Search Results (36949 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24219 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
CVE-2022-24206 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.
CVE-2022-24191 2 Fedoraproject, Htmldoc Project 2 Fedora, Htmldoc 2024-11-21 5.5 Medium
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
CVE-2022-24128 1 Timescale 1 Timescaledb 2024-11-21 8.0 High
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)
CVE-2022-24124 1 Casbin 1 Casdoor 2024-11-21 7.5 High
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
CVE-2022-24121 2 Centos, Unifiedoffice 2 Centos, Total Connect Now 2024-11-21 7.5 High
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter.
CVE-2022-24066 1 Simple-git Project 1 Simple-git 2024-11-21 8.1 High
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.
CVE-2022-23998 2 Google, Samsung 2 Android, Camera 2024-11-21 6.2 Medium
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status.
CVE-2022-23986 1 Phpuploader Project 1 Phpuploader 2024-11-21 7.5 High
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors.
CVE-2022-23972 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2024-11-21 8.8 High
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVE-2022-23968 1 Xerox 21 Versalink B400, Versalink B405, Versalink B600 and 18 more 2024-11-21 7.5 High
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
CVE-2022-23945 1 Apache 1 Shenyu 2024-11-21 7.5 High
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVE-2022-23944 1 Apache 1 Shenyu 2024-11-21 9.1 Critical
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
CVE-2022-23915 1 Weblate 1 Weblate 2024-11-21 7.2 High
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
CVE-2022-23911 1 Accesspressthemes 1 Ap Custom Testimonial 2024-11-21 7.2 High
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection
CVE-2022-23902 1 Tongda2000 1 Tongda Office Anywhere 2024-11-21 9.8 Critical
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.
CVE-2022-23899 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.
CVE-2022-23898 1 Mingsoft 1 Mcms 2024-11-21 9.8 Critical
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
CVE-2022-23882 1 Tuzicms 1 Tuzicms 2024-11-21 9.8 Critical
TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.
CVE-2022-23873 1 Victor Cms Project 1 Victor Cms 2024-11-21 8.8 High
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.