Search Results (36953 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28006 1 Attendance And Payroll System Project 1 Attendance And Payroll System 2024-11-21 8.8 High
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php.
CVE-2022-28001 1 Movie Seat Reservation Project 1 Movie Seat Reservation 2024-11-21 9.8 Critical
Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.
CVE-2022-28000 1 Car Rental System Project 1 Car Rental System 2024-11-21 8.8 High
Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.
CVE-2022-27992 1 Phpgurukul 1 Zoo Management System 2024-11-21 8.8 High
Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.
CVE-2022-27991 1 Online Banking System Project 1 Online Banking System 2024-11-21 6.5 Medium
Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters.
CVE-2022-27985 1 Cuppacms 1 Cuppacms 2024-11-21 9.8 Critical
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
CVE-2022-27984 1 Cuppacms 1 Cuppacms 2024-11-21 9.8 Critical
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
CVE-2022-27962 1 Bluecms Project 1 Bluecms 2024-11-21 9.8 Critical
Bluecms 1.6 has a SQL injection vulnerability at cooike.
CVE-2022-27948 1 Tesla 6 Model 3, Model 3 Firmware, Model S and 3 more 2024-11-21 7.2 High
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended
CVE-2022-27927 1 Microfinance Management System Project 1 Microfinance Management System 2024-11-21 9.8 Critical
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
CVE-2022-27908 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 8.8 High
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVE-2022-27836 1 Google 1 Android 2024-11-21 8.4 High
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.
CVE-2022-27780 3 Haxx, Netapp, Splunk 18 Curl, Clustered Data Ontap, H300s and 15 more 2024-11-21 5.3 Medium
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
CVE-2022-27669 1 Sap 1 Netweaver Application Server For Java 2024-11-21 7.5 High
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.
CVE-2022-27668 1 Sap 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more 2024-11-21 9.8 Critical
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
CVE-2022-27658 1 Sap 1 Innovation Management 2024-11-21 7.5 High
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVE-2022-27613 1 Synology 1 Carddav Server 2024-11-21 8.3 High
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
CVE-2022-27609 1 Forcepoint 1 One Endpoint 2024-11-21 6 Medium
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it.
CVE-2022-27608 1 Forcepoint 1 One Endpoint 2024-11-21 6 Medium
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.
CVE-2022-27575 1 Google 1 Android 2024-11-21 3.3 Low
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.