Search Results (363984 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30522 4 Apache, Fedoraproject, Netapp and 1 more 6 Http Server, Fedora, Clustered Data Ontap and 3 more 2024-11-21 7.5 High
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
CVE-2022-30521 1 Dlink 2 Dir-890l, Dir-890l Firmware 2024-11-21 9.8 Critical
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.
CVE-2022-30518 1 Chatbot Application With A Suggestion Feature Project 1 Chatbot Application With A Suggestion Feature 2024-11-21 9.8 Critical
ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php.
CVE-2022-30517 1 Mogublog Project 1 Mogublog 2024-11-21 6.1 Medium
Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-30516 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
CVE-2022-30514 1 School Dormitory Management System Project 1 School Dormitory Management System 2024-11-21 6.1 Medium
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.
CVE-2022-30513 1 School Dormitory Management System Project 1 School Dormitory Management System 2024-11-21 6.1 Medium
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125
CVE-2022-30512 1 School Dormitory Management System Project 1 School Dormitory Management System 2024-11-21 9.8 Critical
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.
CVE-2022-30511 1 School Dormitory Management System Project 1 School Dormitory Management System 2024-11-21 9.8 Critical
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.
CVE-2022-30510 1 School Dormitory Management System Project 1 School Dormitory Management System 2024-11-21 9.8 Critical
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.
CVE-2022-30508 1 Dedecms 1 Dedecms 2024-11-21 6.5 Medium
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
CVE-2022-30506 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
CVE-2022-30503 1 Nginx 1 Njs 2024-11-21 5.5 Medium
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
CVE-2022-30500 1 Jflyfox 1 Jfinal Cms 2024-11-21 9.8 Critical
Jfinal cms 5.1.0 is vulnerable to SQL Injection.
CVE-2022-30496 1 Mv 1 Idce 2024-11-21 7.5 High
SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.
CVE-2022-30495 1 Automotive Shop Management System Project 1 Automotive Shop Management System 2024-11-21 9.8 Critical
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
CVE-2022-30494 1 Automotive Shop Management System Project 1 Automotive Shop Management System 2024-11-21 5.4 Medium
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
CVE-2022-30493 1 Automotive Shop Management System Project 1 Automotive Shop Management System 2024-11-21 9.8 Critical
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
CVE-2022-30490 1 Badminton Center Management System Project 1 Badminton Center Management System 2024-11-21 9.8 Critical
Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.
CVE-2022-30489 1 Wavlink 2 Wn535g3, Wn535g3 Firmware 2024-11-21 6.1 Medium
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.