Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2022-2807 SQL Injection in sqli (CVE-2022-2807)
SQL injection in sqli (CVE-2022-2807). Successful exploitation can lead to full system takeover.
CVE-2022-46152 OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The funct...
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The...
CVE-2022-45205 SQL Injection in sqli (CVE-2022-45205)
SQL injection in sqli (CVE-2022-45205). Risk of unauthorized operations or information disclosure.
CVE-2022-45206 SQL Injection in sqli (CVE-2022-45206)
SQL injection in sqli (CVE-2022-45206). Successful exploitation can lead to full system takeover.
CVE-2022-45207 SQL Injection in sqli (CVE-2022-45207)
SQL injection in sqli (CVE-2022-45207). Successful exploitation can lead to full system takeover.
CVE-2022-45208 SQL Injection in sqli (CVE-2022-45208)
SQL injection in sqli (CVE-2022-45208). Risk of unauthorized operations or information disclosure.
CVE-2022-45210 SQL Injection in sqli (CVE-2022-45210)
SQL injection in sqli (CVE-2022-45210). Risk of unauthorized operations or information disclosure.
CVE-2022-37721 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2022-37721)
cross-site scripting in privilege-escalation (CVE-2022-37721). Successful exploitation can lead to full system takeover.
CVE-2022-37720 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2022-37720)
cross-site scripting in privilege-escalation (CVE-2022-37720). Successful exploitation can lead to full system takeover.
CVE-2022-35501 Cross-Site Scripting (XSS) in amasty (CVE-2022-35501)
cross-site scripting in amasty (CVE-2022-35501). Risk of unauthorized operations or information disclosure.
CVE-2022-35500 Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.
Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.
CVE-2022-37773 SQL Injection in sqli (CVE-2022-37773)
SQL injection in sqli (CVE-2022-37773). Confidential information can be exposed externally.
CVE-2022-42989 Cross-Site Scripting (XSS) in sankhya (CVE-2022-42989)
cross-site scripting in sankhya (CVE-2022-42989). Successful exploitation can lead to full system takeover.
CVE-2022-40842 SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-40842)
SSRF in ssrf (CVE-2022-40842). Confidential information can be exposed externally.
CVE-2022-36180 Cross-Site Scripting (XSS) in fusiondirectory (CVE-2022-36180)
cross-site scripting in fusiondirectory (CVE-2022-36180). Successful exploitation can lead to full system takeover.
CVE-2022-20922 Vulnerability in c (CVE-2022-20922)
vulnerability in c (CVE-2022-20922). Risk of unauthorized operations or information disclosure.
CVE-2022-42125 Path Traversal in path-traversal (CVE-2022-42125)
path traversal in path-traversal (CVE-2022-42125). Data can be tampered with by attackers.
CVE-2022-42123 Path Traversal in path-traversal (CVE-2022-42123)
path traversal in path-traversal (CVE-2022-42123). Data can be tampered with by attackers.
CVE-2022-42120 SQL Injection in c (CVE-2022-42120)
SQL injection in c (CVE-2022-42120). Successful exploitation can lead to full system takeover. Exploitable via ``namespace``.
CVE-2022-42121 SQL Injection in sqli (CVE-2022-42121)
SQL injection in sqli (CVE-2022-42121). Successful exploitation can lead to full system takeover.
CVE-2022-42122 SQL Injection in sqli (CVE-2022-42122)
SQL injection in sqli (CVE-2022-42122). Successful exploitation can lead to full system takeover. Exploitable via ``title``.
CVE-2022-42118 Cross-Site Scripting (XSS) in liferay (CVE-2022-42118)
cross-site scripting in liferay (CVE-2022-42118). Risk of unauthorized operations or information disclosure. Exploitable via ``tag``.
CVE-2022-42119 Cross-Site Scripting (XSS) in liferay (CVE-2022-42119)
cross-site scripting in liferay (CVE-2022-42119). Risk of unauthorized operations or information disclosure.
CVE-2022-44087 Code Injection in ecisp (CVE-2022-44087)
code injection in ecisp (CVE-2022-44087). Successful exploitation can lead to full system takeover.
CVE-2022-44088 Code Injection in ecisp (CVE-2022-44088)
code injection in ecisp (CVE-2022-44088). Successful exploitation can lead to full system takeover.
CVE-2022-44089 Code Injection in ecisp (CVE-2022-44089)
code injection in ecisp (CVE-2022-44089). Successful exploitation can lead to full system takeover.
CVE-2022-41106 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41107 Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-41063 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-43321 Cross-Site Scripting (XSS) in shopwind (CVE-2022-43321)
cross-site scripting in shopwind (CVE-2022-43321). Risk of unauthorized operations or information disclosure.
CVE-2022-20969 Cross-Site Scripting (XSS) in cisco (CVE-2022-20969)
cross-site scripting in cisco (CVE-2022-20969). Risk of unauthorized operations or information disclosure.
CVE-2022-40840 Cross-Site Scripting (XSS) in ndk-design (CVE-2022-40840)
cross-site scripting in ndk-design (CVE-2022-40840). Risk of unauthorized operations or information disclosure.
CVE-2022-40839 SQL Injection in sqli (CVE-2022-40839)
SQL injection in sqli (CVE-2022-40839). Confidential information can be exposed externally.
CVE-2022-40487 Cross-Site Scripting (XSS) in processwire (CVE-2022-40487)
cross-site scripting in processwire (CVE-2022-40487). Risk of unauthorized operations or information disclosure.
CVE-2022-40488 ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVE-2022-43340 Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-43340)
vulnerability in csrf (CVE-2022-43340). Successful exploitation can lead to full system takeover.
CVE-2022-42991 Cross-Site Scripting (XSS) in simple-online-public-access-catalog-project (CVE-2022-42991)
cross-site scripting in simple-online-public-access-catalog-project (CVE-2022-42991). Risk of unauthorized operations or information disclosure.
CVE-2022-42993 Cross-Site Scripting (XSS) in password-storage-application-project (CVE-2022-42993)
cross-site scripting in password-storage-application-project (CVE-2022-42993). Risk of unauthorized operations or information disclosure.
CVE-2022-42992 Cross-Site Scripting (XSS) in train-scheduler-app-project (CVE-2022-42992)
cross-site scripting in train-scheduler-app-project (CVE-2022-42992). Risk of unauthorized operations or information disclosure.
CVE-2021-45476 Cross-Site Scripting (XSS) in yordam (CVE-2021-45476)
cross-site scripting in yordam (CVE-2021-45476). Risk of unauthorized operations or information disclosure.
CVE-2022-38580 Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2021-33231 Cross-Site Scripting (XSS) in easyvista (CVE-2021-33231)
cross-site scripting in easyvista (CVE-2021-33231). Risk of unauthorized operations or information disclosure.
CVE-2022-41415 Out-of-Bounds Write in dos (CVE-2022-41415)
out-of-bounds write in dos (CVE-2022-41415). Successful exploitation can lead to full system takeover.
CVE-2022-38901 Cross-Site Scripting (XSS) in liferay (CVE-2022-38901)
cross-site scripting in liferay (CVE-2022-38901). Risk of unauthorized operations or information disclosure.
CVE-2022-42112 Cross-Site Scripting (XSS) in liferay (CVE-2022-42112)
cross-site scripting in liferay (CVE-2022-42112). Risk of unauthorized operations or information disclosure.
CVE-2022-42113 Cross-Site Scripting (XSS) in liferay (CVE-2022-42113)
cross-site scripting in liferay (CVE-2022-42113). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect``.
CVE-2022-42114 Cross-Site Scripting (XSS) in liferay (CVE-2022-42114)
cross-site scripting in liferay (CVE-2022-42114). Risk of unauthorized operations or information disclosure.
CVE-2022-42115 Cross-Site Scripting (XSS) in liferay (CVE-2022-42115)
cross-site scripting in liferay (CVE-2022-42115). Risk of unauthorized operations or information disclosure. Exploitable via ``Label``.
CVE-2022-42116 Cross-Site Scripting (XSS) in liferay (CVE-2022-42116)
cross-site scripting in liferay (CVE-2022-42116). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →