Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20762 | 1 Cisco | 1 Ultra Cloud Core - Subscriber Microservices Infrastructure | 2022-04-14 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges. | |||||
| CVE-2022-20763 | 1 Cisco | 1 Webex Meetings Online | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application. | |||||
| CVE-2022-28002 | 1 Movie Seat Reservation Project | 1 Movie Seat Reservation | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | |||||
| CVE-2022-28001 | 1 Movie Seat Reservation Project | 1 Movie Seat Reservation | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. | |||||
| CVE-2022-23440 | 1 Fortinet | 1 Fortiedr | 2022-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | |||||
| CVE-2021-46437 | 1 Zzcms | 1 Zzcms | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | |||||
| CVE-2022-1238 | 1 Radare | 1 Radare2 | 2022-04-14 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | |||||
| CVE-2022-27352 | 1 Simple House Rental System Project | 1 Simple House Rental System | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-1237 | 1 Radare | 1 Radare2 | 2022-04-14 | 6.8 MEDIUM | 7.8 HIGH |
| Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | |||||
| CVE-2022-27357 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27064 | 1 Musical World Project | 1 Musical World | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27346 | 1 Ecommerce-website Project | 1 Ecommerce-website | 2022-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27349 | 1 Socialcodia | 1 Social Codia Sms | 2022-04-14 | 6.5 MEDIUM | 7.2 HIGH |
| Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27348 | 1 Socialcodia | 1 Social Codia Sms | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | |||||
| CVE-2022-0935 | 1 Livehelperchat | 1 Live Helper Chat | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
| Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | |||||
| CVE-2021-44169 | 1 Fortinet | 1 Forticlient | 2022-04-14 | 4.6 MEDIUM | 8.8 HIGH |
| A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | |||||
| CVE-2022-27819 | 1 Waycrate | 1 Swhkd | 2022-04-14 | 4.0 MEDIUM | 5.3 MEDIUM |
| SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device). | |||||
| CVE-2022-27818 | 1 Waycrate | 1 Swhkd | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | |||||
| CVE-2022-20774 | 1 Cisco | 34 Ip Phone 6825, Ip Phone 6825 Firmware, Ip Phone 6841 and 31 more | 2022-04-14 | 4.9 MEDIUM | 8.1 HIGH |
| A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition. | |||||
| CVE-2022-20782 | 1 Cisco | 1 Identity Services Engine | 2022-04-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||