Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2705
A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_department.php. The manipulation of the argument id with the input -5756%27%20UNION%20ALL%...
Simple Student Information System Project Simple Student Information System -
4
CVSSv2
CVE-2022-29471
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated malicious user to obtain the data of Bulletin.
Cybozu Garoon
7.2
CVSSv2
CVE-2022-27050
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows malicious users to escalate privileges to the system level.
Bitcomet Bitcomet
7.2
CVSSv2
CVE-2022-27052
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
Freesshd Freeftpd
5
CVSSv2
CVE-2022-27055
ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the ve...
Ecjia Daojia 1.38.1-20210202629
NA
CVE-2022-2706
A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/class_sched.php. The manipulation of the argument class with the input '||(SELECT 0x684d6b6c WHERE 5993=599...
Online Class And Exam Scheduling System Project Online Class And Exam Scheduling System 1.0
6.5
CVSSv2
CVE-2022-27061
AeroCMS v0.0.1 exists to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
Aerocms Project Aerocms 0.0.1
3.5
CVSSv2
CVE-2022-27062
AeroCMS v0.0.1 exists to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
Aerocms Project Aerocms 0.0.1
6.5
CVSSv2
CVE-2022-27064
Musical World v1 exists to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
Musical World Project Musical World 1.0
10
CVSSv2
CVE-2022-27076
Tenda M3 1.10 V1.0.0.12(4856) exists to contain a command injection vulnerability via the component /goform/delAd.
Tenda M3 Firmware 1.0.0.12\\(4856\\)
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »