Search Results (363851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31914 1 Phpgurukul 1 Zoo Management System 2024-11-21 5.4 Medium
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.
CVE-2022-31912 1 Online Tutor Portal Site Project 1 Online Tutor Portal Site 2024-11-21 7.2 High
Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team.
CVE-2022-31910 1 Online Tutor Portal Site Project 1 Online Tutor Portal Site 2024-11-21 4.8 Medium
Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php.
CVE-2022-31908 1 Student Registration And Fee Payment System Project 1 Student Registration And Fee Payment System 2024-11-21 7.2 High
Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php.
CVE-2022-31906 1 Online Fire Reporting System Project 1 Online Fire Reporting System 2024-11-21 4.8 Medium
Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php.
CVE-2022-31904 1 Uberrider 1 Mediacenter 2024-11-21 6.1 Medium
EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php.
CVE-2022-31897 1 Phpgurukul 1 Zoo Management System 2024-11-21 6.1 Medium
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
CVE-2022-31887 1 Marvalglobal 1 Marval Msm 2024-11-21 9.8 Critical
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
CVE-2022-31886 1 Marvalglobal 1 Marval Msm 2024-11-21 6.5 Medium
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
CVE-2022-31885 1 Marvalglobal 1 Marval Msm 2024-11-21 9.8 Critical
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
CVE-2022-31884 1 Marvalglobal 1 Marval Msm 2024-11-21 6.5 Medium
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31883 1 Marvalglobal 1 Marval Msm 2024-11-21 8.8 High
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
CVE-2022-31879 1 Online Fire Reporting System Project 1 Online Fire Reporting System 2024-11-21 8.8 High
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
CVE-2022-31876 1 Netgear 2 Wnap320, Wnap320 Firmware 2024-11-21 5.3 Medium
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
CVE-2022-31875 1 Trendnet 2 Tv-ip110wn, Tv-ip110wn Firmware 2024-11-21 6.1 Medium
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi
CVE-2022-31874 1 Asus 2 Rt-n53, Rt-n53 Firmware 2024-11-21 9.8 Critical
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
CVE-2022-31873 1 Trendnet 2 Tv-ip110wn, Tv-ip110wn Firmware 2024-11-21 6.1 Medium
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.
CVE-2022-31861 1 Thingsboard 1 Thingsboard 2024-11-21 5.4 Medium
Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs.
CVE-2022-31856 1 Newsletter Module Project 1 Newsletter Module 2024-11-21 9.8 Critical
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
CVE-2022-31854 1 Codologic 1 Codoforum 2024-11-21 7.2 High
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.