U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
There are 179,446 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.

Published: July 05, 2022; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-32413

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.

Published: July 05, 2022; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-32311

Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.

Published: July 05, 2022; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-32310

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.

Published: July 05, 2022; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-31856

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.

Published: July 05, 2022; 4:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-2321

Login Bruteforce attacks

Published: July 05, 2022; 3:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-33075

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.

Published: July 05, 2022; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.

Published: July 05, 2022; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.

Published: July 05, 2022; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-31014

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue.

Published: July 05, 2022; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

Published: July 05, 2022; 2:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-34879

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

Published: July 05, 2022; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-34878

SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

Published: July 05, 2022; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-34877

SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

Published: July 05, 2022; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-34876

SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

Published: July 05, 2022; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-31770

IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.

Published: July 05, 2022; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-31836

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.

Published: July 05, 2022; 11:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-43116

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.

Published: July 05, 2022; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

Published: July 05, 2022; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-33743

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

Published: July 05, 2022; 9:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)