CVE Daily
← All years

All CVEs — 2022

Page 3/183.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2022-12-27
Medium

CVE-2022-45424

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interf…

CVSS: 5.3 CWE: CWE-306
Read more
High

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnera…

CVSS: 7.5 CWE: CWE-306
Read more
High

CVE-2022-4767

Denial of Service in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2022-4734

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

CVSS: 8.1 CWE: CWE-212
Read more
Medium

CVE-2022-4733

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

CVSS: 4.8 CWE: CWE-79
Read more
High

CVE-2022-4732

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

CVSS: 7.2 CWE: CWE-434
Read more
Low

CVE-2022-4730

A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site sc…

CVSS: 3.5 CWE: CWE-707
Read more
Low

CVE-2022-4729

A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site script…

CVSS: 3.5 CWE: CWE-707
Read more
Low

CVE-2022-4728

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting.…

CVSS: 3.5 CWE: CWE-707
Read more
Low

CVE-2022-4727

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. This affects the function getNotes of the file api/src/main/java/org/openmrs/mod…

CVSS: 3.5 CWE: CWE-707
Read more
Medium

CVE-2022-4726

A vulnerability classified as critical was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The man…

CVSS: 6.3 CWE: CWE-707
Read more
Medium

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.jav…

CVSS: 5.5 CWE: CWE-918
Read more
Critical

CVE-2022-4724

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CVSS: 9.8 CWE: CWE-284
Read more
Medium

CVE-2022-4723

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CVSS: 6.5 CWE: CWE-770
Read more
High

CVE-2022-4722

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CVSS: 7.2 CWE: CWE-305
Read more
Medium

CVE-2022-4721

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CVSS: 5.4 CWE: CWE-75
Read more
Medium

CVE-2022-4720

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CVSS: 6.1 CWE: CWE-601
Read more
Medium

CVE-2022-4695

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2022-4694

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2022-4691

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2020-36626

A vulnerability classified as critical has been found in Modern Tribe Panel Builder Plugin. Affected is the function add_post_content_filtered_to_search_sql of the file ModularContent/SearchFilter.ph…

CVSS: 5.5 CWE: CWE-707
Read more
Medium

CVE-2022-4766

A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads…

CVSS: 4.3 CWE: CWE-352
Read more
Low

CVE-2021-4289

A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2021-4288

A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pa…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2020-36634

A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2020-36633

A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-si…

CVSS: 4.3 CWE: CWE-352
Read more
Low

CVE-2019-25090

A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2019-25089

A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads…

CVSS: 3.1 CWE: CWE-330
Read more
Medium

CVE-2021-4287

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archi…

CVSS: 5.0 CWE: CWE-61
Read more
Low

CVE-2021-4286

A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to in…

CVSS: 2.6 CWE: CWE-203
Read more
Low

CVE-2021-4285

A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2022-4755

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Medi…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2021-4284

A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scrip…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2021-4283

A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handle…

CVSS: 2.4 CWE: CWE-79
Read more
Low

CVE-2021-4282

A vulnerability was found in FreePBX voicemail. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file page.voicemail.php. The manipulation leads…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2019-25088

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the arg…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2022-4748

A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the compo…

CVSS: 5.5 CWE: CWE-22
Read more
Medium

CVE-2019-25087

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler…

CVSS: 5.3 CWE: CWE-24
Read more
Low

CVE-2019-25086

A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.ph…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2018-25049

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regula…

CVSS: 3.0 CWE: CWE-1333
Read more
Low

CVE-2015-10005

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient reg…

CVSS: 3.5 CWE: CWE-1333
Read more
Critical

CVE-2022-46764

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.

CVSS: 9.8 CWE: CWE-89
Read more
High

CVE-2022-46763

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in…

CVSS: 8.8 CWE: CWE-89
Read more
2022-12-26
Medium

CVE-2022-36664

Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2020-28191

The console in Togglz before 2.9.4 allows CSRF.

CVSS: 8.8 CWE: CWE-352
Read more
Critical

CVE-2020-24600

Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request.

CVSS: 9.8 CWE: CWE-89
Read more
Medium

CVE-2019-19030

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

CVSS: 5.3 CWE: CWE-204
Read more
Critical

CVE-2019-11851

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer over…

CVSS: 9.8 CWE: CWE-120
Read more
High

CVE-2019-19705

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo p…

CVSS: 7.8 CWE: CWE-428
Read more
Medium

CVE-2019-18177

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and…

CVSS: 6.5 CWE: CWE-200
Read more
Medium

CVE-2019-14802

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/al…

CVSS: 5.3 CWE: CWE-200
Read more
Medium

CVE-2021-4281

A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation le…

CVSS: 4.6 CWE: CWE-78
Read more
Critical

CVE-2020-11101

Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges.

CVSS: 9.8 CWE: CWE-287
Read more
High

CVE-2020-10650

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta…

CVSS: 8.1 CWE: CWE-502
Read more
High

CVE-2019-9579

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can chan…

CVSS: 8.1 CWE: CWE-276
Read more
Medium

CVE-2019-9011

In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames.

CVSS: 5.3 CWE: CWE-668
Read more
High

CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can…

CVSS: 7.8 CWE: CWE-916
Read more
High

CVE-2020-12067

In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password.

CVSS: 7.5 CWE: CWE-640
Read more
Medium

CVE-2022-4242

The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2022-4161

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in co…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2022-4151

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2022-4742

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly co…

CVSS: 6.3 CWE: CWE-1321
Read more
High

CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

CVSS: 7.5 CWE: CWE-1333
Read more
Medium

CVE-2021-30134

php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2019-25085

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after…

CVSS: 6.3 CWE: CWE-416
Read more
Medium

CVE-2022-41767

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), t…

CVSS: 5.3 CWE: CWE-200
Read more
Medium

CVE-2022-41765

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.

CVSS: 5.3 CWE: CWE-203
Read more
High

CVE-2022-30260

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-…

CVSS: 7.8 CWE: CWE-345
Read more
Critical

CVE-2022-26969

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.

CVSS: 9.8 CWE: CWE-942
Read more
High

CVE-2022-26964

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded.

CVSS: 7.4 CWE: CWE-307
Read more
Medium

CVE-2021-44856

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling…

CVSS: 5.3 CWE: CWE-754
Read more
Medium

CVE-2021-43395

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can…

CVSS: 5.5 CWE: CWE-667
Read more
Medium

CVE-2021-39369

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

CVSS: 6.5 CWE: CWE-22
Read more
High

CVE-2021-38561

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input,…

CVSS: 7.5 CWE: CWE-125
Read more
Medium

CVE-2022-24120

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

CVSS: 4.6 CWE: CWE-312
Read more
Critical

CVE-2022-24119

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.

CVSS: 9.8 CWE: CWE-829
Read more
Critical

CVE-2022-24118

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.…

CVSS: 9.1 CWE: CWE-400
Read more
Critical

CVE-2022-24117

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before…

CVSS: 9.8 CWE: CWE-494
Read more
Critical

CVE-2022-24116

Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.

CVSS: 9.8 CWE: CWE-326
Read more
Critical

CVE-2021-45467

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /u…

CVSS: 9.8 CWE: CWE-862
Read more
Critical

CVE-2021-45466

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.

CVSS: 9.8 CWE: CWE-863
Read more
Medium

CVE-2021-44855

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

CVSS: 5.3 CWE: CWE-524
Read more
High

CVE-2021-44758

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.

CVSS: 7.5 CWE: CWE-476
Read more
Medium

CVE-2022-37310

OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2022-37309

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2022-29853

OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2022-29852

OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2022-37308

OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2022-37313

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

CVSS: 5.3 CWE: CWE-918
Read more
Medium

CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.

CVSS: 5.3 CWE: CWE-1284
Read more
Medium

CVE-2022-37311

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.

CVSS: 5.3 CWE: CWE-1284
Read more
Medium

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.

CVSS: 6.1 CWE: CWE-79
Read more
2022-12-25
Medium

CVE-2022-4741

A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to unc…

CVSS: 4.3 CWE: CWE-789
Read more
Low

CVE-2022-4740

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads t…

CVSS: 3.5 CWE: CWE-79
Read more
High

CVE-2022-4739

A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The…

CVSS: 7.3 CWE: CWE-89
Read more
Medium

CVE-2022-4738

A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Affected is an unknown function of the file index.php?page=users of the component User Reg…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2022-4737

A vulnerability was found in SourceCodester Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the…

CVSS: 7.3 CWE: CWE-89
Read more
Low

CVE-2022-4736

A vulnerability was found in Venganzas del Pasado and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument the_title leads to cross site s…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2021-4280

A vulnerability was found in styler_praat_scripts. It has been classified as problematic. Affected is an unknown function of the file file_segmenter.praat of the component Slash Handler. The manipula…

CVSS: 4.3 CWE: CWE-404
Read more
Medium

CVE-2021-4279

A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modif…

CVSS: 6.3 CWE: CWE-1321
Read more
Medium

CVE-2020-36632

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modi…

CVSS: 6.3 CWE: CWE-1321
Read more
Medium

CVE-2020-36631

A vulnerability was found in barronwaffles dwc_network_server_emulator. It has been declared as critical. This vulnerability affects the function update_profile of the file gamespy/gs_database.py. Th…

CVSS: 6.3 CWE: CWE-89
Read more
Medium

CVE-2020-36630

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset l…

CVSS: 5.5 CWE: CWE-89
Read more
High

CVE-2022-41318

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended m…

CVSS: 8.6 CWE: CWE-190
Read more
Medium

CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy vi…

CVSS: 6.5 CWE: CWE-697
Read more
High

CVE-2022-40005

Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.

CVSS: 8.8 CWE: CWE-78
Read more
High

CVE-2022-37706

enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substr…

CVSS: 7.8 CWE: CWE-269
Read more
Low

CVE-2019-25084

A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipula…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2022-4735

A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipul…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2021-4278

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototyp…

CVSS: 5.5 CWE: CWE-1321
Read more
Low

CVE-2022-4731

A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting…

CVSS: 2.4 CWE: CWE-79
Read more
Low

CVE-2021-4277

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The…

CVSS: 2.6 CWE: CWE-341
Read more
Medium

CVE-2021-4276

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of…

CVSS: 4.1 CWE: CWE-89
Read more
Medium

CVE-2020-36629

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. T…

CVSS: 5.5 CWE: CWE-22
Read more
Medium

CVE-2020-36628

A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the…

CVSS: 5.5 CWE: CWE-22
Read more
Medium

CVE-2020-36627

A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect…

CVSS: 5.5 CWE: CWE-601
Read more
High

CVE-2022-42898

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server)…

CVSS: 8.8 CWE: CWE-190
Read more
Critical

CVE-2022-45896

Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads…

CVSS: 9.8 CWE: CWE-434
Read more