Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-34149 Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-3586 A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from an... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27836 A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restri... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2927 Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36198 Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/ad... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34916 Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control o... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36030 Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37175 Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36578 jizhicms v2.3.1 has SQL injection in the background. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34602 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36606 Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36605 Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35201 Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24657 Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22). | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34615 Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36220 Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34603 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34604 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /dotrace.asp. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34605 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /dotrace.asp. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34606 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditvsList parameter at /dotrace.asp. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34607 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /doping.asp. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34608 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter at /AJAX/ajaxget. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34609 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34610 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34954 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29805 A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35540 Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36599 lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36947 Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36729 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36728 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36727 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36725 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36722 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35175 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35164 LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35154 Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35153 FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35606 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35605 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35603 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35602 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35601 A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2107 The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tr... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2141 SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35599 A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35598 A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35147 DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2336 Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34045 Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.