Search Results (36950 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24407 6 Cyrusimap, Debian, Fedoraproject and 3 more 14 Cyrus-sasl, Debian Linux, Fedora and 11 more 2024-11-21 8.8 High
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVE-2022-24400 1 Midnightblue 1 Tetra\ 2024-11-21 7.5 High
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.
CVE-2022-24391 1 Fidelissecurity 2 Deception, Network 2024-11-21 8.8 High
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
CVE-2022-24376 1 Git-promise Project 1 Git-promise 2024-11-21 7.2 High
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.
CVE-2022-24329 2 Jetbrains, Oracle 3 Kotlin, Communications Cloud Native Core Binding Support Function, Communications Pricing Design Center 2024-11-21 5.3 Medium
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
CVE-2022-24317 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 7.5 High
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24307 1 Joinmastodon 1 Mastodon 2024-11-21 9.8 Critical
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not compact incoming signed JSON-LD activities. (JSON-LD signing has been supported since version 1.6.0.)
CVE-2022-24306 1 Zohocorp 1 Manageengine Sharepoint Manager Plus 2024-11-21 9.8 Critical
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.
CVE-2022-24266 1 Cuppacms 1 Cuppacms 2024-11-21 7.5 High
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
CVE-2022-24265 1 Cuppacms 1 Cuppacms 2024-11-21 7.5 High
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
CVE-2022-24264 1 Cuppacms 1 Cuppacms 2024-11-21 7.5 High
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
CVE-2022-24263 1 Phpgurukul 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVE-2022-24260 1 Voipmonitor 1 Voipmonitor 2024-11-21 9.8 Critical
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.
CVE-2022-24240 1 Aceware 1 Aceweb Online Portal 2024-11-21 9.8 Critical
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
CVE-2022-24232 1 Hospital\'s Patient Records Management System Project 1 Hospital\'s Patient Records Management System 2024-11-21 7.8 High
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-24231 1 Simple Student Information System Project 1 Simple Student Information System 2024-11-21 9.8 Critical
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.
CVE-2022-24226 1 Phpgurukul 1 Hospital Management System 2024-11-21 7.5 High
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVE-2022-24223 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
CVE-2022-24222 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
CVE-2022-24221 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.