Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-28945 An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29483 Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of th... | 7.8 | HIGH | β | 0 |
| CVE-2022-29488 The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2022-29540 resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input w... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-29598 Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | 6.1 | MEDIUM | β | 0 |
| CVE-2022-29624 An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 | HIGH | β | 0 |
| CVE-2022-21785 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-29628 A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parame... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-29647 An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | 8.8 | HIGH | β | 0 |
| CVE-2022-29648 A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-29653 OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-29659 Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29692 Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. | 7.8 | HIGH | β | 0 |
| CVE-2022-29693 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | 7.5 | HIGH | β | 0 |
| CVE-2022-30496 SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive in... | 7.5 | HIGH | β | 0 |
| CVE-2022-29694 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. | 7.5 | HIGH | β | 0 |
| CVE-2022-29695 Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | 7.5 | HIGH | β | 0 |
| CVE-2022-29711 LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-29712 LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29725 An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 | HIGH | β | 0 |
| CVE-2022-29729 Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the we... | 7.5 | HIGH | β | 0 |
| CVE-2022-30503 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-29730 USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29731 An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-29732 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to e... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-29733 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie aut... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-29734 A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-29735 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | 8.8 | HIGH | β | 0 |
| CVE-2022-29776 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29777 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29779 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-29780 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-29788 libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-30034 Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke... | 8.6 | HIGH | β | 0 |
| CVE-2022-30115 Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-30277 BD Synapsysβ’, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, in... | 5.7 | MEDIUM | β | 0 |
| CVE-2022-30324 HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client ag... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30349 siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | 6.1 | MEDIUM | β | 0 |
| CVE-2022-30352 phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30423 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30425 Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST requ... | 8.8 | HIGH | β | 0 |
| CVE-2022-30470 In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30478 Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30481 Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30482 Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-30490 Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-39356 NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and KillerΓ’βΒ’ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service vi... | 7.4 | HIGH | β | 0 |
| CVE-2022-30510 School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30511 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30512 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.