Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29777 1 Onlyoffice 2 Core, Document Server 2024-11-21 9.8 Critical
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.
CVE-2022-29776 1 Onlyoffice 2 Core, Document Server 2024-11-21 9.8 Critical
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
CVE-2022-29775 1 Ispyconnect 1 Ispy 2024-11-21 9.8 Critical
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
CVE-2022-29774 1 Ispyconnect 1 Ispy 2024-11-21 9.8 Critical
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.
CVE-2022-29773 1 Aleksis 1 Aleksis 2024-11-21 6.5 Medium
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.
CVE-2022-29770 1 Xuxueli 1 Xxl-job 2024-11-21 5.4 Medium
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.
CVE-2022-29767 1 Adbyby Project 1 Adbyby 2024-11-21 6.5 Medium
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.
CVE-2022-29751 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.
CVE-2022-29750 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.
CVE-2022-29749 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.
CVE-2022-29748 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.
CVE-2022-29747 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.
CVE-2022-29746 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete.
CVE-2022-29745 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction.
CVE-2022-29741 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.
CVE-2022-29739 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.
CVE-2022-29738 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.
CVE-2022-29735 1 Deltacontrols 2 Entelitouch, Entelitouch Firmware 2024-11-21 8.8 High
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2022-29734 1 Ict 2 Protege Gx, Protege Wx 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.
CVE-2022-29733 1 Deltacontrols 2 Entelitouch, Entelitouch Firmware 2024-11-21 5.9 Medium
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.