Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30105 | 1 Belkin | 2 N300, N300 Firmware | 2022-05-29 | 10.0 HIGH | 9.8 CRITICAL |
| In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root. | |||||
| CVE-2022-29174 | 1 Count | 1 Countly Server | 2022-05-29 | 6.8 MEDIUM | 8.1 HIGH |
| countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface. | |||||
| CVE-2022-29588 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2022-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files. | |||||
| CVE-2022-30463 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | |||||
| CVE-2022-30462 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30461 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | |||||
| CVE-2022-30460 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30458 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | |||||
| CVE-2022-30456 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | |||||
| CVE-2022-30455 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | |||||
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2022-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | |||||
| CVE-2022-30454 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | |||||
| CVE-2022-30843 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. | |||||
| CVE-2022-30842 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-29689 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. | |||||
| CVE-2022-29688 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. | |||||
| CVE-2022-29687 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. | |||||
| CVE-2022-29686 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. | |||||
| CVE-2022-29685 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-27 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. | |||||
| CVE-2022-29684 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-27 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | |||||