Search Results (364697 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-37177 1 Hirevue 1 Hiring Platform 2024-11-21 7.5 High
HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.
CVE-2022-37176 1 Tendacn 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.
CVE-2022-37175 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 9.8 Critical
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.
CVE-2022-37173 2 Microsoft, Vim 2 Windows, Gvim 2024-11-21 7.8 High
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.
CVE-2022-37172 1 Msys2 1 Msys2 2024-11-21 7.8 High
Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.
CVE-2022-37164 1 Ontrack Project 1 Ontrack 2024-11-21 9.8 Critical
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.
CVE-2022-37163 1 Ihatetobudget Project 1 Ihatetobudget 2024-11-21 9.8 Critical
Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.
CVE-2022-37162 1 Claroline 1 Claroline 2024-11-21 5.4 Medium
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.
CVE-2022-37161 1 Claroline 1 Claroline 2024-11-21 6.1 Medium
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
CVE-2022-37160 1 Claroline 1 Claroline 2024-11-21 5.4 Medium
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.
CVE-2022-37159 1 Claroline 1 Claroline 2024-11-21 9.8 Critical
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.
CVE-2022-37158 1 Iocoder 1 Ruoyi-vue-pro 2024-11-21 9.8 Critical
RuoYi v3.8.3 has a Weak password vulnerability in the management system.
CVE-2022-37153 1 Articatech 1 Artica Proxy 2024-11-21 6.1 Medium
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
CVE-2022-37152 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 9.8 Critical
An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"
CVE-2022-37151 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 7.5 High
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.
CVE-2022-37150 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 5.4 Medium
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.
CVE-2022-37149 1 Wavlink 2 Wl-wn575a3, Wl-wn575a3 Firmware 2024-11-21 9.8 Critical
WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.
CVE-2022-37146 1 Plextrac 1 Plextrac 2024-11-21 5.3 Medium
The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated.
CVE-2022-37145 1 Plextrac 1 Plextrac 2024-11-21 7.5 High
The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider.
CVE-2022-37144 1 Plextrac 1 Plextrac 2024-11-21 8.8 High
The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.