Search Results (36952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26585 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.
CVE-2022-26581 2 Pax, Paxtechnology 3 A930, A930, Paydroid 2024-11-21 5.2 Medium
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability.
CVE-2022-26563 1 Tildeslash 1 Monit 2024-11-21 8.8 High
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
CVE-2022-26546 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.1 Critical
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.
CVE-2022-26532 1 Zyxel 130 Atp100, Atp100 Firmware, Atp100w and 127 more 2024-11-21 7.8 High
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
CVE-2022-26479 1 Poly 2 Eagleeye Director Ii, Eagleeye Director Ii Firmware 2024-11-21 9.8 Critical
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
CVE-2022-26435 3 Google, Mediatek, Yoctoproject 32 Android, Mt6833, Mt6853 and 29 more 2024-11-21 6.7 Medium
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435.
CVE-2022-26433 3 Google, Mediatek, Yoctoproject 32 Android, Mt6833, Mt6853 and 29 more 2024-11-21 6.7 Medium
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.
CVE-2022-26430 3 Google, Mediatek, Yoctoproject 25 Android, Mt6833, Mt6853 and 22 more 2024-11-21 6.7 Medium
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521.
CVE-2022-26429 2 Google, Mediatek 42 Android, Mt6580, Mt6735 and 39 more 2024-11-21 7.8 High
In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415.
CVE-2022-26348 1 Gallagher 1 Command Centre 2024-11-21 8.2 High
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.
CVE-2022-26301 1 Yejiao 1 Tuzicms 2024-11-21 9.8 Critical
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.
CVE-2022-26293 1 Online Project Time Management System Project 1 Online Project Time Management System 2024-11-21 9.8 Critical
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
CVE-2022-26285 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVE-2022-26284 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVE-2022-26268 1 Xiaohuanxiong Project 1 Xiaohuanxiong 2024-11-21 9.8 Critical
Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.
CVE-2022-26266 1 Piwigo 1 Piwigo 2024-11-21 8.8 High
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.
CVE-2022-26245 1 Open-falcon 1 Falcon-plus 2024-11-21 9.8 Critical
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.
CVE-2022-26201 1 Victor Cms Project 1 Victor Cms 2024-11-21 9.8 Critical
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
CVE-2022-26171 1 Bank Management System Project 1 Bank Management System 2024-11-21 9.8 Critical
Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.