Search Results (36960 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30308 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 9.8 Critical
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30284 1 Python-libnmap Project 1 Python-libnmap 2024-11-21 9 Critical
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case
CVE-2022-30244 1 Honeywell 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware 2024-11-21 8.0 High
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVE-2022-30243 1 Honeywell 2 Alterton Visual Logic, Alterton Visual Logic Firmware 2024-11-21 8.8 High
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.
CVE-2022-30240 1 Insightsoftware 1 Magnitude Simba Amazon Redshift Jdbc Driver 2024-11-21 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972.
CVE-2022-30239 1 Insightsoftware 1 Magnitude Simba Amazon Athena Jdbc Driver 2024-11-21 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.
CVE-2022-30113 1 Fahou100 1 Electronic Mall System 2024-11-21 9.8 Critical
Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.
CVE-2022-30054 1 Covid 19 Travel Pass Management Project 1 Covid 19 Travel Pass Management 2024-11-21 9.8 Critical
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.
CVE-2022-30052 1 Home Clean Service System Project 1 Home Clean Service System 2024-11-21 9.8 Critical
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.
CVE-2022-30048 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
CVE-2022-30047 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
CVE-2022-30016 1 Rescue Dispatch Management System Project 1 Rescue Dispatch Management System 2024-11-21 8.8 High
Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.
CVE-2022-30012 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 High
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.
CVE-2022-30011 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
CVE-2022-2990 2 Buildah Project, Redhat 4 Buildah, Enterprise Linux, Openshift and 1 more 2024-11-21 7.1 High
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-2958 1 Badgeos 1 Badgos 2024-11-21 8.8 High
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections
CVE-2022-2840 1 Zephyr-one 1 Zephyr Project Manager 2024-11-21 9.8 Critical
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
CVE-2022-2833 1 Blender 1 Blender 2024-11-21 7.5 High
Endless Infinite loop in Blender-thumnailing due to logical bugs.
CVE-2022-2754 1 Ketchup Restaurant Reservations Project 1 Ketchup Restaurant Reservations 2024-11-21 9.8 Critical
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks
CVE-2022-2657 1 Wc-marketplace 1 Multivendor Marketplace Solution For Woocommerce - Wc Marketplace 2024-11-21 4.3 Medium
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF