Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24007 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-08 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary. | |||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package node-latex-pdf. | |||||
| CVE-2020-28425 | 1 Curljs Project | 1 Curljs | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package curljs. | |||||
| CVE-2022-28668 | 1 Santesoft | 1 Dicom Viewer Pro | 2022-08-08 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679. | |||||
| CVE-2022-2272 | 1 Santesoft | 1 Sante Pacs Server | 2022-08-08 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331. | |||||
| CVE-2022-2643 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564. | |||||
| CVE-2022-2324 | 1 Sonicwall | 1 Email Security | 2022-08-08 | N/A | 7.5 HIGH |
| Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions | |||||
| CVE-2022-2644 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability. | |||||
| CVE-2022-2645 | 1 Garage Management System Project | 1 Garage Management System | 2022-08-08 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\"><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability. | |||||
| CVE-2022-34969 | 1 Pingcap | 1 Tidb | 2022-08-08 | N/A | 7.5 HIGH |
| PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. | |||||
| CVE-2022-27864 | 1 Autodesk | 1 Design Review | 2022-08-08 | N/A | 8.8 HIGH |
| A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2022-2646 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-08 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572. | |||||
| CVE-2022-2648 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2022-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595. | |||||
| CVE-2022-2626 | 1 Hestiacp | 1 Control Panel | 2022-08-08 | N/A | 7.2 HIGH |
| Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. | |||||
| CVE-2021-46681 | 1 Artica | 1 Pandora Fms | 2022-08-08 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. | |||||
| CVE-2022-24912 | 1 Runatlantis | 1 Atlantis | 2022-08-08 | N/A | 7.5 HIGH |
| The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events. | |||||
| CVE-2022-25649 | 1 Storeapps | 1 Affiliate For Woocommerce | 2022-08-08 | N/A | 8.8 HIGH |
| Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. | |||||
| CVE-2022-33201 | 1 Mailerlite | 1 Mailerlite Signup Forms | 2022-08-08 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | |||||
| CVE-2022-2682 | 1 Alphaware - Simple E-commerce System Project | 1 Alphaware - Simple E-commerce System | 2022-08-08 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '"><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2683 | 1 Simple Food Ordering System Project | 1 Simple Food Ordering System | 2022-08-08 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671. | |||||