Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30374 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=.
CVE-2022-30373 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=.
CVE-2022-30372 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.
CVE-2022-30371 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 7.2 High
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.
CVE-2022-30370 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 9.8 Critical
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.
CVE-2022-30367 1 Air Cargo Management System Project 1 Air Cargo Management System 2024-11-21 6.5 Medium
Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.
CVE-2022-30352 1 Phpabook Project 1 Phpabook 2024-11-21 9.8 Critical
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.
CVE-2022-30349 1 Sscms 1 Siteserver Cms 2024-11-21 6.1 Medium
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-30335 1 Wealth 1 Bonanza Wealth Management System 2024-11-21 9.8 Critical
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.
CVE-2022-30334 1 Brave 1 Brave 2024-11-21 5.3 Medium
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."
CVE-2022-30331 1 Tigergraph 1 Tigergraph 2024-11-21 8.8 High
The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."
CVE-2022-30330 1 Keepkey 2 Keepkey, Keepkey Firmware 2024-11-21 6.6 Medium
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.
CVE-2022-30329 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 9.8 Critical
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.
CVE-2022-30328 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 6.5 Medium
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface.
CVE-2022-30327 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 6.5 Medium
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known.
CVE-2022-30326 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 5.4 Medium
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface.
CVE-2022-30325 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 8.8 High
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network.
CVE-2022-30324 1 Hashicorp 1 Nomad 2024-11-21 9.8 Critical
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
CVE-2022-30323 2 Hashicorp, Redhat 3 Go-getter, Openshift, Openstack 2024-11-21 8.6 High
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
CVE-2022-30322 2 Hashicorp, Redhat 3 Go-getter, Openshift, Openstack 2024-11-21 8.6 High
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.