Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46949 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2023-01-19 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. | |||||
| CVE-2022-46950 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-19 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. | |||||
| CVE-2022-46952 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-19 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user. | |||||
| CVE-2022-46951 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-19 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. | |||||
| CVE-2022-46955 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-19 | N/A | 9.8 CRITICAL |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. | |||||
| CVE-2022-46954 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-19 | N/A | 9.8 CRITICAL |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. | |||||
| CVE-2022-46953 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-19 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. | |||||
| CVE-2022-46956 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2023-01-19 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | |||||
| CVE-2023-0283 | 1 Online Flight Booking Management System Project | 1 Online Flight Booking Management System | 2023-01-19 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218277 was assigned to this vulnerability. | |||||
| CVE-2023-0281 | 1 Online Flight Booking Management System Project | 1 Online Flight Booking Management System | 2023-01-19 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218276. | |||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2023-01-19 | N/A | 7.5 HIGH |
| The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability. This has been fixed in the version 10.6.3 | |||||
| CVE-2022-21191 | 1 Global-modules-path Project | 1 Global-modules-path | 2023-01-19 | N/A | 9.8 CRITICAL |
| Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | |||||
| CVE-2022-2526 | 2 Netapp, Systemd Project | 10 Active Iq Unified Manager, H300s, H300s Firmware and 7 more | 2023-01-19 | N/A | 9.8 CRITICAL |
| A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. | |||||
| CVE-2022-37661 | 1 Adtran | 4 Sr506n, Sr506n Firmware, Sr510n and 1 more | 2023-01-19 | N/A | 9.8 CRITICAL |
| SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. | |||||
| CVE-2022-25765 | 2 Fedoraproject, Pdfkit Project | 2 Fedora, Pdfkit | 2023-01-19 | N/A | 9.8 CRITICAL |
| The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. | |||||
| CVE-2016-4154 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more | 2023-01-19 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-1033 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2023-01-19 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032. | |||||
| CVE-2016-4153 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Flash Player Desktop Runtime, Mac Os X and 11 more | 2023-01-19 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2014-9428 | 1 Linux | 1 Linux Kernel | 2023-01-19 | 7.8 HIGH | N/A |
| The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. | |||||
| CVE-2015-4003 | 1 Linux | 1 Linux Kernel | 2023-01-19 | 7.8 HIGH | N/A |
| The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. | |||||