Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-29532 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29532)
cross-site scripting in misp-project (CVE-2022-29532). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29531 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29531)
cross-site scripting in misp-project (CVE-2022-29531). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29528 |
|
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
|
| CVE-2022-26593 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-26593)
cross-site scripting in liferay (CVE-2022-26593). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26901 |
|
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
|
| CVE-2022-26826 |
|
Command Injection in microsoft (CVE-2022-26826)
command injection in microsoft (CVE-2022-26826). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24473 |
|
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
|
| CVE-2022-26594 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-26594)
cross-site scripting in liferay (CVE-2022-26594). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-37291 |
|
SQL Injection in sqli (CVE-2021-37291)
SQL injection in sqli (CVE-2021-37291). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37293 |
|
Path Traversal in path-traversal (CVE-2021-37293)
path traversal in path-traversal (CVE-2021-37293). Confidential information can be exposed externally.
|
| CVE-2021-40219 |
|
Code Injection in bolt (CVE-2021-40219)
code injection in bolt (CVE-2021-40219). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43432 |
|
Cross-Site Scripting (XSS) in exrick (CVE-2021-43432)
cross-site scripting in exrick (CVE-2021-43432). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26607 |
|
Unrestricted File Upload in baigo (CVE-2022-26607)
vulnerability in baigo (CVE-2022-26607). Successful exploitation can lead to full system takeover.
|
| CVE-2021-42868 |
|
Cross-Site Scripting (XSS) in chikitsa (CVE-2021-42868)
cross-site scripting in chikitsa (CVE-2021-42868). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26645 |
|
Unrestricted File Upload in oretnom23 (CVE-2022-26645)
vulnerability in oretnom23 (CVE-2022-26645). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26644 |
|
Cross-Site Scripting (XSS) in oretnom23 (CVE-2022-26644)
cross-site scripting in oretnom23 (CVE-2022-26644). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26244 |
|
Cross-Site Scripting (XSS) in hospitals-patient-records-management-system-project (CVE-2022-26244)
cross-site scripting in hospitals-patient-records-management-system-project (CVE-2022-26244). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26263 |
|
Cross-Site Scripting (XSS) in yonyou (CVE-2022-26263)
cross-site scripting in yonyou (CVE-2022-26263). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-40904 |
|
Vulnerability in checkmk (CVE-2021-40904)
vulnerability in checkmk (CVE-2021-40904). Successful exploitation can lead to full system takeover.
|
| CVE-2021-40905 |
|
Unrestricted File Upload in checkmk (CVE-2021-40905)
vulnerability in checkmk (CVE-2021-40905). Successful exploitation can lead to full system takeover.
|
| CVE-2021-40906 |
|
Cross-Site Scripting (XSS) in checkmk (CVE-2021-40906)
cross-site scripting in checkmk (CVE-2021-40906). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26197 |
|
Cross-Site Scripting (XSS) in joget (CVE-2022-26197)
cross-site scripting in joget (CVE-2022-26197). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-25523 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-25523)
vulnerability in csrf (CVE-2022-25523). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25574 |
|
Cross-Site Scripting (XSS) in douco (CVE-2022-25574)
cross-site scripting in douco (CVE-2022-25574). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-1273 KEV |
|
[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
code injection in Vmware tanzu vmware-tanzu (CVE-2018-1273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42237 KEV |
|
[KEV] Unsafe Deserialization in Sitecore xp (CVE-2021-42237)
vulnerability in Sitecore xp (CVE-2021-42237). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24291 |
|
Vulnerability in dos (CVE-2022-24291)
vulnerability in dos (CVE-2022-24291). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-24292 |
|
Vulnerability in dos (CVE-2022-24292)
vulnerability in dos (CVE-2022-24292). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24293 |
|
Vulnerability in dos (CVE-2022-24293)
vulnerability in dos (CVE-2022-24293). Successful exploitation can lead to full system takeover.
|
| CVE-2021-45757 |
|
Vulnerability in dos (CVE-2021-45757)
vulnerability in dos (CVE-2021-45757). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-23352 |
|
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
|
| CVE-2022-23347 |
|
Path Traversal in path-traversal (CVE-2022-23347)
path traversal in path-traversal (CVE-2022-23347). Confidential information can be exposed externally.
|
| CVE-2022-23350 |
|
Cross-Site Scripting (XSS) in bigantsoft (CVE-2022-23350)
cross-site scripting in bigantsoft (CVE-2022-23350). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-23349 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-23349)
vulnerability in csrf (CVE-2022-23349). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27244 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-27244)
cross-site scripting in misp-project (CVE-2022-27244). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27245 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-27245)
SSRF in ssrf (CVE-2022-27245). Successful exploitation can lead to full system takeover.
|
| CVE-2021-44087 |
|
Vulnerability in attendance-and-payroll-system-project (CVE-2021-44087)
vulnerability in attendance-and-payroll-system-project (CVE-2021-44087). Successful exploitation can lead to full system takeover.
|
| CVE-2021-44088 |
|
SQL Injection in sqli (CVE-2021-44088)
SQL injection in sqli (CVE-2021-44088). Successful exploitation can lead to full system takeover.
|
| CVE-2022-0778 |
|
Vulnerability in dos (CVE-2022-0778)
vulnerability in dos (CVE-2022-0778). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-36368 |
|
Authentication Bypass in openbsd (CVE-2021-36368)
authentication bypass in openbsd (CVE-2021-36368). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-25090 |
|
Vulnerability in privilege-escalation (CVE-2022-25090)
vulnerability in privilege-escalation (CVE-2022-25090). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24644 |
|
Vulnerability in zzinc (CVE-2022-24644)
vulnerability in zzinc (CVE-2022-24644). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24509 |
|
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
|
| CVE-2022-24510 |
|
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
|
| CVE-2022-24512 |
|
Code Injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512)
code injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2022-24461 |
|
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
|
| CVE-2022-24501 |
|
VP9 Video Extensions Remote Code Execution Vulnerability
VP9 Video Extensions Remote Code Execution Vulnerability
|
| CVE-2022-24464 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2022-24451 |
|
VP9 Video Extensions Remote Code Execution Vulnerability
VP9 Video Extensions Remote Code Execution Vulnerability
|
| CVE-2022-24457 |
|
HEIF Image Extensions Remote Code Execution Vulnerability
HEIF Image Extensions Remote Code Execution Vulnerability
|