Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2022-08-18 CVE-2022-36728 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.
network
low complexity
library-management-system-project CWE-89
7.5
2022-08-18 CVE-2021-30071 Cross-site Scripting vulnerability in Hestiacp
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
hestiacp CWE-79
4.3
2022-08-01 CVE-2022-27255 Improper Input Validation vulnerability in Realtek Ecos Msdk Firmware and Ecos Rsdk Firmware
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow.
network
low complexity
realtek CWE-20
7.5
2022-07-27 CVE-2022-36880 Cross-site Scripting vulnerability in Webmin Usermin
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
network
webmin CWE-79
4.3
2022-07-17 CVE-2022-31208 Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
An issue was discovered in Infiray IRAY-A8Z3 1.0.957.
network
low complexity
infiray
critical
9.0
2022-07-17 CVE-2022-31209 Classic Buffer Overflow vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
An issue was discovered in Infiray IRAY-A8Z3 1.0.957.
network
low complexity
infiray CWE-120
critical
10.0
2022-07-17 CVE-2022-31210 Use of Hard-coded Credentials vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
An issue was discovered in Infiray IRAY-A8Z3 1.0.957.
network
low complexity
infiray CWE-798
7.5
2022-07-17 CVE-2022-31211 Weak Password Requirements vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
An issue was discovered in Infiray IRAY-A8Z3 1.0.957.
network
low complexity
infiray CWE-521
critical
10.0
2022-07-17 CVE-2022-26352 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.
network
dotcms CWE-434
6.8
2022-07-17 CVE-2022-29286 Allocation of Resources Without Limits or Throttling vulnerability in Pexip Infinity
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
network
low complexity
pexip CWE-770
5.0