Total
565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28956 | 2 Ibm, Microsoft | 2 Spectrum Protect Backup-archive Client, Windows | 2024-11-21 | N/A | 8.4 HIGH |
| IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | |||||
| CVE-2023-21269 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-1174 | 2 Apple, Kubernetes | 2 Macos, Minikube | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | |||||
| CVE-2022-4613 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275. | |||||
| CVE-2022-4441 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 7.6 HIGH |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | |||||
| CVE-2022-4281 | 1 Facepay Project | 1 Facepay | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability. | |||||
| CVE-2022-4280 | 1 Dottech | 1 Smart Campus System | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4276 | 1 House Rental System Project | 1 House Rental System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. | |||||
| CVE-2022-4273 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability. | |||||
| CVE-2022-4272 | 1 Warehouse Management System Project | 1 Warehouse Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760. | |||||
| CVE-2022-4232 | 1 Rinvizle | 1 Event Registration System | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4041 | 1 Hitachi | 1 Storage Plug-in | 2024-11-21 | N/A | 5.9 MEDIUM |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | |||||
| CVE-2022-3944 | 1 Erp Project | 1 Erp | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451. | |||||
| CVE-2022-3876 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability. | |||||
| CVE-2022-3826 | 1 Huaxiaerp | 1 Huaxia Erp | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Huaxia ERP. It has been classified as problematic. This affects an unknown part of the file /depotHead/list of the component Retail Management. The manipulation of the argument search leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212793 was assigned to this vulnerability. | |||||
| CVE-2022-3771 | 1 Easyiicms | 1 Easyiicms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. | |||||
| CVE-2022-3770 | 1 Xjyunjing | 1 Yunjing Content Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. | |||||
| CVE-2022-3735 | 1 Ehoney Project | 1 Ehoney | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. | |||||
| CVE-2022-3549 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | |||||
| CVE-2022-3496 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability. | |||||