Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36570 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 7.2 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. | |||||
| CVE-2022-36569 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 8.8 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. | |||||
| CVE-2022-2866 | 1 Fatek | 1 Fvdesigner | 2022-09-02 | N/A | 7.8 HIGH |
| FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. | |||||
| CVE-2022-36619 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-09-02 | N/A | 7.5 HIGH |
| In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | |||||
| CVE-2022-2759 | 1 Deltaww | 1 Delta Robot Automation Studio | 2022-09-02 | N/A | 8.6 HIGH |
| Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. | |||||
| CVE-2022-36637 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-02 | N/A | 5.4 MEDIUM |
| Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | |||||
| CVE-2022-36636 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-02 | N/A | 8.8 HIGH |
| Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | |||||
| CVE-2022-36609 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-09-02 | N/A | 9.8 CRITICAL |
| Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. | |||||
| CVE-2022-36600 | 1 Blogengine | 1 Blogengine.net | 2022-09-02 | N/A | 4.8 MEDIUM |
| BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | |||||
| CVE-2022-36594 | 1 Mybatis | 1 Mapper | 2022-09-02 | N/A | 9.8 CRITICAL |
| Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. | |||||
| CVE-2022-36568 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-09-02 | N/A | 8.8 HIGH |
| Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. | |||||
| CVE-2022-2897 | 1 Measuresoft | 2 Scadapro Client, Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | |||||
| CVE-2022-36355 | 1 Easy Org Chart Project | 1 Easy Org Chart | 2022-09-02 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. | |||||
| CVE-2022-36373 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2022-09-02 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. | |||||
| CVE-2022-36796 | 1 Callrail | 1 Callrail Phone Call Tracking | 2022-09-02 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress. | |||||
| CVE-2022-38625 | 1 Patlite | 6 Nbm-d88n, Nbm-d88n Firmware, Nhl-3fb1 and 3 more | 2022-09-02 | N/A | 8.8 HIGH |
| ** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability. | |||||
| CVE-2022-36676 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-09-02 | N/A | 7.2 HIGH |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | |||||
| CVE-2022-36675 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-09-02 | N/A | 7.2 HIGH |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. | |||||
| CVE-2022-36674 | 1 Simple Task Scheduling System Project | 1 Simple Task Scheduling System | 2022-09-02 | N/A | 7.2 HIGH |
| Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. | |||||
| CVE-2022-36200 | 1 Fiberhome | 2 Hg150-ub, Hg150-ub Firmware | 2022-09-02 | N/A | 7.5 HIGH |
| In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. | |||||