Search Results (363502 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2036 1 Rosariosis 1 Rosariosis 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
CVE-2022-2035 1 Ltgplc 1 Rustici Software Scorm Engine 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.
CVE-2022-2034 1 Automattic 1 Sensei Lms 2024-11-21 5.3 Medium
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
CVE-2022-2032 1 Pandorafms 1 Pandora Fms 2024-11-21 3.5 Low
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVE-2022-2031 1 Samba 1 Samba 2024-11-21 8.8 High
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
CVE-2022-2030 1 Zyxel 50 Atp100, Atp100 Firmware, Atp100w and 47 more 2024-11-21 6.5 Medium
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
CVE-2022-2029 1 Kromit 1 Titra 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.
CVE-2022-2028 1 Kromit 1 Titra 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.
CVE-2022-2027 1 Kromit 1 Titra 2024-11-21 8.0 High
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.
CVE-2022-2026 1 Kromit 1 Titra 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.
CVE-2022-2023 1 Trudesk Project 1 Trudesk 2024-11-21 9.8 Critical
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-2016 1 Facturascripts 1 Facturascripts 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.
CVE-2022-2015 1 Diagrams 1 Drawio 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.
CVE-2022-2014 1 Diagrams 1 Drawio 2024-11-21 5.4 Medium
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.
CVE-2022-2013 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Deploy 2024-11-21 7.5 High
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
CVE-2022-2011 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2010 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 9.3 Critical
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-2008 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2007 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-29995 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 9.8 Critical
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.