Search Results (36978 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32310 1 Ingredient Stock Management System Project 1 Ingredient Stock Management System 2024-11-21 9.8 Critical
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.
CVE-2022-32302 1 Theme Park Ticketing System Project 1 Theme Park Ticketing System 2024-11-21 8.8 High
Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php.
CVE-2022-32301 1 Youdiancms 1 Youdiancms 2024-11-21 9.8 Critical
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.
CVE-2022-32300 1 Youdiancms 1 Youdiancms 2024-11-21 8.8 High
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php.
CVE-2022-32299 1 Youdiancms 1 Youdiancms 2024-11-21 8.8 High
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.
CVE-2022-32297 1 Piwigo 1 Piwigo 2024-11-21 7.5 High
Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.
CVE-2022-32294 1 Zimbra 1 Collaboration 2024-11-21 9.8 Critical
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.
CVE-2022-32290 1 Northern.tech 1 Mender 2024-11-21 4.3 Medium
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.
CVE-2022-32246 1 Sap 1 Business Objects Business Intelligence Platform 2024-11-21 4.6 Medium
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
CVE-2022-32142 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 8.1 High
Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.
CVE-2022-32136 1 Codesys 2 Plcwinnt, Runtime Toolkit 2024-11-21 6.5 Medium
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.
CVE-2022-32101 1 Kkcms Project 1 Kkcms 2024-11-21 9.8 Critical
kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.
CVE-2022-32095 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
CVE-2022-32094 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
CVE-2022-32093 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
CVE-2022-32058 1 Tp-link 4 Tl-wr741n, Tl-wr741n Firmware, Tl-wr742n and 1 more 2024-11-21 7.5 High
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2022-32056 1 Online Accreditation Management System Project 1 Online Accreditation Management System 2024-11-21 9.8 Critical
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.
CVE-2022-32055 1 Nesote 1 Inout Homestay 2024-11-21 7.5 High
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.
CVE-2022-32028 1 Car Rental Management System Project 1 Car Rental Management System 2024-11-21 7.2 High
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.
CVE-2022-32027 1 Car Rental Management System Project 1 Car Rental Management System 2024-11-21 7.2 High
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.