Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24231 1 Simple Student Information System Project 1 Simple Student Information System 2024-11-21 9.8 Critical
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.
CVE-2022-24229 1 Onlyoffice 1 Document Server 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
CVE-2022-24226 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVE-2022-24223 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
CVE-2022-24222 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
CVE-2022-24221 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
CVE-2022-24220 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
CVE-2022-24219 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
CVE-2022-24218 1 Elitecms 1 Elite Cms 2024-11-21 9.1 Critical
An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.
CVE-2022-24206 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.
CVE-2022-24198 1 Itextpdf 1 Itext 2024-11-21 6.5 Medium
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
CVE-2022-24197 1 Itextpdf 1 Itext 2024-11-21 6.5 Medium
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-24196 1 Itextpdf 1 Itext 2024-11-21 6.5 Medium
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-24193 1 Icewhale 1 Casaos 2024-11-21 9.8 Critical
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.
CVE-2022-24191 2 Fedoraproject, Htmldoc Project 2 Fedora, Htmldoc 2024-11-21 5.5 Medium
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
CVE-2022-24181 1 Public Knowledge Project 1 Open Journal Systems 2024-11-21 6.1 Medium
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.
CVE-2022-24177 1 Exlibrisgroup 1 Aleph 500 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-24172 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2024-11-21 7.5 High
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.
CVE-2022-24171 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2024-11-21 9.8 Critical
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.
CVE-2022-24170 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2024-11-21 9.8 Critical
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.