Search Results (36998 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-48589 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48588 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48587 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48586 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48585 1 Sciencelogic 1 Sl1 2024-11-21 8.8 High
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
CVE-2022-48538 1 Cacti 1 Cacti 2024-11-21 5.3 Medium
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
CVE-2022-48522 1 Perl 1 Perl 2024-11-21 9.8 Critical
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
CVE-2022-48511 1 Huawei 2 Emui, Harmonyos 2024-11-21 9.8 Critical
Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.
CVE-2022-48452 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-21 4.4 Medium
In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
CVE-2022-47614 1 Inspireui 1 Mstore Api 2024-11-21 7.5 High
Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.
CVE-2022-47586 1 Themefic 1 Ultimate Addons For Contact Form 7 2024-11-21 8.2 High
Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions.
CVE-2022-47553 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2024-11-21 8.6 High
Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.
CVE-2022-47532 1 Filerun 1 Filerun 2024-11-21 9.8 Critical
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users&section=cpanel&page=list request.
CVE-2022-47375 1 Siemens 18 6ag1414-3em07-7ab0, 6ag1414-3em07-7ab0 Firmware, 6ag1416-3es07-7ab0 and 15 more 2024-11-21 7.5 High
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.
CVE-2022-47002 1 Masacms 1 Masacms 2024-11-21 9.8 Critical
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.
CVE-2022-46966 1 Revenue Collection System Project 1 Revenue Collection System 2024-11-21 9.8 Critical
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.
CVE-2022-46706 1 Apple 3 Mac Os X, Macos, Securtiy Update Catalina 2024-11-21 7.8 High
A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-46280 1 Openbabel 1 Open Babel 2024-11-21 9.8 Critical
A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-46080 1 Nexxtsolutions 2 Nebula1200-ac, Nebula1200-ac Firmware 2024-11-21 9.8 Critical
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.
CVE-2022-45861 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 6.4 Medium
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.