Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-29317 Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30105 In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0783 The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to u... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0773 The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0771 The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated an... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29392 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28573 D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the syst... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27982 RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27466 MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22831 An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22832 An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28571 D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28054 Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24552 A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker wi... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27360 SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1300 Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30815 elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29393 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29394 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29395 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29396 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29516 The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, I... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29397 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1795 Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25767 All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of loca... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27444 The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administra... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0592 The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated use... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30055 Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28521 ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29738 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-33318 An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29739 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29745 Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28111 MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29746 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-28524 ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42185 wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27985 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1386 The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0814 The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0817 The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated us... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0867 The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action a... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-27469 Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29622 An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has commo... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29354 An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29353 An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29747 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29748 Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29749 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-29750 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.