Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26986 1 Impresscms 1 Impresscms 2024-11-21 7.2 High
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.
CVE-2022-26982 1 Simplemachines 1 Simple Machines Forum 2024-11-21 7.2 High
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.
CVE-2022-26981 3 Apple, Fedoraproject, Liblouis 7 Ipados, Iphone Os, Macos and 4 more 2024-11-21 7.8 High
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).
CVE-2022-26980 1 Teampass 1 Teampass 2024-11-21 6.1 Medium
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
CVE-2022-26979 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2024-11-21 7.5 High
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
CVE-2022-26978 1 Barco 1 Control Room Management Suite 2024-11-21 6.1 Medium
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
CVE-2022-26977 1 Barco 1 Control Room Management Suite 2024-11-21 6.1 Medium
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.
CVE-2022-26976 1 Barco 1 Control Room Management Suite 2024-11-21 5.4 Medium
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.
CVE-2022-26975 1 Barco 1 Control Room Management Suite 2024-11-21 7.5 High
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.
CVE-2022-26974 1 Barco 1 Control Room Management Suite 2024-11-21 6.1 Medium
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.
CVE-2022-26973 1 Barco 1 Control Room Management Suite 2024-11-21 5.3 Medium
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
CVE-2022-26972 1 Barco 1 Control Room Management Suite 2024-11-21 6.1 Medium
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.
CVE-2022-26971 1 Barco 1 Control Room Management Suite 2024-11-21 5.3 Medium
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.
CVE-2022-26967 1 Gpac 1 Gpac 2024-11-21 7.8 High
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.
CVE-2022-26966 3 Debian, Linux, Netapp 17 Debian Linux, Linux Kernel, Active Iq Unified Manager and 14 more 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVE-2022-26965 1 Pluck-cms 1 Pluck 2024-11-21 7.2 High
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
CVE-2022-26960 1 Std42 1 Elfinder 2024-11-21 9.1 Critical
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
CVE-2022-26959 1 Globalnorthstar 1 Northstar Club Management 2024-11-21 10 Critical
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.
CVE-2022-26953 1 Digi 2 Passport, Passport Firmware 2024-11-21 7.5 High
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.
CVE-2022-26952 1 Digi 2 Passport, Passport Firmware 2024-11-21 7.5 High
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.