Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30820 1 Wedding Management System Project 1 Wedding Management System 2022-06-10 6.5 MEDIUM 8.8 HIGH
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file.
CVE-2022-30819 1 Wedding Management System Project 1 Wedding Management System 2022-06-10 6.5 MEDIUM 8.8 HIGH
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.
CVE-2022-30818 1 Wedding Management System Project 1 Wedding Management System 2022-06-10 6.5 MEDIUM 7.2 HIGH
Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.
CVE-2022-30821 1 Wedding Management System Project 1 Wedding Management System 2022-06-10 6.5 MEDIUM 8.8 HIGH
In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.
CVE-2022-30822 1 Wedding Management System Project 1 Wedding Management System 2022-06-10 6.5 MEDIUM 8.8 HIGH
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file.
CVE-2022-0540 1 Atlassian 3 Jira Data Center, Jira Server, Jira Service Management 2022-06-10 6.8 MEDIUM 9.8 CRITICAL
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
CVE-2021-43941 1 Atlassian 2 Jira Data Center, Jira Server 2022-06-10 4.3 MEDIUM 6.5 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
CVE-2022-30808 1 Elitecms 1 Elite Cms 2022-06-10 7.5 HIGH 9.8 CRITICAL
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.
CVE-2022-30825 1 Wedding Management System Project 1 Wedding Management System 2022-06-10 6.5 MEDIUM 7.2 HIGH
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.
CVE-2022-30823 1 Wedding Management System Project 1 Wedding Management System 2022-06-10 6.5 MEDIUM 7.2 HIGH
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.
CVE-2022-30809 1 Elitecms 1 Elite Cms 2022-06-10 7.5 HIGH 9.8 CRITICAL
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.
CVE-2022-30817 1 Simple Bus Ticket Booking System Project 1 Simple Bus Ticket Booking System 2022-06-10 7.5 HIGH 9.8 CRITICAL
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.
CVE-2022-30816 1 Elitecms 1 Elite Cms 2022-06-10 7.5 HIGH 9.8 CRITICAL
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.
CVE-2022-29725 1 Creatiwity 1 Witycms 2022-06-10 6.5 MEDIUM 8.8 HIGH
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2021-26084 1 Atlassian 2 Confluence Data Center, Confluence Server 2022-06-10 7.5 HIGH 9.8 CRITICAL
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVE-2021-26085 1 Atlassian 2 Confluence Data Center, Confluence Server 2022-06-10 5.0 MEDIUM 5.3 MEDIUM
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
CVE-2022-31005 1 Vapor 1 Vapor 2022-06-10 5.0 MEDIUM 7.5 HIGH
Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.
CVE-2022-29730 1 Usr 10 Usr-g800v2, Usr-g800v2 Firmware, Usr-g806 and 7 more 2022-06-10 10.0 HIGH 9.8 CRITICAL
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
CVE-2022-30815 1 Elitecms 1 Elite Cms 2022-06-10 7.5 HIGH 9.8 CRITICAL
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=
CVE-2022-29732 1 Deltacontrols 2 Entelitouch, Entelitouch Firmware 2022-06-10 4.3 MEDIUM 6.1 MEDIUM
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.