Total
3860 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3721 | 1 Froxlor | 1 Froxlor | 2024-08-03 | 4.6 Medium |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | ||||
| CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-08-03 | 7.2 High |
| A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-3394 | 1 Soflyy | 1 Wp All Export | 2024-08-03 | 7.2 High |
| The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. | ||||
| CVE-2022-3418 | 1 Soflyy | 1 Wp All Import | 2024-08-03 | 7.2 High |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | ||||
| CVE-2022-3245 | 1 Microweber | 1 Microweber | 2024-08-03 | 6.1 Medium |
| HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. | ||||
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2024-08-03 | 6.1 Medium |
| Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2024-08-03 | 9.8 Critical |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | ||||
| CVE-2022-2636 | 1 Hestiacp | 1 Control Panel | 2024-08-03 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | ||||
| CVE-2022-2054 | 1 Nuitka | 1 Nuitka | 2024-08-03 | 8.4 High |
| Code Injection in GitHub repository nuitka/nuitka prior to 0.9. | ||||
| CVE-2022-2073 | 1 Getgrav | 1 Grav | 2024-08-03 | 7.2 High |
| Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | ||||
| CVE-2022-2014 | 1 Diagrams | 1 Drawio | 2024-08-03 | 5.4 Medium |
| Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. | ||||
| CVE-2022-1609 | 1 Weblizar | 1 School Management | 2024-08-03 | 9.8 Critical |
| The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | ||||
| CVE-2022-1575 | 1 Diagrams | 1 Drawio | 2024-08-03 | 9.6 Critical |
| Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. | ||||
| CVE-2022-1159 | 1 Rockwellautomation | 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more | 2024-08-02 | 7.7 High |
| Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | ||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2024-08-02 | 6.7 Medium |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | ||||
| CVE-2022-0944 | 1 Sqlpad | 1 Sqlpad | 2024-08-02 | 7.2 High |
| Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. | ||||
| CVE-2022-0896 | 1 Microweber | 1 Microweber | 2024-08-02 | 8.8 High |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0885 | 1 Memberhero | 1 Member Hero | 2024-08-02 | 9.8 Critical |
| The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. | ||||
| CVE-2022-0819 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-02 | 8.8 High |
| Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | ||||
| CVE-2022-0811 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-08-02 | 8.8 High |
| A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. | ||||