Search Results (363142 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-26306 3 Debian, Libreoffice, Redhat 3 Debian Linux, Libreoffice, Enterprise Linux 2024-11-21 7.5 High
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
CVE-2022-26305 2 Libreoffice, Redhat 2 Libreoffice, Enterprise Linux 2024-11-21 7.5 High
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
CVE-2022-26302 1 Fujielectric 1 V-sft 2024-11-21 7.8 High
Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-26301 1 Yejiao 1 Tuzicms 2024-11-21 9.8 Critical
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.
CVE-2022-26300 1 Eosio Project 1 Eos 2024-11-21 7.5 High
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.
CVE-2022-26296 1 Boom-core 1 Risvc-boom 2024-11-21 5.5 Medium
BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2022-26295 1 Online Project Time Management System Project 1 Online Project Time Management System 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.
CVE-2022-26293 1 Online Project Time Management System Project 1 Online Project Time Management System 2024-11-21 9.8 Critical
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
CVE-2022-26291 2 Debian, Long Range Zip Project 2 Debian Linux, Long Range Zip 2024-11-21 5.5 Medium
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.
CVE-2022-26290 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.
CVE-2022-26289 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.
CVE-2022-26285 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVE-2022-26284 1 Simple Client Management System Project 1 Simple Client Management System 2024-11-21 9.8 Critical
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVE-2022-26281 1 Bigantsoft 1 Bigant Server 2024-11-21 7.5 High
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVE-2022-26279 1 Eyoucms 1 Eyoucms 2024-11-21 9.8 Critical
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVE-2022-26278 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
CVE-2022-26276 1 Onenav 1 Onenav 2024-11-21 5.3 Medium
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
CVE-2022-26273 1 Eyoucms 1 Eyoucms 2024-11-21 9.8 Critical
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
CVE-2022-26272 1 Ionizecms 1 Ionize 2024-11-21 9.8 Critical
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.
CVE-2022-26271 1 74cms 1 74cms 2024-11-21 7.5 High
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.