Search Results (363508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28053 1 Typemill 1 Typemill 2024-11-21 8.8 High
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28052 1 Roothub 1 Roothub 2024-11-21 8.0 High
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution.
CVE-2022-28051 1 Seeddms 1 Seeddms 2024-11-21 5.4 Medium
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
CVE-2022-28049 1 F5 1 Njs 2024-11-21 5.5 Medium
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
CVE-2022-28048 2 Fedoraproject, Stb Project 2 Fedora, Stb 2024-11-21 8.8 High
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
CVE-2022-28044 2 Debian, Irzip Project 2 Debian Linux, Irzip 2024-11-21 9.8 Critical
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
CVE-2022-28042 3 Debian, Fedoraproject, Nothings 3 Debian Linux, Fedora, Stb Image.h 2024-11-21 8.8 High
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
CVE-2022-28041 3 Debian, Fedoraproject, Nothings 3 Debian Linux, Fedora, Stb Image.h 2024-11-21 6.5 Medium
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2022-28036 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php
CVE-2022-28035 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php
CVE-2022-28034 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php
CVE-2022-28033 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php
CVE-2022-28032 1 Thedigitalcraft 1 Atomcms 2024-11-21 9.8 Critical
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php
CVE-2022-28030 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2024-11-21 9.8 Critical
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate.
CVE-2022-28029 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2024-11-21 9.8 Critical
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type.
CVE-2022-28028 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2024-11-21 9.8 Critical
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity.
CVE-2022-28023 1 Purchase Order Management System Project 1 Purchase Order Management System 2024-11-21 9.8 Critical
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
CVE-2022-28022 1 Purchase Order Management System Project 1 Purchase Order Management System 2024-11-21 9.8 Critical
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
CVE-2022-28021 1 Purchase Order Management System Project 1 Purchase Order Management System 2024-11-21 9.8 Critical
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user.
CVE-2022-28020 1 Attendance And Payroll System Project 1 Attendance And Payroll System 2024-11-21 8.8 High
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_edit.php.