Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-18 CVE-2022-36728 SQL Injection vulnerability in Library Management System Project Library Management System 1.0
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.
network
low complexity
library-management-system-project CWE-89
7.5
2022-08-01 CVE-2022-27255 Improper Input Validation vulnerability in Realtek Ecos Msdk Firmware and Ecos Rsdk Firmware
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow.
network
low complexity
realtek CWE-20
7.5
2022-07-17 CVE-2022-31210 Use of Hard-coded Credentials vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
An issue was discovered in Infiray IRAY-A8Z3 1.0.957.
network
low complexity
infiray CWE-798
7.5
2022-07-16 CVE-2017-20138 SQL Injection vulnerability in Itechscripts Auction Script 6.49
A vulnerability was found in Itech Auction Script 6.49.
network
low complexity
itechscripts CWE-89
7.5
2022-07-14 CVE-2022-32417 Code Injection vulnerability in Pbootcms 3.1.2
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
network
low complexity
pbootcms CWE-94
7.5
2022-07-13 CVE-2022-20220 Path Traversal vulnerability in Google Android 12.0/12.1
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error.
local
low complexity
google CWE-22
7.2
2022-07-13 CVE-2022-20223 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy.
local
low complexity
google CWE-610
7.2
2022-07-13 CVE-2022-20236 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709
network
low complexity
google CWE-119
7.8
2022-07-13 CVE-2022-28888 OS Command Injection vulnerability in Spryker Cloud Commerce
Spryker Commerce OS 1.4.2 allows Remote Command Execution.
network
low complexity
spryker CWE-78
7.5
2022-07-13 CVE-2022-32073 Integer Overflow or Wraparound vulnerability in Wolfssh 1.4.7
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.
network
low complexity
wolfssh CWE-190
7.5