VYPR

CVEs

31,782 total · page 361 of 636

  • CVE-2021-44249CriJan 28, 2022
    risk 0.64cvss 9.8epss 0.02

    Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.

  • CVE-2021-46428CriJan 27, 2022
    risk 0.64cvss 9.8epss 0.03

    A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.

  • CVE-2021-46427CriJan 27, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.

  • CVE-2021-46377CriJan 27, 2022
    risk 0.64cvss 9.8epss 0.01

    There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser

  • CVE-2022-21723CriJan 27, 2022
    risk 0.00cvss 9.1epss 0.04

    PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can…

  • CVE-2022-21722CriJan 27, 2022
    risk 0.00cvss 9.1epss 0.02

    PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP…

  • CVE-2022-21686CriJan 26, 2022
    risk 0.52cvss 9.0epss 0.02

    PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

  • CVE-2021-46386CriJan 26, 2022
    risk 0.64cvss 9.8epss 0.03

    File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.

  • CVE-2022-0362CriJan 26, 2022
    risk 0.57cvss 9.8epss 0.01

    SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.

  • CVE-2021-46560CriJan 26, 2022
    risk 0.64cvss 9.8epss 0.04

    The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.

  • CVE-2022-23959CriJan 26, 2022
    risk 0.59cvss 9.1epss 0.02

    In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

  • CVE-2021-36294CriJan 25, 2022
    risk 0.64cvss 9.8epss 0.02

    Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.

  • CVE-2022-0332CriJan 25, 2022
    risk 0.63cvss 9.8epss 0.45

    A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

  • CVE-2021-43298CriJan 25, 2022
    risk 0.64cvss 9.8epss 0.02

    The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's…

  • CVE-2021-46089CriJan 25, 2022
    risk 0.57cvss 9.8epss 0.02

    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.

  • CVE-2021-46033CriJan 25, 2022
    risk 0.64cvss 9.8epss 0.01

    In ForestBlog, as of 2021-12-28, File upload can bypass verification.

  • CVE-2021-3850CriJan 25, 2022
    risk 0.52cvss 9.1epss 0.02

    Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

  • CVE-2022-23944CriJan 25, 2022
    risk 0.06cvss 9.1epss 0.79

    User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

  • CVE-2021-45802CriJan 25, 2022
    risk 0.64cvss 9.8epss 0.01

    MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.

  • CVE-2021-45029CriJan 25, 2022
    risk 0.64cvss 9.8epss 0.06

    Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

  • CVE-2021-43394CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.

  • CVE-2021-46451CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.

  • CVE-2020-17383CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.04

    A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password…

  • CVE-2022-23126CriJan 24, 2022
    risk 0.00cvss 9.8epss 0.02

    TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for…

  • CVE-2021-43420CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2021-41928CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.02

    SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.

  • CVE-2021-41660CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.

  • CVE-2021-41659CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.

  • CVE-2021-41472CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.

  • CVE-2021-41471CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.

  • CVE-2021-40909CriJan 24, 2022
    risk 0.63cvss 9.6epss 0.02

    Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.

  • CVE-2021-40908CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.

  • CVE-2021-40907CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.

  • CVE-2021-40596CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.

  • CVE-2022-23855CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account.

  • CVE-2022-23852CriJan 24, 2022
    risk 0.00cvss 9.8epss 0.05

    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

  • CVE-2021-30636CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.01

    In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.

  • CVE-2021-26706CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds the address space: Mem_PoolCreate, Mem_DynPoolCreate, and Mem_DynPoolCreateHW.…

  • CVE-2021-46024CriJan 23, 2022
    risk 0.64cvss 9.8epss 0.01

    Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.

  • CVE-2022-23366CriJan 21, 2022
    risk 0.67cvss 9.8epss 0.07

    HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.

  • CVE-2022-23365CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.

  • CVE-2022-23364CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.

  • CVE-2022-23363CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.

  • CVE-2021-40595CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.

  • CVE-2022-23128CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.03

    Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97…

  • CVE-2021-40247CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.

  • CVE-2020-4879CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

  • CVE-2020-4877CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.

  • CVE-2021-46309CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.

  • CVE-2021-46308CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.