Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-38342 Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Serve... | 8.5 | HIGH | — | 0 |
| CVE-2022-3182 Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolut... | 7.0 | HIGH | — | 0 |
| CVE-2022-3205 Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | 4.6 | MEDIUM | — | 0 |
| CVE-2022-22329 IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting t... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-22330 IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensi... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-22483 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-38496 LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48151 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects C... | N/A | NONE | — | 0 |
| CVE-2022-34336 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-34356 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502. | 7.8 | HIGH | — | 0 |
| CVE-2022-35637 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-36768 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014. | 7.8 | HIGH | — | 0 |
| CVE-2022-38306 LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. | 7.8 | HIGH | — | 0 |
| CVE-2022-38307 LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-38637 Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-39814 In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-39815 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-39816 In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-39817 In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated at... | 8.8 | HIGH | — | 0 |
| CVE-2022-39819 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system. | 8.8 | HIGH | — | 0 |
| CVE-2022-39821 In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, i... | 7.5 | HIGH | — | 0 |
| CVE-2022-40621 Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supp... | 7.5 | HIGH | — | 0 |
| CVE-2022-40622 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address... | 8.8 | HIGH | — | 0 |
| CVE-2022-40623 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, un... | 8.8 | HIGH | — | 0 |
| CVE-2021-36568 In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field des... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-31322 Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | 7.8 | HIGH | — | 0 |
| CVE-2022-31324 An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST req... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-31861 Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-34101 A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escal... | 7.8 | HIGH | — | 0 |
| CVE-2022-34102 Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM ... | 8.8 | HIGH | — | 0 |
| CVE-2022-35413 WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to th... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35582 Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predef... | 8.8 | HIGH | — | 0 |
| CVE-2022-38633 Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. | 7.8 | HIGH | — | 0 |
| CVE-2022-37190 CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | 8.8 | HIGH | — | 0 |
| CVE-2022-37191 The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-38305 AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP fi... | 8.8 | HIGH | — | 0 |
| CVE-2022-38768 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-38769 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. | 7.5 | HIGH | — | 0 |
| CVE-2022-38770 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-38771 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19586 Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. | 9.0 | CRITICAL | — | 0 |
| CVE-2020-19587 Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-34831 An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalizat... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2900 Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-36436 OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorize... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36667 Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the uploa... | 8.8 | HIGH | — | 0 |
| CVE-2022-36668 Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS pa... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-40737 An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_By... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-36669 Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37140 PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who d... | 8.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.