Latest CVE Feed
-
9.8
CRITICALCVE-2022-28120
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.... Read more
Affected Products : open_virtual_simulation_experiment_teaching_management_platform- Published: May. 05, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28163
In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.... Read more
Affected Products : sannav- Published: May. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/t... Read more
Affected Products : charm- Published: May. 07, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0817
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users... Read more
- Published: May. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28110
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.... Read more
Affected Products : hotel_management_system- Published: May. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-3616
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.... Read more
- Published: Aug. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-29009
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.... Read more
- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2011-0469
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.... Read more
Affected Products : opensuse- Published: Aug. 17, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-12908
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.... Read more
Affected Products : nexusphp- Published: Aug. 17, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2021-33315
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a craft... Read more
Affected Products : ti-pg1284i_firmware ti-g102i_firmware ti-g160i_firmware ti-g642i_firmware ti-pg102i_firmware ti-pg541i_firmware ti-rp262i_firmware teg-30102ws_firmware tpe-30102ws_firmware ti-pg1284i +8 more products- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29748
Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.... Read more
Affected Products : simple_client_management_system- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29983
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.... Read more
Affected Products : simple_client_management_system- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29990
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=.... Read more
Affected Products : online_sports_complex_booking_system- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30001
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.... Read more
- Published: May. 12, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-29741
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.... Read more
Affected Products : money_transfer_management_system- Published: May. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30386
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.... Read more
Affected Products : merchandise_online_store- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30387
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.... Read more
Affected Products : merchandise_online_store- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30391
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.... Read more
Affected Products : merchandise_online_store- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28930
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..... Read more
Affected Products : erp-pro- Published: May. 15, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Published: May. 16, 2022
- Modified: Nov. 21, 2024