βΌ CVE-2022-1968 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29734 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24240 βΌ
π Read
via "National Vulnerability Database".
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30797 βΌ
π Read
via "National Vulnerability Database".
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31957 βΌ
π Read
via "National Vulnerability Database".
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30832 βΌ
π Read
via "National Vulnerability Database".
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30798 βΌ
π Read
via "National Vulnerability Database".
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31796 βΌ
π Read
via "National Vulnerability Database".
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43306 βΌ
π Read
via "National Vulnerability Database".
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 methodπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31350 βΌ
π Read
via "National Vulnerability Database".
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23236 βΌ
π Read
via "National Vulnerability Database".
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42203 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32004 βΌ
π Read
via "National Vulnerability Database".
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29648 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30808 βΌ
π Read
via "National Vulnerability Database".
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30277 βΌ
π Read
via "National Vulnerability Database".
BD SynapsysΓ’βΒ’, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30115 βΌ
π Read
via "National Vulnerability Database".
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29483 βΌ
π Read
via "National Vulnerability Database".
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31336 βΌ
π Read
via "National Vulnerability Database".
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.π Read
via "National Vulnerability Database".
βΌ CVE-2019-12350 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36866 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.π Read
via "National Vulnerability Database".