Search Results (362534 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42247 1 Pfsense 1 Pfsense 2024-11-21 6.1 Medium
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
CVE-2022-42243 1 Oretnom23 1 Simple Cold Storage Management System 2024-11-21 7.2 High
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=.
CVE-2022-42242 1 Oretnom23 1 Simple Cold Storage Management System 2024-11-21 7.2 High
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking.
CVE-2022-42241 1 Oretnom23 1 Simple Cold Storage Management System 2024-11-21 7.2 High
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.
CVE-2022-42232 1 Oretnom23 1 Simple Cold Storage Management System 2024-11-21 7.2 High
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage.
CVE-2022-42183 1 Precisely 1 Spectrum Spatial Analyst 2024-11-21 9.1 Critical
Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2022-42182 1 Precisely 1 Spectrum Spatial Analyst 2024-11-21 5.3 Medium
Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal.
CVE-2022-42150 1 Tinylab 2 Cloud Lab, Linux Lab 2024-11-21 10.0 Critical
TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
CVE-2022-42092 1 Backdropcms 1 Backdrop Cms 2024-11-21 7.2 High
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.
CVE-2022-42075 1 Wedding Planner Project 1 Wedding Planner 2024-11-21 9.8 Critical
Wedding Planner v1.0 is vulnerable to arbitrary code execution.
CVE-2022-42074 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 7.2 High
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.
CVE-2022-42073 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2024-11-21 7.2 High
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.
CVE-2022-42045 2 Watchdog, Zemana 2 Anti-virus, Antimalware 2024-11-21 6.7 Medium
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.
CVE-2022-42036 1 Democritus 1 D8s-urls 2024-11-21 9.8 Critical
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.
CVE-2022-42009 1 Apache 1 Ambari 2024-11-21 8 High
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
CVE-2022-42004 5 Debian, Fasterxml, Netapp and 2 more 20 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 17 more 2024-11-21 7.5 High
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CVE-2022-42003 5 Debian, Fasterxml, Netapp and 2 more 23 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 20 more 2024-11-21 7.5 High
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVE-2022-42002 1 Sonicjs 1 Sonicjs 2024-11-21 9.1 Critical
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-41984 1 Intel 4 Arc A750, Arc A750 Firmware, Arc A770 and 1 more 2024-11-21 4.4 Medium
Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-41980 1 Webartesanal 1 Mantenimiento Web 2024-11-21 4.8 Medium
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress.