Search Results (36960 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29972 1 Insightsoftware 1 Magnitude Simba Amazon Redshift Odbc Driver 2024-11-21 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.
CVE-2022-29971 1 Insightsoftware 1 Magnitude Simba Amazon Athena Odbc Driver 2024-11-21 7.8 High
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.
CVE-2022-29938 1 Librehealth 1 Librehealth Ehr 2024-11-21 8.8 High
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
CVE-2022-29925 1 Fujielectric 1 V-sft 2024-11-21 7.8 High
Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-29906 1 Mediawiki 1 Mediawiki 2024-11-21 9.8 Critical
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.
CVE-2022-29904 1 Mediawiki 1 Mediawiki 2024-11-21 9.8 Critical
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
CVE-2022-29862 1 Opcfoundation 1 Ua .net Standard Stack 2024-11-21 7.5 High
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
CVE-2022-29854 1 Mitel 8 6905, 6910, 6920 and 5 more 2024-11-21 6.8 Medium
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
CVE-2022-29845 1 Progress 1 Whatsup Gold 2024-11-21 6.5 Medium
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
CVE-2022-29807 1 Quest 1 Kace Systems Management Appliance 2024-11-21 9.8 Critical
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
CVE-2022-29751 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.
CVE-2022-29750 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.
CVE-2022-29749 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.
CVE-2022-29748 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.
CVE-2022-29747 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.
CVE-2022-29746 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete.
CVE-2022-29745 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction.
CVE-2022-29741 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.
CVE-2022-29739 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.
CVE-2022-29738 1 Money Transfer Management System Project 1 Money Transfer Management System 2024-11-21 9.8 Critical
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.