Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27162 1 Cszcms 1 Csz Cms 2024-11-21 9.8 Critical
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVE-2022-27161 1 Cszcms 1 Csz Cms 2024-11-21 9.8 Critical
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
CVE-2022-27158 1 Php 1 Pearweb 2024-11-21 9.8 Critical
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
CVE-2022-27157 1 Php 1 Pearweb 2024-11-21 9.8 Critical
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.
CVE-2022-27156 1 Thedaylightstudio 1 Fuel Cms 2024-11-21 5.4 Medium
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
CVE-2022-27152 1 Roku 11 Express, Express 4k\+, Roku Os and 8 more 2024-11-21 5.7 Medium
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.
CVE-2022-27148 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.
CVE-2022-27147 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.
CVE-2022-27146 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.
CVE-2022-27145 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.
CVE-2022-27140 1 Express-fileupload Project 1 Express-fileupload 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload middleware is not responsible for an application's business logic (e.g., determining whether or how a file should be renamed).
CVE-2022-27139 1 Ghost 1 Ghost 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality
CVE-2022-27135 1 Xpdfreader 1 Xpdf 2024-11-21 5.5 Medium
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
CVE-2022-27134 1 B1 1 Eosio Batdappboomx 2024-11-21 7.5 High
EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter.
CVE-2022-27133 1 Zbzcms 1 Zbzcms 2024-11-21 9.1 Critical
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.
CVE-2022-27131 1 Zbzcms 1 Zbzcms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27129 1 Zbzcms 1 Zbzcms 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27128 1 Zbzcms 1 Zbzcms 2024-11-21 9.8 Critical
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.
CVE-2022-27127 1 Zbzcms 1 Zbzcms 2024-11-21 6.5 Medium
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.
CVE-2022-27126 1 Zbzcms 1 Zbzcms 2024-11-21 9.8 Critical
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.