U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CVSS Version: 3
  • CVSS V3 Severity: Critical (9-10)
There are 23,730 matching records.
Displaying matches 8,001 through 8,020.
Vuln ID Summary CVSS Severity
CVE-2022-32352

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission.

Published: June 14, 2022; 12:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-32328

Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=delete_img.

Published: June 14, 2022; 12:15:08 PM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2022-32336

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=.

Published: June 14, 2022; 10:15:08 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-31311

An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.

Published: June 14, 2022; 10:15:08 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-27889

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.

Published: June 14, 2022; 10:15:07 AM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2022-31273

An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.

Published: June 14, 2022; 9:15:08 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 5.0 MEDIUM
CVE-2022-32262

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.

Published: June 14, 2022; 6:15:21 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-32260

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.

Published: June 14, 2022; 6:15:21 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-32251

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user.

Published: June 14, 2022; 6:15:20 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-30230

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.

Published: June 14, 2022; 6:15:20 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-25651

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Published: June 14, 2022; 6:15:19 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-22087

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: June 14, 2022; 6:15:19 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-22086

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: June 14, 2022; 6:15:19 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-35104

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Published: June 14, 2022; 6:15:17 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-35083

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: June 14, 2022; 6:15:16 AM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0: 9.4 HIGH
CVE-2021-35081

Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Published: June 14, 2022; 6:15:16 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-30341

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

Published: June 14, 2022; 6:15:14 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-25167

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.

Published: June 14, 2022; 4:15:06 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-31446

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

Published: June 13, 2022; 11:15:08 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-41662

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution.

Published: June 13, 2022; 7:15:08 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH