Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2021-38737 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. | |||||
| CVE-2021-38736 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. | |||||
| CVE-2021-38734 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. | |||||
| CVE-2022-41651 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. | |||||
| CVE-2021-37782 | 1 Employee Record Management System Project | 1 Employee Record Management System | 2022-10-28 | N/A | 9.8 CRITICAL |
| Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | |||||
| CVE-2021-35388 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-10-28 | N/A | 5.4 MEDIUM |
| Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | |||||
| CVE-2022-41701 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. | |||||
| CVE-2021-37781 | 1 Employee Record Management System Project | 1 Employee Record Management System | 2022-10-28 | N/A | 5.4 MEDIUM |
| Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | |||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||
| CVE-2022-41702 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. | |||||
| CVE-2021-35387 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-10-28 | N/A | 8.8 HIGH |
| Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | |||||
| CVE-2022-43276 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-28 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. | |||||
| CVE-2022-3716 | 1 Online Medicine Ordering System Project | 1 Online Medicine Ordering System | 2022-10-28 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. | |||||
| CVE-2022-3714 | 1 Online Medicine Ordering System Project | 1 Online Medicine Ordering System | 2022-10-28 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-43275 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-10-28 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-3474 | 1 Google | 1 Bazel | 2022-10-28 | N/A | 4.3 MEDIUM |
| A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3. | |||||
| CVE-2022-0155 | 2 Follow-redirects Project, Siemens | 2 Follow-redirects, Sinec Ins | 2022-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||||
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2022-10-28 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-31256 | 1 Opensuse | 1 Factory | 2022-10-28 | N/A | 7.8 HIGH |
| A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. | |||||