Search Results (36979 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34175 1 Jenkins 1 Jenkins 2024-11-21 7.5 High
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
CVE-2022-34121 1 Cuppacms 1 Cuppacms 2024-11-21 7.5 High
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
CVE-2022-34046 1 Wavlink 2 Wn533a8, Wn533a8 Firmware 2024-11-21 7.5 High
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].
CVE-2022-34042 1 Barangay Management System Project 1 Barangay Management System 2024-11-21 7.2 High
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.
CVE-2022-34023 1 Barangay Management System Project 1 Barangay Management System 2024-11-21 9.8 Critical
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.
CVE-2022-33913 1 Mahara 1 Mahara 2024-11-21 7.5 High
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
CVE-2022-33875 1 Fortinet 1 Fortiadc 2024-11-21 5.1 Medium
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticatedĀ attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVE-2022-33718 1 Google 1 Android 2024-11-21 6.2 Medium
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.
CVE-2022-33280 1 Qualcomm 124 Apq8096au, Apq8096au Firmware, Ar8031 and 121 more 2024-11-21 7.3 High
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.
CVE-2022-33246 1 Qualcomm 84 Apq8096au, Apq8096au Firmware, Aqt1000 and 81 more 2024-11-21 6.7 Medium
Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.
CVE-2022-33174 1 Powertekpdus 14 Basic Pdu, Basic Pdu Firmware, Piml Pdu and 11 more 2024-11-21 9.8 Critical
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
CVE-2022-33171 1 Typeorm 1 Typeorm 2024-11-21 9.8 Critical
The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation
CVE-2022-33128 1 Ruijienetworks 2 Rg-eg350, Rg-eg350 Firmware 2024-11-21 9.1 Critical
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.
CVE-2022-33114 1 Jflyfox 1 Jfinal Cms 2024-11-21 7.2 High
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
CVE-2022-33097 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.
CVE-2022-33096 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index.
CVE-2022-33095 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
CVE-2022-33094 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.
CVE-2022-33093 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list.
CVE-2022-33092 1 74cms 1 74cmsse 2024-11-21 7.5 High
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index.