Security Vulnerabilities - CVEs Published In June 2022
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
CVSS Score
9.8
EPSS Score
0.527
Published
2022-06-21
The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-06-21
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-21
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-21
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-21
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-21
maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-21
maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-06-21
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-21
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-06-21