Search Results (363437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27490 1 Fortinet 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more 2024-11-21 5.1 Medium
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
CVE-2022-27489 1 Fortinet 2 Fortiextender, Fortiextender Firmware 2024-11-21 7 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVE-2022-27488 1 Fortinet 6 Fortiai, Fortimail, Fortindr and 3 more 2024-11-21 7.5 High
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.
CVE-2022-27487 1 Fortinet 2 Fortideceptor, Fortisandbox 2024-11-21 8.3 High
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.
CVE-2022-27485 1 Fortinet 1 Fortisandbox 2024-11-21 6.2 Medium
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.
CVE-2022-27484 1 Fortinet 1 Fortiadc 2024-11-21 5.4 Medium
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.
CVE-2022-27483 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 7.2 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.
CVE-2022-27482 1 Fortinet 1 Fortiadc 2024-11-21 7.4 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.
CVE-2022-27481 1 Siemens 8 Scalance W1788-1 M12, Scalance W1788-1 M12 Firmware, Scalance W1788-2 Eec M12 and 5 more 2024-11-21 5.3 Medium
A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device.
CVE-2022-27480 1 Siemens 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more 2024-11-21 7.5 High
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.
CVE-2022-27479 1 Apache 1 Superset 2024-11-21 9.8 Critical
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
CVE-2022-27478 1 Victor Cms Project 1 Victor Cms 2024-11-21 8.8 High
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.
CVE-2022-27477 1 Newbee-mall Project 1 Newbee-mall 2024-11-21 9.8 Critical
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
CVE-2022-27476 1 Newbee-mall Project 1 Newbee-mall 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.
CVE-2022-27475 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 6.1 Medium
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.
CVE-2022-27474 1 Salesagility 1 Suitecrm 2024-11-21 7.2 High
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.
CVE-2022-27473 1 Roothub Project 1 Roothub 2024-11-21 9.8 Critical
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
CVE-2022-27472 1 Roothub Project 1 Roothub 2024-11-21 9.8 Critical
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
CVE-2022-27470 2 Fedoraproject, Libsdl 2 Fedora, Sdl Ttf 2024-11-21 7.8 High
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
CVE-2022-27469 1 Monstaftp 1 Monsta Ftp 2024-11-21 9.8 Critical
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).