CVE-2022-41604 28 Sep 2022
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for th... Read more ➔
CVE-2022-41571 28 Sep 2022
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. Read more ➔
CVE-2022-41570 28 Sep 2022
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. Read more ➔
CVE-2022-40878 28 Sep 2022
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RC... Read more ➔
CVE-2022-40877 28 Sep 2022
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. Read more ➔
CVE-2022-40817 28 Sep 2022
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perf... Read more ➔
CVE-2022-40816 28 Sep 2022
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see... Read more ➔
CVE-2022-40354 28 Sep 2022
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_bookin... Read more ➔
CVE-2022-40353 28 Sep 2022
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.ph... Read more ➔
CVE-2022-40352 28 Sep 2022
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_travel... Read more ➔
CVE-2022-40199 28 Sep 2022
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote auth... Read more ➔
CVE-2022-3323 28 Sep 2022
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP... Read more ➔
CVE-2022-3303 28 Sep 2022
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handlin... Read more ➔
CVE-2022-39835 28 Sep 2022
An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by... Read more ➔
CVE-2022-38975 28 Sep 2022
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by ha... Read more ➔
CVE-2022-38932 28 Sep 2022
readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Read more ➔
CVE-2022-38335 28 Sep 2022
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. Read more ➔
CVE-2022-37346 28 Sep 2022
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting... Read more ➔
CVE-2022-37209 28 Sep 2022
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL co... Read more ➔
CVE-2022-37193 28 Sep 2022
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revo... Read more ➔
CVE-2022-37028 28 Sep 2022
ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload... Read more ➔
CVE-2022-34326 28 Sep 2022
On Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task can be locked when there are frequent and continuous Wi-F... Read more ➔
CVE-2022-31367 28 Sep 2022
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. Read more ➔
CVE-2022-23006 28 Sep 2022
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacke... Read more ➔