 | 2022-09-02 | N/A | N/A | ||
| Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. | |||||
| CVE-2022-3065 | 2022-09-02 | N/A | N/A | ||
| Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | |||||
| CVE-2021-27693 | 2022-09-02 | N/A | N/A | ||
| Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | |||||
| CVE-2022-36076 | 2022-09-02 | N/A | N/A | ||
| NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. | |||||
| CVE-2022-37129 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-09-02 | N/A | 8.8 HIGH |
| D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | |||||
| CVE-2022-37123 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-09-02 | N/A | 8.8 HIGH |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | |||||
| CVE-2022-2896 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. | |||||
| CVE-2022-2895 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. | |||||
| CVE-2022-2894 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. | |||||
| CVE-2022-2892 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. | |||||
| CVE-2022-2898 | 1 Measuresoft | 2 Scadapro Client, Scadapro Server | 2022-09-02 | N/A | 5.5 MEDIUM |
| Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. | |||||
| CVE-2022-36582 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-02 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-36581 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-09-02 | N/A | 7.5 HIGH |
| Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. | |||||
| CVE-2022-36580 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-09-02 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-36571 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 7.2 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. | |||||