CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1901 CVE-2022-32295 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
1902 CVE-2022-32310 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.
1903 CVE-2022-32311 Sql 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
1904 CVE-2022-32324 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
1905 CVE-2022-32325 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.
1906 CVE-2022-32384 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.
1907 CVE-2022-32411 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
1908 CVE-2022-32412 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
1909 CVE-2022-32413 Exec Code 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.
1910 CVE-2022-32420 Exec Code 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.
1911 CVE-2022-32530 668 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)
1912 CVE-2022-32532 Bypass 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
1913 CVE-2022-32551 2022-07-02 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
1914 CVE-2022-32585 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
1915 CVE-2022-32969 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.
1916 CVE-2022-32988 XSS 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp.
1917 CVE-2022-32994 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
1918 CVE-2022-32995 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
1919 CVE-2022-33005 XSS 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field.
1920 CVE-2022-33007 Overflow 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.
1921 CVE-2022-33009 XSS 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file.
1922 CVE-2022-33021 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30.
1923 CVE-2022-33023 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.
1924 CVE-2022-33035 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
1925 CVE-2022-33036 Exec Code 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file.
1926 CVE-2022-33037 Exec Code 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.
1927 CVE-2022-33042 Sql 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.
1928 CVE-2022-33043 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.
1929 CVE-2022-33057 Sql 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.
1930 CVE-2022-33058 Sql 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message.
1931 CVE-2022-33059 Sql 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train.
1932 CVE-2022-33060 Sql 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
1933 CVE-2022-33061 Sql 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.
1934 CVE-2022-33075 XSS 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.
1935 CVE-2022-33082 DoS 2022-06-30 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
1936 CVE-2022-33085 Exec Code 2022-06-30 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
1937 CVE-2022-33087 DoS Overflow 2022-06-30 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
1938 CVE-2022-33099 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
1939 CVE-2022-33103 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
1940 CVE-2022-33107 Exec Code 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
1941 CVE-2022-33108 Overflow 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
1942 CVE-2022-33116 Dir. Trav. 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.
1943 CVE-2022-33128 Sql 2022-06-25 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.
1944 CVE-2022-33146 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
1945 CVE-2022-33171 Sql 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.
1946 CVE-2022-33202 Bypass +Info 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.
1947 CVE-2022-33208 Bypass 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.
1948 CVE-2022-33312 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability.
1949 CVE-2022-33313 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability.
1950 CVE-2022-33314 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 (This Page)40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.