Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35918 | 1 Streamlit | 1 Streamlit | 2022-08-12 | N/A | 6.5 MEDIUM |
| Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-2046 | 1 Wpwax | 1 Directorist | 2022-08-12 | N/A | 4.9 MEDIUM |
| The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. | |||||
| CVE-2022-2724 | 1 Employee Management System Project | 1 Employee Management System | 2022-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205837 was assigned to this vulnerability. | |||||
| CVE-2022-35222 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-12 | N/A | 6.8 MEDIUM |
| HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | |||||
| CVE-2022-2723 | 1 Employee Management System Project | 1 Employee Management System | 2022-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836. | |||||
| CVE-2022-2722 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2022-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205835. | |||||
| CVE-2022-2355 | 1 Easy Username Updater Project | 1 Easy Username Updater | 2022-08-12 | N/A | 6.5 MEDIUM |
| The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin | |||||
| CVE-2022-2715 | 1 Employee Management System Project | 1 Employee Management System | 2022-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205834 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-41615 | 1 Embedthis | 1 Goahead | 2022-08-12 | N/A | 9.8 CRITICAL |
| websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1.8 is a version from 2003; however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected. | |||||
| CVE-2022-34293 | 1 Wolfssl | 1 Wolfssl | 2022-08-12 | N/A | 7.5 HIGH |
| wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. | |||||
| CVE-2022-36267 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2022-08-12 | N/A | 9.8 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device. | |||||
| CVE-2022-36265 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2022-08-12 | N/A | 7.2 HIGH |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device. | |||||
| CVE-2022-2357 | 1 Wsm Downloader Project | 1 Wsm Downloader | 2022-08-12 | N/A | 7.5 HIGH |
| The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. | |||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2022-08-12 | N/A | 9.1 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | |||||
| CVE-2022-25907 | 1 Typescript Deep Merge Project | 1 Typescript Deep Merge | 2022-08-12 | N/A | 9.8 CRITICAL |
| The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function. | |||||
| CVE-2022-35493 | 1 Wrteam | 1 Eshop - Ecommerce \/ Store Website | 2022-08-12 | N/A | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter. | |||||
| CVE-2022-2726 | 1 Sem-cms | 1 Semcms | 2022-08-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205839. | |||||
| CVE-2022-2725 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Company Website CMS. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add-blog.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-205838 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2713 | 1 Agentejo | 1 Cockpit | 2022-08-12 | N/A | 9.8 CRITICAL |
| Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. | |||||
| CVE-2022-35816 | 1 Microsoft | 1 Azure Site Recovery | 2022-08-12 | N/A | 6.5 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. | |||||