Search Results (36952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25506 1 Freetakserver-ui Project 1 Freetakserver-ui 2024-11-21 6.5 Medium
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
CVE-2022-25505 1 Taogogo 1 Taocms 2024-11-21 9.8 Critical
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-25494 1 Online Banking System Project 1 Online Banking System 2024-11-21 9.8 Critical
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.
CVE-2022-25492 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
CVE-2022-25491 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 7.5 High
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
CVE-2022-25490 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
CVE-2022-25488 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
CVE-2022-25486 1 Cuppacms 1 Cuppacms 2024-11-21 7.8 High
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
CVE-2022-25485 1 Cuppacms 1 Cuppacms 2024-11-21 7.8 High
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
CVE-2022-25406 1 Tongda2000 1 Tongda2000 2024-11-21 9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter.
CVE-2022-25405 1 Tongda2000 1 Tongda2000 2024-11-21 9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter.
CVE-2022-25404 1 Tongda2000 1 Tongda2000 2024-11-21 9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.
CVE-2022-25403 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.
CVE-2022-25399 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2024-11-21 9.8 Critical
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
CVE-2022-25398 1 Auto Spare Parts Management Project 1 Auto Spare Parts Management 2024-11-21 9.8 Critical
Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
CVE-2022-25396 1 Cosmetics And Beauty Product Online Store Project 1 Cosmetics And Beauty Product Online Store 2024-11-21 9.8 Critical
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.
CVE-2022-25394 1 Medical Store Management System Project 1 Medical Store Management System 2024-11-21 9.8 Critical
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.
CVE-2022-25393 1 Simple Bakery Shop Management Project 1 Simple Bakery Shop Management 2024-11-21 7.5 High
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
CVE-2022-25342 1 Olivetti 2 D-color Mf3555, D-color Mf3555 Firmware 2024-11-21 8.1 High
An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, it allows a potential attacker to view pages that are not allowed.
CVE-2022-25335 1 Rigoblock 1 Drago 2024-11-21 7.5 High
RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs.