Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43782 | 1 Atlassian | 1 Crowd | 2022-11-18 | N/A | 9.8 CRITICAL |
| Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3 | |||||
| CVE-2022-43781 | 1 Atlassian | 1 Bitbucket | 2022-11-18 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. | |||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2022-11-18 | N/A | 8.8 HIGH |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2022-11-18 | N/A | 8.8 HIGH |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-44001 | 1 Backclick | 1 Backclick | 2022-11-18 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | |||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2022-11-18 | N/A | 8.8 HIGH |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2022-11-18 | N/A | 8.8 HIGH |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2022-11-18 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | |||||
| CVE-2022-39180 | 1 College Management System Project | 1 College Management System | 2022-11-18 | N/A | 9.8 CRITICAL |
| College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page. | |||||
| CVE-2022-39179 | 1 College Management System Project | 1 College Management System | 2022-11-18 | N/A | 7.2 HIGH |
| College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | |||||
| CVE-2022-43179 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-11-18 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=. | |||||
| CVE-2022-43163 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-18 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php. | |||||
| CVE-2022-43162 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-18 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php. | |||||
| CVE-2022-43142 | 1 Password Storage Application Project | 1 Password Storage Application | 2022-11-18 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | |||||
| CVE-2022-44403 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-18 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-44402 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-11-18 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. | |||||
| CVE-2022-4053 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2022-11-18 | N/A | 4.8 MEDIUM |
| A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4052 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2022-11-18 | N/A | 7.2 HIGH |
| A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability. | |||||
| CVE-2022-20826 | 1 Cisco | 7 Adaptive Security Appliance, Firepower Threat Defense, Secure Firewall 3105 and 4 more | 2022-11-18 | N/A | 6.8 MEDIUM |
| A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust. | |||||
| CVE-2022-20843 | 1 Cisco | 1 Firepower Management Center | 2022-11-18 | N/A | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | |||||