The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-37247 | Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | -- | Sep 17, 2022 |
| CVE-2022-37246 | Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. | -- | Sep 22, 2022 |
| CVE-2022-37245 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. | -- | Aug 26, 2022 |
| CVE-2022-37244 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. | -- | Aug 25, 2022 |
| CVE-2022-37243 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. | -- | Aug 26, 2022 |
| CVE-2022-37242 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. | -- | Aug 25, 2022 |
| CVE-2022-37241 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. | -- | Aug 26, 2022 |
| CVE-2022-37240 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. | -- | Aug 25, 2022 |
| CVE-2022-37239 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. | -- | Aug 26, 2022 |
| CVE-2022-37238 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. | -- | Aug 27, 2022 |
| CVE-2022-37237 | An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. | -- | Aug 30, 2022 |
| CVE-2022-37235 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | -- | Sep 24, 2022 |
| CVE-2022-37234 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | -- | Sep 23, 2022 |
| CVE-2022-37232 | Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | -- | Sep 24, 2022 |
| CVE-2022-37223 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | -- | Aug 25, 2022 |
| CVE-2022-37209 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | -- | Sep 29, 2022 |
| CVE-2022-37208 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | -- | Oct 13, 2022 |
| CVE-2022-37207 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection | -- | Sep 18, 2022 |
| CVE-2022-37205 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | -- | Sep 22, 2022 |
| CVE-2022-37204 | Final CMS 5.1.0 is vulnerable to SQL Injection. | -- | Sep 21, 2022 |
| CVE-2022-37203 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | -- | Sep 21, 2022 |
| CVE-2022-37202 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list | -- | Oct 28, 2022 |
| CVE-2022-37201 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. | -- | Sep 15, 2022 |
| CVE-2022-37199 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | -- | Aug 25, 2022 |
| CVE-2022-37197 | IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. | -- | Nov 18, 2022 |
| CVE-2022-37193 | Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. | -- | Oct 3, 2022 |
| CVE-2022-37191 | The component cuppa/api/index.php of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. | -- | Sep 17, 2022 |
| CVE-2022-37190 | CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from /api/index.php. | -- | Sep 17, 2022 |
| CVE-2022-37189 | DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe \'xml.etree\' library to parse untrusted XML input. | -- | Sep 10, 2022 |
| CVE-2022-37186 | In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically. | -- | Apr 17, 2023 |
| CVE-2022-37185 | SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage. | -- | Sep 9, 2022 |
| CVE-2022-37184 | The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | -- | Aug 31, 2022 |
| CVE-2022-37183 | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | -- | Aug 31, 2022 |
| CVE-2022-37181 | 72crm 9.0 has an Arbitrary file upload vulnerability. | -- | Aug 24, 2022 |
| CVE-2022-37178 | An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar. | -- | Aug 24, 2022 |
| CVE-2022-37177 | HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption. | -- | Sep 2, 2022 |
| CVE-2022-37176 | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard. | -- | Aug 30, 2022 |
| CVE-2022-37175 | Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. | -- | Aug 20, 2022 |
| CVE-2022-37173 | An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\\Program.exe. | -- | Aug 30, 2022 |
| CVE-2022-37172 | Incorrect access control in the install directory (C:\\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | -- | Aug 30, 2022 |
| CVE-2022-37164 | Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | -- | Sep 8, 2022 |
| CVE-2022-37163 | Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | -- | Sep 8, 2022 |
| CVE-2022-37162 | Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the \'Location\' field of a calendar event. | -- | Aug 27, 2022 |
| CVE-2022-37161 | Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | -- | Aug 27, 2022 |
| CVE-2022-37160 | Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user. | -- | Aug 27, 2022 |
| CVE-2022-37159 | Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | -- | Aug 27, 2022 |
| CVE-2022-37158 | RuoYi v3.8.3 has a Weak password vulnerability in the management system. | -- | Aug 25, 2022 |
| CVE-2022-37155 | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | -- | Dec 16, 2022 |
| CVE-2022-37153 | An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | -- | Aug 26, 2022 |
| CVE-2022-37152 | An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via dob parameter in /classes/Users.php?f=save_client | -- | Aug 27, 2022 |
