Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41613 | 1 Bentley | 1 Microstation Connect | 2023-01-12 | N/A | 7.8 HIGH |
| Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code. | |||||
| CVE-2021-4306 | 1 Terminal-kit Project | 1 Terminal-kit | 2023-01-12 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620. | |||||
| CVE-2022-4881 | 1 Pac3 Project | 1 Pac3 | 2023-01-12 | N/A | 5.4 MEDIUM |
| A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-125059 | 1 Sternenblog Project | 1 Sternenblog | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers. | |||||
| CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-01-12 | N/A | 5.5 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | |||||
| CVE-2022-32814 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-01-12 | N/A | 7.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-2666 | 1 Loan Management System Project | 1 Loan Management System | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-1102 | 1 Event Management System Project | 1 Event Management System | 2023-01-12 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10029 | 1 Simplexrd Project | 1 Simplexrd | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-1101 | 1 Event Management System Project | 1 Event Management System | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability. | |||||
| CVE-2021-4301 | 1 Phpwcms | 1 Phpwcms | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-125029 | 1 Paginationserviceprovider Project | 1 Paginationserviceprovider | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10021 | 1 Rimdev | 1 Definely | 2023-01-12 | N/A | 6.1 MEDIUM |
| A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is b31a022ba4d8d17148445a13ebb5a42ad593dbaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217608. | |||||
| CVE-2015-10018 | 1 Weberp | 1 D2files | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability. | |||||
| CVE-2014-125057 | 1 Robitailletheknot Project | 1 Robitailletheknot | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599. | |||||
| CVE-2014-125049 | 1 Blogile Project | 1 Blogile | 2023-01-12 | N/A | 9.8 CRITICAL |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-25070 | 1 Aista | 1 Phosphorus Five | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-31628 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2023-01-12 | N/A | 5.5 MEDIUM |
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | |||||
| CVE-2022-3691 | 1 Fluenx | 1 Deepl Pro Api Translation | 2023-01-12 | N/A | 7.5 HIGH |
| The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. | |||||
| CVE-2021-33621 | 2 Fedoraproject, Ruby-lang | 2 Fedora, Cgi | 2023-01-12 | N/A | 8.8 HIGH |
| The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. | |||||