Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44249 | 1 Online Motorcycle \(bike\) Rental System Project | 1 Online Motorcycle \(bike\) Rental System | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | |||||
| CVE-2021-42791 | 1 Veridiumid | 1 Veridiumad | 2022-02-02 | 4.9 MEDIUM | 7.3 HIGH |
| An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate. | |||||
| CVE-2021-45899 | 1 Salesagility | 1 Suitecrm | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution. | |||||
| CVE-2021-45898 | 1 Salesagility | 1 Suitecrm | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion. | |||||
| CVE-2022-24071 | 1 Navercorp | 1 Whale | 2022-02-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. | |||||
| CVE-2022-21720 | 1 Glpi-project | 1 Glpi | 2022-02-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability. | |||||
| CVE-2022-21719 | 1 Glpi-project | 1 Glpi | 2022-02-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2021-46428 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | |||||
| CVE-2021-46377 | 1 Cskaza | 1 Cszcms | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | |||||
| CVE-2021-46427 | 1 Simple Chatbot Application Project | 1 Simple Chatbot Application | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | |||||
| CVE-2022-22122 | 2022-02-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-2021-37866]. Notes: All CVE users should reference [CVE-2021-37866] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-46097 | 1 Dolphinphp | 1 Dolphinphp | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log | |||||
| CVE-2021-46088 | 1 Zabbix | 1 Zabbix | 2022-02-02 | 6.5 MEDIUM | 7.2 HIGH |
| Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user. | |||||
| CVE-2021-44795 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating. | |||||
| CVE-2021-44794 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | |||||
| CVE-2021-44793 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. | |||||
| CVE-2021-44792 | 1 Krontech | 1 Single Connect | 2022-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | |||||
| CVE-2021-44123 | 1 Spip | 1 Spip | 2022-02-02 | 6.5 MEDIUM | 8.8 HIGH |
| SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it. | |||||
| CVE-2022-22828 | 1 Synametrics | 1 Synaman | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. | |||||
| CVE-2021-44122 | 1 Spip | 1 Spip | 2022-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF). | |||||