IDCVSSSummaryLast (major) updatePublished
CVE-2022-40097 None
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php.
26-09-2022 - 21:15 26-09-2022 - 21:15
CVE-2022-40098 None
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.
26-09-2022 - 21:15 26-09-2022 - 21:15
CVE-2022-40099 None
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.
26-09-2022 - 21:15 26-09-2022 - 21:15
CVE-2022-30004 None
Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection..
26-09-2022 - 20:15 26-09-2022 - 20:15
CVE-2022-40050 None
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.
26-09-2022 - 20:15 26-09-2022 - 20:15
CVE-2022-30003 None
Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.
26-09-2022 - 20:00 26-09-2022 - 19:15
CVE-2022-3290 None
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
26-09-2022 - 20:00 26-09-2022 - 19:15
CVE-2022-22058 None
Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn
26-09-2022 - 20:00 26-09-2022 - 17:15
CVE-2022-3272 None
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
26-09-2022 - 20:00 26-09-2022 - 17:16
CVE-2022-23144 None
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
26-09-2022 - 19:01 23-09-2022 - 15:15
CVE-2022-35251 None
A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the cont
26-09-2022 - 18:57 23-09-2022 - 19:15
CVE-2022-38085 None
Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.
26-09-2022 - 18:56 23-09-2022 - 15:15
CVE-2022-35257 None
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
26-09-2022 - 18:56 23-09-2022 - 14:15
CVE-2022-28802 None
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally
26-09-2022 - 18:49 21-09-2022 - 20:15
CVE-2022-33649 None
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.
26-09-2022 - 18:40 09-08-2022 - 20:15
CVE-2022-38460 None
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.
26-09-2022 - 18:36 23-09-2022 - 15:15
CVE-2022-2566 None
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an inte
26-09-2022 - 18:23 23-09-2022 - 12:15
CVE-2022-35248 None
A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.
26-09-2022 - 18:20 23-09-2022 - 19:15
CVE-2022-35249 None
A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.
26-09-2022 - 18:20 23-09-2022 - 19:15
CVE-2022-3218 None
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
26-09-2022 - 18:15 19-09-2022 - 17:15
CVE-2021-27876 7.5
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA A
26-09-2022 - 18:15 01-03-2021 - 22:15
CVE-2021-27877 7.5
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled
26-09-2022 - 18:15 01-03-2021 - 22:15
CVE-2021-27878 9.0
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA A
26-09-2022 - 18:15 01-03-2021 - 22:15
CVE-2022-39231 None
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumve
26-09-2022 - 18:07 23-09-2022 - 08:15
CVE-2022-35247 None
A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.
26-09-2022 - 18:05 23-09-2022 - 19:15
CVE-2022-35621 None
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.
26-09-2022 - 17:59 21-09-2022 - 19:15
CVE-2022-40979 None
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
26-09-2022 - 17:55 23-09-2022 - 11:15
CVE-2022-2785 None
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbit
26-09-2022 - 17:26 23-09-2022 - 11:15
CVE-2022-26112 None
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by defaul
26-09-2022 - 17:22 23-09-2022 - 08:15
CVE-2022-39230 None
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API
26-09-2022 - 17:20 23-09-2022 - 07:15
CVE-2022-33681 None
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to th
26-09-2022 - 17:10 23-09-2022 - 10:15
CVE-2022-3269 None
Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.
26-09-2022 - 17:05 23-09-2022 - 10:15
CVE-2022-36340 None
Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.
26-09-2022 - 17:01 23-09-2022 - 19:15
CVE-2022-40716 None
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5,
26-09-2022 - 16:50 23-09-2022 - 12:15
CVE-2022-38936 None
An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.
26-09-2022 - 16:45 23-09-2022 - 11:15
CVE-2022-40132 None
Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
26-09-2022 - 16:43 23-09-2022 - 19:15
CVE-2022-3278 None
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
26-09-2022 - 16:40 23-09-2022 - 22:15
CVE-2022-40113 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.
26-09-2022 - 16:39 23-09-2022 - 22:15
CVE-2022-40114 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.
26-09-2022 - 16:39 23-09-2022 - 22:15
CVE-2022-40115 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.
26-09-2022 - 16:39 23-09-2022 - 22:15
CVE-2022-40116 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.
26-09-2022 - 16:39 23-09-2022 - 22:15
CVE-2022-35896 None
An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of
26-09-2022 - 16:39 22-09-2022 - 00:15
CVE-2022-40117 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php.
26-09-2022 - 16:38 23-09-2022 - 22:15
CVE-2022-40118 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php.
26-09-2022 - 16:38 23-09-2022 - 22:15
CVE-2022-40119 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php.
26-09-2022 - 16:37 23-09-2022 - 22:15
CVE-2022-40120 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php.
26-09-2022 - 16:37 23-09-2022 - 22:15
CVE-2022-40121 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.
26-09-2022 - 16:37 23-09-2022 - 22:15
CVE-2022-40122 None
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.
26-09-2022 - 16:36 23-09-2022 - 22:15
CVE-2022-40310 None
Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.
26-09-2022 - 16:36 23-09-2022 - 15:15
CVE-2022-39238 None
Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled
26-09-2022 - 16:35 23-09-2022 - 08:15
Back to Top Mark selected
Back to Top