Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-22413 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, mo... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29995 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29994 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29993 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29992 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29990 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29989 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29988 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31267 Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29987 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29986 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29985 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29984 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31259 The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in va... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1813 OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22258 The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and resul... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29983 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29982 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29981 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1775 Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29980 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29979 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29751 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29750 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29749 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29748 Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29747 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29539 resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42863 A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30592 liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30453 ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29392 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43741 CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23676 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29391 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29329 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29328 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29327 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29326 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29325 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29324 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29323 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29322 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29321 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22955 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and e... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22956 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and e... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28915 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28913 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28912 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28911 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.