Search Results (363288 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27376 3 Debian, Mariadb, Redhat 4 Debian Linux, Mariadb, Enterprise Linux and 1 more 2024-11-21 7.5 High
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
CVE-2022-27375 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 6.5 Medium
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.
CVE-2022-27374 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 6.5 Medium
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.
CVE-2022-27373 1 Phicomm 2 Fir303b, Fir303b Firmware 2024-11-21 8.8 High
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.
CVE-2022-27369 1 Chshcms 1 Cscms 2024-11-21 7.2 High
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.
CVE-2022-27368 1 Chshcms 1 Cscms 2024-11-21 7.2 High
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan.
CVE-2022-27367 1 Chshcms 1 Cscms 2024-11-21 7.2 High
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del.
CVE-2022-27366 1 Chshcms 1 Cscms 2024-11-21 7.2 High
Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy.
CVE-2022-27365 1 Chshcms 1 Cscms 2024-11-21 7.2 High
Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del.
CVE-2022-27360 1 Bladex 1 Springblade 2024-11-21 9.8 Critical
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
CVE-2022-27359 1 Foxit 2 Pdf Editor, Pdf Reader 2024-11-21 5.5 Medium
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference.
CVE-2022-27357 1 Ecommerce-website Project 1 Ecommerce-website 2024-11-21 9.8 Critical
Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27352 1 Simple House Rental System Project 1 Simple House Rental System 2024-11-21 8.8 High
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27351 1 Phpgurukul 1 Zoo Management System 2024-11-21 9.8 Critical
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27349 1 Socialcodia 1 Social Codia Sms 2024-11-21 7.2 High
Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27348 1 Socialcodia 1 Social Codia Sms 2024-11-21 4.8 Medium
Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
CVE-2022-27346 1 Ecommerce-website Project 1 Ecommerce-website 2024-11-21 8.8 High
Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27342 1 Link-admin Project 1 Link-admin 2024-11-21 9.8 Critical
Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().
CVE-2022-27341 1 Jfinalcms Project 1 Jfinalcms 2024-11-21 9.8 Critical
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
CVE-2022-27340 1 Mingsoft 1 Mcms 2024-11-21 8.8 High
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.