Search Results (36955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28410 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2024-11-21 9.8 Critical
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent.
CVE-2022-28163 1 Broadcom 1 Sannav 2024-11-21 9.8 Critical
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.
CVE-2022-28158 1 Jenkins 1 Pipeline\ 2024-11-21 6.5 Medium
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-28151 1 Jenkins 1 Job And Node Ownership 2024-11-21 4.3 Medium
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.
CVE-2022-28147 1 Jenkins 1 Continuous Integration With Toad Edge 2024-11-21 4.3 Medium
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE-2022-28144 1 Jenkins 1 Proxmox 2024-11-21 6.5 Medium
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.
CVE-2022-28139 1 Jenkins 1 Rocketchat Notifier 2024-11-21 4.3 Medium
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2022-28137 1 Jenkins 1 Jiratestresultreporter 2024-11-21 4.3 Medium
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2022-28134 1 Jenkins 1 Bitbucket Server Integration 2024-11-21 5.4 Medium
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.
CVE-2022-28116 1 Online Banking System Project 1 Online Banking System 2024-11-21 9.8 Critical
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2022-28115 1 Online Sports Complex Booking Project 1 Online Sports Complex Booking 2024-11-21 9.8 Critical
Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2022-28111 1 Pagehelper Project 1 Pagehelper 2024-11-21 9.8 Critical
MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.
CVE-2022-28110 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 9.8 Critical
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.
CVE-2022-28105 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 9.8 Critical
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.
CVE-2022-28099 1 Poultry Farm Management System Project 1 Poultry Farm Management System 2024-11-21 8.8 High
Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php.
CVE-2022-28080 1 Event Management System Project 1 Event Management System 2024-11-21 8.8 High
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.
CVE-2022-28079 1 College Management System Project 1 College Management System 2024-11-21 8.8 High
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
CVE-2022-28060 1 Victor Cms Project 1 Victor Cms 2024-11-21 7.5 High
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.
CVE-2022-28036 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php
CVE-2022-28035 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php