Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-36683 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36682 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1692 The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-st... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36681 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36680 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36679 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36678 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34608 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter at /AJAX/ajaxget. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30909 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30910 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30912 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0827 The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenti... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30913 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30914 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30915 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30916 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30917 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30918 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30919 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30920 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30921 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30922 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30923 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30924 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30925 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30926 H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37413 GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34023 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34610 H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36436 OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorize... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-20391 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000 | 9.8 | CRITICAL | β | 0 |
| CVE-2022-20390 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31499 Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28747 Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26136 A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35912 In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40589 ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36719 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok parameter at /admin/history.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30877 The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30882 pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31313 api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36716 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29013 A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22978 In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications us... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36715 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36697 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36696 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24082 If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to u... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36695 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-36693 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_item. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.