Search Results (363341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28131 4 Fedoraproject, Golang, Netapp and 1 more 16 Fedora, Go, Cloud Insights Telegraf and 13 more 2024-11-21 7.5 High
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
CVE-2022-28129 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2024-11-21 7.5 High
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-28128 2 Hibara, Microsoft 2 Attachecase, Windows 2024-11-21 7.8 High
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
CVE-2022-28120 1 Rainier 1 Open Virtual Simulation Experiment Teaching Management Platform 2024-11-21 9.8 Critical
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.
CVE-2022-28118 1 Sscms 1 Siteserver Cms 2024-11-21 9.8 Critical
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
CVE-2022-28117 1 Naviwebs 1 Navigate Cms 2024-11-21 4.9 Medium
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
CVE-2022-28116 1 Online Banking System Project 1 Online Banking System 2024-11-21 9.8 Critical
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2022-28115 1 Online Sports Complex Booking Project 1 Online Sports Complex Booking 2024-11-21 9.8 Critical
Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2022-28114 1 Dscms Project 1 Dscms 2024-11-21 9.1 Critical
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.
CVE-2022-28113 1 Fantec 2 Mwid25-ds, Mwid25-ds Firmware 2024-11-21 7.2 High
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.
CVE-2022-28111 1 Pagehelper Project 1 Pagehelper 2024-11-21 9.8 Critical
MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.
CVE-2022-28110 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 9.8 Critical
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.
CVE-2022-28109 1 Selenium 1 Selenium Grid 2024-11-21 8.8 High
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.
CVE-2022-28108 1 Selenium 1 Selenium Grid 2024-11-21 8.8 High
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
CVE-2022-28106 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 9.8 Critical
Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request.
CVE-2022-28105 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 9.8 Critical
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.
CVE-2022-28104 2 Apple, Foxit 2 Iphone Os, Pdf Editor 2024-11-21 9.8 Critical
Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.
CVE-2022-28102 1 Php Mysql Admin Panel Generator Project 1 Php Mysql Admin Panel Generator 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.
CVE-2022-28101 1 Lyonbros 1 Turtl 2024-11-21 9.0 Critical
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.
CVE-2022-28099 1 Poultry Farm Management System Project 1 Poultry Farm Management System 2024-11-21 8.8 High
Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php.