The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-36697 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36696 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36695 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36693 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_item. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36692 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36690 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36689 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36688 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36687 | Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36686 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36683 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36682 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36681 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36680 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36679 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36678 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | -- | Aug 27, 2022 | n/a |
| CVE-2022-36677 | Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document. | -- | Feb 29, 2024 | n/a |
| CVE-2022-36676 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36675 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36674 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36672 | Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36671 | Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36670 | PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | -- | Sep 12, 2022 | n/a |
| CVE-2022-36669 | Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | -- | Sep 16, 2022 | n/a |
| CVE-2022-36668 | Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. | -- | Sep 16, 2022 | n/a |
| CVE-2022-36667 | Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE. | -- | Sep 16, 2022 | n/a |
| CVE-2022-36664 | Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter. | -- | Dec 27, 2022 | n/a |
| CVE-2022-36663 | Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. | -- | Sep 9, 2022 | n/a |
| CVE-2022-36661 | xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. | -- | Sep 12, 2022 | n/a |
| CVE-2022-36660 | xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify(). | -- | Sep 12, 2022 | n/a |
| CVE-2022-36659 | xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. | -- | Sep 12, 2022 | n/a |
| CVE-2022-36657 | Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36648 | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. | -- | Aug 22, 2023 | n/a |
| CVE-2022-36647 | PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36642 | A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36640 | influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor\'s documentation states If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization. | -- | Sep 4, 2022 | n/a |
| CVE-2022-36639 | A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36638 | An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. | -- | Sep 3, 2022 | n/a |
| CVE-2022-36637 | Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36636 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36635 | ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. | -- | Oct 8, 2022 | n/a |
| CVE-2022-36634 | An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. | -- | Oct 7, 2022 | n/a |
| CVE-2022-36633 | Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload. | -- | Aug 24, 2022 | n/a |
| CVE-2022-36622 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36621 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36620 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36619 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | -- | Sep 2, 2022 | n/a |
| CVE-2022-36617 | Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. | -- | Sep 9, 2022 | n/a |
| CVE-2022-36616 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
| CVE-2022-36615 | TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | -- | Sep 1, 2022 | n/a |
