Search Results (36979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36255 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 7.5 High
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVE-2022-36242 1 Oretnom23 1 Clinic\'s Patient Management System 2024-11-21 9.8 Critical
Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=.
CVE-2022-36228 1 Janusintl 6 Noke Hd\+ Smart Padlock, Noke Hd\+ Smart Padlock Firmware, Noke Hd Smart Padlock and 3 more 2024-11-21 7.3 High
Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.
CVE-2022-36226 1 Siteservercms Project 1 Siteservercms 2024-11-21 7.2 High
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.
CVE-2022-36201 1 Doctor\'s Appointment System Project 1 Doctor\'s Appointment System 2024-11-21 9.8 Critical
Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.
CVE-2022-36198 1 Phpgurukul 1 Bus Pass Management System 2024-11-21 9.8 Critical
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php
CVE-2022-36161 1 Garage Management System Project 1 Garage Management System 2024-11-21 9.8 Critical
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
CVE-2022-36129 1 Hashicorp 1 Vault 2024-11-21 9.1 Critical
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.
CVE-2022-36126 1 Inductiveautomation 1 Ignition 2024-11-21 7.2 High
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
CVE-2022-35890 1 Inductiveautomation 1 Ignition 2024-11-21 9.8 Critical
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
CVE-2022-35864 1 Bmc 1 Track-it\! 2024-11-21 6.5 Medium
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.
CVE-2022-35850 1 Fortinet 1 Fortiauthenticator 2024-11-21 4.2 Medium
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page.
CVE-2022-35724 1 Apache 1 Avro 2024-11-21 7.5 High
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.
CVE-2022-35716 1 Ibm 1 Urbancode Deploy 2024-11-21 6.5 Medium
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.
CVE-2022-35628 1 In2code 1 Living User Experience 2024-11-21 9.8 Critical
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.
CVE-2022-35606 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 9.8 Critical
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
CVE-2022-35605 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 9.8 Critical
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.
CVE-2022-35603 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 9.8 Critical
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
CVE-2022-35602 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 9.8 Critical
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
CVE-2022-35601 1 Inventorymanagementsystem Project 1 Inventorymanagementsystem 2024-11-21 9.8 Critical
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.