Search Results (363403 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29006 1 Phpgurukul 1 Directory Management System 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
CVE-2022-29005 1 Phpgurukul 1 Online Birth Certificate System 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
CVE-2022-29004 1 Phpgurukul 1 E-diary Management System 2024-11-21 6.1 Medium
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
CVE-2022-29002 1 Xuxueli 1 Xxl-job 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
CVE-2022-29001 1 Springbootmovie Project 1 Springbootmovie 2024-11-21 7.2 High
In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability
CVE-2022-28999 1 Bloodshed 1 Dev-c\+\+ 2024-11-21 8.8 High
Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.
CVE-2022-28998 1 Xlightftpd 1 Xlight Ftp 2024-11-21 8.1 High
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.
CVE-2022-28997 1 Cszcms 1 Cszcms 2024-11-21 7.5 High
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.
CVE-2022-28995 1 Yogeshojha 1 Rengine 2024-11-21 9.8 Critical
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
CVE-2022-28994 1 Smallsrv 1 Small Http Server 2024-11-21 9.8 Critical
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.
CVE-2022-28993 1 Bdtask 1 Multi Store Inventory Management System 2024-11-21 9.8 Critical
Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.
CVE-2022-28992 1 Phpgurukul 1 Online Banquet Booking System 2024-11-21 8.8 High
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.
CVE-2022-28991 1 Bdtask 1 Multi Store Inventory Management System 2024-11-21 7.5 High
Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files.
CVE-2022-28990 1 Wasm3 Project 1 Wasm3 2024-11-21 7.8 High
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.
CVE-2022-28987 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 5.3 Medium
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
CVE-2022-28986 1 Lmsdoctor 1 2 Factor Authentication 2024-11-21 7.5 High
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.
CVE-2022-28985 1 Orangehrm 1 Orangehrm 2024-11-21 6.3 Medium
A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.
CVE-2022-28973 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 7.5 High
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28972 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 7.5 High
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28971 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 7.5 High
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).