Search Results (Refine Search)
- CVSS Version: 3
- CVSS V3 Severity: Critical (9-10)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-36444 |
An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker (with network access to the admin interface) to disrupt system availability or potentially compromise the confidentiality and integrity of the system. Published: July 25, 2022; 2:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2017-20145 |
A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component. Published: July 25, 2022; 1:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2016-15004 |
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component. Published: July 23, 2022; 3:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34115 |
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. Published: July 22, 2022; 7:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34113 |
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Published: July 22, 2022; 7:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-25759 |
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. Published: July 22, 2022; 4:15:09 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34839 |
Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. Published: July 22, 2022; 1:15:09 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2017-20143 |
A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Published: July 22, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2017-20142 |
A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Published: July 22, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2017-20141 |
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Published: July 22, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2017-20139 |
A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published: July 22, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34983 |
The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34982 |
The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34981 |
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34509 |
The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34501 |
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-34500 |
The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-2143 |
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-2139 |
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Published: July 22, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-0977 |
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. Published: July 21, 2022; 7:15:09 PM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0:(not available) |