Total
291501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56431 | 1 Xiph | 1 Theora | 2025-04-25 | 9.8 Critical |
| oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash. | ||||
| CVE-2022-45909 | 1 Drachtio | 1 Drachtio-server | 2025-04-25 | 9.1 Critical |
| drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request. | ||||
| CVE-2022-45908 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-25 | 9.8 Critical |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | ||||
| CVE-2022-45907 | 1 Linuxfoundation | 1 Pytorch | 2025-04-25 | 9.8 Critical |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | ||||
| CVE-2022-45887 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, H300s, H300s Firmware and 11 more | 2025-04-25 | 4.7 Medium |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | ||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2025-04-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | 8.8 High |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | ||||
| CVE-2022-45276 | 1 Eyunjing | 1 Yjcms | 2025-04-25 | 9.8 Critical |
| An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | ||||
| CVE-2022-45221 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-25 | 4.8 Medium |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. | ||||
| CVE-2022-45214 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. | ||||
| CVE-2022-45151 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | 5.4 Medium |
| The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | ||||
| CVE-2022-45150 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | 6.1 Medium |
| A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. | ||||
| CVE-2022-45149 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-25 | 5.4 Medium |
| A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | ||||
| CVE-2022-44789 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2025-04-25 | 8.8 High |
| A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. | ||||
| CVE-2022-44400 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2025-04-25 | 9.8 Critical |
| Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. | ||||
| CVE-2022-44399 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2025-04-25 | 9.8 Critical |
| Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php. | ||||
| CVE-2022-44284 | 1 Dinstar | 2 Dag2000-16o, Dag2000-16o Firmware | 2025-04-25 | 5.4 Medium |
| Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-44283 | 1 Avs4you | 1 Avs Audio Converter | 2025-04-25 | 9.8 Critical |
| AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. | ||||
| CVE-2022-44280 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-25 | 6.5 Medium |
| Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. | ||||
| CVE-2022-44278 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. | ||||