Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
Source: MITRE
Max CVSS
7.8
EPSS Score
7.76%
Published
2022-01-31
Updated
2022-02-03
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
Source: MITRE
Max CVSS
7.8
EPSS Score
11.20%
Published
2022-01-31
Updated
2022-02-03
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
Source: MITRE
Max CVSS
7.8
EPSS Score
11.20%
Published
2022-01-31
Updated
2022-02-03
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
Source: MITRE
Max CVSS
9.8
EPSS Score
11.37%
Published
2022-01-31
Updated
2023-11-14
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.08%
Published
2022-01-31
Updated
2022-08-19
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
Source: MITRE
Max CVSS
7.5
EPSS Score
8.99%
Published
2022-01-29
Updated
2022-04-05
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.
Source: MITRE
Max CVSS
9.0
EPSS Score
0.23%
Published
2022-01-29
Updated
2022-02-04
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-01-29
Updated
2023-12-28
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.
Source: Naver Corporation
Max CVSS
4.3
EPSS Score
0.07%
Published
2022-01-28
Updated
2022-02-02
Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.10%
Published
2022-01-30
Updated
2022-02-04
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.09%
Published
2022-01-26
Updated
2022-04-29
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.64%
Published
2022-01-26
Updated
2022-10-31
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15).
Source: Patchstack
Max CVSS
4.8
EPSS Score
0.05%
Published
2022-01-28
Updated
2022-02-02
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as soon as the boot process finishes. However, this boot loop can be resolved by a field technician. The TIFF file must have an incomplete Image Directory. Affected firmware versions include xx.42.01 and xx.50.61. NOTE: the 2022-01-24 NeoSmart article included "believed to affect all previous and later versions as of the date of this posting" but a 2022-01-26 vendor statement reports "the latest versions of firmware are not vulnerable to this issue."
Source: MITRE
Max CVSS
7.8
EPSS Score
0.16%
Published
2022-01-26
Updated
2022-02-03
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.61%
Published
2022-01-26
Updated
2022-08-02
Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
Source: Apache Software Foundation
Max CVSS
7.5
EPSS Score
0.42%
Published
2022-01-25
Updated
2022-02-01
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
Source: Apache Software Foundation
Max CVSS
9.1
EPSS Score
25.68%
Published
2022-01-25
Updated
2022-02-01
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.06%
Published
2022-01-25
Updated
2022-05-19
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.08%
Published
2022-01-28
Updated
2022-02-03
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.11%
Published
2022-01-28
Updated
2022-02-02
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-01-28
Updated
2022-02-02
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
Source: MITRE
Max CVSS
4.8
EPSS Score
0.05%
Published
2022-01-31
Updated
2022-09-30
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.73%
Published
2022-01-28
Updated
2022-02-02
A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.
Source: MITRE
Max CVSS
9.0
EPSS Score
0.10%
Published
2022-01-24
Updated
2022-12-09
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords).
Source: MITRE
Max CVSS
6.5
EPSS Score
0.06%
Published
2022-01-24
Updated
2022-01-27
2016 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!