Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-40113 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40114 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40115 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45462 Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40116 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40117 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40118 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40119 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40120 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40121 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44172 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40122 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44174 Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43213 Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33552 Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44175 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44176 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-23591 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete ever... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41570 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-23584 Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_trac... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44177 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44178 Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24697 Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation mar... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40483 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40484 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40485 Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42998 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41571 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30257 An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including exp... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30004 Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection.. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57665 JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into f... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40050 ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-38946 Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54852 When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenti... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41497 ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-23583 OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXE... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42897 Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30258 An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including exp... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40877 Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-18447 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). | 9.8 | CRITICAL | — | 0 |
| CVE-2018-18446 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). | 9.8 | CRITICAL | — | 0 |
| CVE-2021-41433 SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44785 An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as dem... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41403 OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37346 EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticate... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43000 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36179 Fusiondirectory 1.3 suffers from Improper Session Handling. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-33106 WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41496 iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40871 Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted ... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.