VYPR

CVEs

31,782 total · page 362 of 636

  • CVE-2021-46307CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.

  • CVE-2021-46201CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.

  • CVE-2021-46200CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.

  • CVE-2021-46198CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.

  • CVE-2021-40855CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.01

    The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.

  • CVE-2021-35004CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2021-35003CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS…

  • CVE-2022-0318CriJan 21, 2022
    risk 0.00cvss 9.8epss 0.02

    Heap-based Buffer Overflow in vim/vim prior to 8.2.

  • CVE-2022-23315CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

  • CVE-2022-23314CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

  • CVE-2022-22930CriJan 21, 2022
    risk 0.66cvss 9.8epss 0.24

    A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

  • CVE-2022-22929CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.03

    MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

  • CVE-2022-22928CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.03

    MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

  • CVE-2021-46061CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.

  • CVE-2021-44245CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters.

  • CVE-2021-44244CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.

  • CVE-2021-44092CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.

  • CVE-2021-44090CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerability exists in Sourcecodester Online Reviewer System 1.0 via the password parameter.

  • CVE-2021-44736CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.02

    The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

  • CVE-2021-44735CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.08

    Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

  • CVE-2021-44734CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.06

    Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

  • CVE-2021-44738CriJan 20, 2022
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

  • CVE-2021-46204CriJan 19, 2022
    risk 0.64cvss 9.8epss 0.01

    Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

  • CVE-2021-33913CriJan 19, 2022
    risk 0.64cvss 9.8epss 0.10

    libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount…

  • CVE-2021-33912CriJan 19, 2022
    risk 0.64cvss 9.8epss 0.10

    libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in…

  • CVE-2022-23221CriJan 19, 2022
    risk 0.62cvss 9.8epss 0.65

    H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.

  • CVE-2022-21391CriJan 19, 2022
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged…

  • CVE-2022-21390CriJan 19, 2022
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2022-21389CriJan 19, 2022
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2022-21306CriJan 19, 2022
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2022-21276CriJan 19, 2022
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged…

  • CVE-2022-21275CriJan 19, 2022
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2021-35683CriJan 19, 2022
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported version that is affected is Prior to 11.1.2.4.047. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2021-35587CriKEVJan 19, 2022
    risk 0.86cvss 9.8epss 0.96

    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2022-23408CriJan 18, 2022
    risk 0.00cvss 9.1epss 0.01

    wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.

  • CVE-2021-46013CriJan 18, 2022
    risk 0.64cvss 9.8epss 0.03

    An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets…

  • CVE-2021-29215CriJan 18, 2022
    risk 0.64cvss 9.8epss 0.01

    A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9:…

  • CVE-2022-23305CriJan 18, 2022
    risk 0.62cvss 9.8epss 0.67

    By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering…

  • CVE-2021-38697CriJan 18, 2022
    risk 0.64cvss 9.8epss 0.03

    SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.

  • CVE-2021-22566CriJan 18, 2022
    risk 0.64cvss 9.8epss 0.00

    An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An…

  • CVE-2021-44757CriJan 18, 2022
    risk 0.61cvss 9.1epss 0.24

    Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

  • CVE-2021-4171CriJan 17, 2022
    risk 0.57cvss 9.8epss 0.01

    calibre-web is vulnerable to Business Logic Errors

  • CVE-2022-0239CriJan 17, 2022
    risk 0.57cvss 9.8epss 0.01

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference

  • CVE-2022-23304CriJan 17, 2022
    risk 0.64cvss 9.8epss 0.02

    The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

  • CVE-2022-23303CriJan 17, 2022
    risk 0.64cvss 9.8epss 0.03

    The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

  • CVE-2022-23178CriJan 15, 2022
    risk 0.73cvss 9.8epss 0.76

    An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON…

  • CVE-2021-33963CriJan 15, 2022
    risk 0.64cvss 9.8epss 0.03

    China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.

  • CVE-2021-24044CriJan 15, 2022
    risk 0.64cvss 9.8epss 0.01

    By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type…

  • CVE-2021-44530CriJan 14, 2022
    risk 0.64cvss 9.8epss 0.01

    An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.

  • CVE-2021-39623CriJan 14, 2022
    risk 0.64cvss 9.8epss 0.02

    In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…