Search Results (36986 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-37333 1 Exceedone 2 Exment, Laravel-admin 2024-11-21 8.8 High
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.
CVE-2022-37223 1 Jflyfox 1 Jfinal Cms 2024-11-21 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
CVE-2022-37207 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.8 High
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
CVE-2022-37203 1 Jflyfox 1 Jfinal Cms 2024-11-21 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVE-2022-37201 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.8 High
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
CVE-2022-37199 1 Jflyfox 1 Jfinal Cms 2024-11-21 9.8 Critical
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
CVE-2022-37191 1 Cuppacms 1 Cuppacms 2024-11-21 6.5 Medium
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
CVE-2022-37185 1 Ems Project 1 Ems 2024-11-21 7.5 High
SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage.
CVE-2022-37178 1 72crm 1 Wukong Crm 2024-11-21 8.8 High
An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar.
CVE-2022-37152 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 9.8 Critical
An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"
CVE-2022-37113 1 Bluecms Project 1 Bluecms 2024-11-21 9.8 Critical
Bluecms 1.6 has SQL injection in line 132 of admin/area.php
CVE-2022-37112 1 Bluecms Project 1 Bluecms 2024-11-21 9.8 Critical
BlueCMS 1.6 has SQL injection in line 55 of admin/model.php
CVE-2022-37111 1 Bluecms Project 1 Bluecms 2024-11-21 9.8 Critical
BlueCMS 1.6 has SQL injection in line 132 of admin/article.php
CVE-2022-36921 1 Jenkins 1 Coverity 2024-11-21 8.1 High
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-36919 1 Jenkins 1 Coverity 2024-11-21 4.3 Medium
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-36918 1 Jenkins 1 Buckminster 2024-11-21 4.3 Medium
Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2022-36917 1 Jenkins 1 Google Cloud Backup 2024-11-21 4.3 Medium
A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.
CVE-2022-36915 1 Jenkins 1 Android Signing 2024-11-21 4.3 Medium
Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
CVE-2022-36914 1 Jenkins 1 Files Found Trigger 2024-11-21 4.3 Medium
Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2022-36913 1 Jenkins 1 Openstack Heat 2024-11-21 4.3 Medium
Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.