The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-36733 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36732 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36731 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36730 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36714 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36713 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36712 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36711 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36709 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36690 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36689 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36688 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36687 | Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36686 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36676 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36675 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36674 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36672 | Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36671 | Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36657 | Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36647 | PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36642 | A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36640 | influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\'s documentation states If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization. | -- | Sep 4, 2022 | n/a |
| CVE-2022-36639 | A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36638 | An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36637 | Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36636 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36622 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36621 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36620 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36619 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36616 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36615 | TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36614 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36613 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36612 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36611 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36610 | TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36609 | Clinic\'s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36604 | An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36603 | InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36602 | InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36600 | BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36594 | Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36593 | kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36583 | DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36582 | An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36581 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36580 | An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36573 | A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. | -- | Sep 1, 2022 | n/a |
