CVE-2022-3774

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-99
View all →

Vulnerability Description

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.

Related Vulnerabilities

CVE-2024-57971

CRITICAL
CVSS:9.1(Critical)

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.

CWE-992024

CVE-2025-0756

CRITICAL
CVSS:9.1(Critical)

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the in...

CWE-992025

CVE-2025-2410

HIGH
CVSS:9.1(Critical)

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterpr...

CWE-992025

CVE-2021-22879

HIGH
CVSS:8.8(High)

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for...

CWE-992021

CVE-2023-2980

HIGH
CVSS:8.8(High)

A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper contr...

CWE-992023

CVE-2023-3517

HIGH
CVSS:8.8(High)

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system...

CWE-992023