CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2022/11/30 7:15 a.m.•18 views

CVE-2022-4222

9.8CVSS0.00662EPSS

CVE•added 2022/11/30 12:0 a.m.•44 views

CVE-2022-4222

CVE-2022-4222 affects SourceCodester Canteen Management System. The vulnerability exists in the POST Request Handler’s function ajax_invoice.php, where manipulation of the parameter that accepts the search value enables a SQL injection. Remote exploitation is suggested by the description. Public ...

9.8CVSS7.7AI score0.00662EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2022/11/18 12:0 a.m.•4 views

PT-2022-27530 · Unknown · Drachtio-Server

Name of the Vulnerable Software and Affected Versions: drachtio-server version 0.8.18 Description: The issue is related to a use-after-free error in the event cb function within request-handler.cpp for any request. Recommendations: For drachtio-server version 0.8.18, consider disabling the event ...

9.8CVSS7AI score0.00939EPSS

Exploits1References9

CNNVD•added 2022/11/18 12:0 a.m.•5 views

drachtio-server 资源管理错误漏洞

drachtio-server is a SIP server built on the sofia SIP stack by drachtio open source. drachtio drachtio-server version 0.8.18 is vulnerable to a memory misquoting vulnerability that stems from the request-handler.cpp component receiving requests when the event The cb instruction responsible for...

9.8CVSS7.4AI score0.00939EPSS

Exploits1References3

NVD•added 2022/08/05 9:15 p.m.•17 views

CVE-2022-2676

A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument useremail leads to sql injection. The attack may be launched...

9.8CVSS0.00613EPSS

Prion•added 2022/08/05 9:15 p.m.•10 views

Sql injection

7.5CVSS9.6AI score0.00613EPSS

Cvelist•added 2022/08/05 8:20 p.m.•26 views

CVE-2022-2676 SourceCodester Electronic Medical Records System POST Request sql injection

6.3CVSS9.9AI score0.00613EPSS

NVD•added 2022/08/05 12:15 p.m.•10 views

CVE-2022-2673

A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to s...

8.8CVSS0.00465EPSS

Cvelist•added 2022/08/05 11:40 a.m.•13 views

CVE-2022-2673 Rigatur Online Booking and Hotel Management System POST Request login.php sql injection

6.3CVSS9.2AI score0.00465EPSS

Vulnrichment•added 2022/08/05 10:45 a.m.•4 views

CVE-2022-2664 Private Cloud Management Platform POST Request global_config_query improper authentication

A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcxmanagement/globalconfigquery of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launc...

7.3CVSS7AI score0.00579EPSS

BDU FSTEC•added 2022/08/04 12:0 a.m.•4 views

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API allows a perpetrator to execute arbitrary code due to incorrect authentication.

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API is related to incorrect authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted HTTP request...

7.8CVSS7.6AI score0.00867EPSS

Exploits0References5Affected Software1

OSV•added 2021/11/29 8:15 a.m.•0 views

UBUNTU-CVE-2019-8921

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrar...

6.5CVSS7AI score0.00936EPSS

Exploits1References4

NVD•added 2021/09/30 4:15 p.m.•15 views

CVE-2021-24017

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler...

5.4CVSS0.00536EPSS

Positive Technologies•added 2021/05/24 12:0 a.m.•2 views

PT-2021-18829 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.4 iOS versions prior to 14.6 iPadOS versions prior to 14.6 tvOS versions prior to 14.6 watchOS versions prior to 7.5 Description: A local attacker may be able to elevate their privileges due to an issue in the...

7.8CVSS6.3AI score0.00783EPSS

Exploits0References15

OSV•added 2021/04/23 4:15 p.m.•31 views

CVE-2021-31404

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

2.5CVSS6.7AI score0.0021EPSS

OSV•added 2021/04/23 4:15 p.m.•20 views

CVE-2018-25007

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...

4.3CVSS6.6AI score0.00574EPSS

NVD•added 2021/04/23 4:15 p.m.•32 views

CVE-2018-25007

4.3CVSS0.00574EPSS