Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-3723 KEV |
|
[KEV] Vulnerability in Google chromium-v8 (CVE-2022-3723)
vulnerability in Google chromium-v8 (CVE-2022-3723). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-43340 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-43340)
vulnerability in csrf (CVE-2022-43340). Successful exploitation can lead to full system takeover.
|
| CVE-2022-42991 |
|
Cross-Site Scripting (XSS) in simple-online-public-access-catalog-project (CVE-2022-42991)
cross-site scripting in simple-online-public-access-catalog-project (CVE-2022-42991). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42993 |
|
Cross-Site Scripting (XSS) in password-storage-application-project (CVE-2022-42993)
cross-site scripting in password-storage-application-project (CVE-2022-42993). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42992 |
|
Cross-Site Scripting (XSS) in train-scheduler-app-project (CVE-2022-42992)
cross-site scripting in train-scheduler-app-project (CVE-2022-42992). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-45476 |
|
Cross-Site Scripting (XSS) in yordam (CVE-2021-45476)
cross-site scripting in yordam (CVE-2021-45476). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-45475 |
|
Information Disclosure in yordam (CVE-2021-45475)
vulnerability in yordam (CVE-2021-45475). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-38580 |
|
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
|
| CVE-2022-42827 KEV |
|
[KEV] Vulnerability in Apple ios-and-ipados (CVE-2022-42827)
vulnerability in Apple ios-and-ipados (CVE-2022-42827). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-19322 KEV |
|
[KEV] Vulnerability in Gigabyte multiple-products (CVE-2018-19322)
vulnerability in Gigabyte multiple-products (CVE-2018-19322). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-3433 KEV |
|
[KEV] Vulnerability in Cisco anyconnect-secure (CVE-2020-3433)
vulnerability in Cisco anyconnect-secure (CVE-2020-3433). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-3153 KEV |
|
[KEV] Vulnerability in Cisco anyconnect-secure (CVE-2020-3153)
vulnerability in Cisco anyconnect-secure (CVE-2020-3153). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-31366 |
|
Unrestricted File Upload in eve-ng (CVE-2022-31366)
vulnerability in eve-ng (CVE-2022-31366). Successful exploitation can lead to full system takeover.
|
| CVE-2021-33231 |
|
Cross-Site Scripting (XSS) in easyvista (CVE-2021-33231)
cross-site scripting in easyvista (CVE-2021-33231). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-3493 KEV |
|
[KEV] Vulnerability in Linux kernel (CVE-2021-3493)
vulnerability in Linux kernel (CVE-2021-3493). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41352 KEV |
|
[KEV] Path Traversal in Synacor zimbra-collaboration-suite-zcs (CVE-2022-41352)
path traversal in Synacor zimbra-collaboration-suite-zcs (CVE-2022-41352). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41415 |
|
Out-of-Bounds Write in dos (CVE-2022-41415)
out-of-bounds write in dos (CVE-2022-41415). Successful exploitation can lead to full system takeover.
|
| CVE-2022-38901 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-38901)
cross-site scripting in liferay (CVE-2022-38901). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42112 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-42112)
cross-site scripting in liferay (CVE-2022-42112). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42113 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-42113)
cross-site scripting in liferay (CVE-2022-42113). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect``.
|
| CVE-2022-42114 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-42114)
cross-site scripting in liferay (CVE-2022-42114). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42115 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-42115)
cross-site scripting in liferay (CVE-2022-42115). Risk of unauthorized operations or information disclosure. Exploitable via ``Label``.
|
| CVE-2022-42116 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-42116)
cross-site scripting in liferay (CVE-2022-42116). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42117 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-42117)
cross-site scripting in liferay (CVE-2022-42117). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-21626 |
|
Vulnerability in c (CVE-2022-21626)
vulnerability in c (CVE-2022-21626). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-21624 |
|
Unsafe Deserialization in c (CVE-2022-21624)
vulnerability in c (CVE-2022-21624). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-3305 |
|
Vulnerability in feishu (CVE-2021-3305)
vulnerability in feishu (CVE-2021-3305). Successful exploitation can lead to full system takeover.
|
| CVE-2022-38902 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-38902)
cross-site scripting in liferay (CVE-2022-38902). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40440 |
|
Cross-Site Scripting (XSS) in jgraph (CVE-2022-40440)
cross-site scripting in jgraph (CVE-2022-40440). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40047 |
|
Cross-Site Scripting (XSS) in flatpress (CVE-2022-40047)
cross-site scripting in flatpress (CVE-2022-40047). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40227 |
|
Vulnerability in dos (CVE-2022-40227)
vulnerability in dos (CVE-2022-40227). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40684 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2022-40684)
vulnerability in Fortinet multiple-products (CVE-2022-40684). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41033 KEV |
|
[KEV] Vulnerability in Microsoft windows-com-event-system-service (CVE-2022-41033)
vulnerability in Microsoft windows-com-event-system-service (CVE-2022-41033). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-20920 |
|
Vulnerability in cisco (CVE-2022-20920)
vulnerability in cisco (CVE-2022-20920). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42724 |
|
Information Disclosure in misp-project (CVE-2022-42724)
vulnerability in misp-project (CVE-2022-42724). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-36635 |
|
SQL Injection in sqli (CVE-2022-36635)
SQL injection in sqli (CVE-2022-36635). Successful exploitation can lead to full system takeover.
|
| CVE-2022-36634 |
|
Authorization Flaw in zkteco (CVE-2022-36634)
vulnerability in zkteco (CVE-2022-36634). Successful exploitation can lead to full system takeover.
|
| CVE-2022-40123 |
|
Path Traversal in path-traversal (CVE-2022-40123)
path traversal in path-traversal (CVE-2022-40123). Confidential information can be exposed externally.
|
| CVE-2022-36551 |
|
SSRF (Server-Side Request Forgery) in label-studio (CVE-2022-36551)
SSRF in label-studio (CVE-2022-36551). Confidential information can be exposed externally. Mitigation: upgrade to `1.5.0.post0` or later.
|
| CVE-2022-40341 |
|
Unrestricted File Upload in mojoportal (CVE-2022-40341)
vulnerability in mojoportal (CVE-2022-40341). Successful exploitation can lead to full system takeover.
|
| CVE-2022-35156 |
|
SQL Injection in sqli (CVE-2022-35156)
SQL injection in sqli (CVE-2022-35156). Successful exploitation can lead to full system takeover.
|
| CVE-2022-35155 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-35155)
cross-site scripting in phpgurukul (CVE-2022-35155). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-36804 KEV |
|
[KEV] OS Command Injection in Atlassian bitbucket-server-and-data-center (CVE-2022-36804)
OS command injection in Atlassian bitbucket-server-and-data-center (CVE-2022-36804). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41082 KEV |
|
[KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2022-41082)
vulnerability in Microsoft exchange-server (CVE-2022-41082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41040 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Microsoft exchange-server (CVE-2022-41040)
SSRF in Microsoft exchange-server (CVE-2022-41040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-40048 |
|
Unrestricted File Upload in flatpress (CVE-2022-40048)
vulnerability in flatpress (CVE-2022-40048). Successful exploitation can lead to full system takeover.
|
| CVE-2022-38553 |
|
Cross-Site Scripting (XSS) in creativeitem (CVE-2022-38553)
cross-site scripting in creativeitem (CVE-2022-38553). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-2347 |
|
Vulnerability in denx (CVE-2022-2347)
vulnerability in denx (CVE-2022-2347). Successful exploitation can lead to full system takeover. Exploitable via ``wLength``.
|
| CVE-2022-30426 |
|
Out-of-Bounds Write in acer (CVE-2022-30426)
out-of-bounds write in acer (CVE-2022-30426). Successful exploitation can lead to full system takeover.
|
| CVE-2022-3236 KEV |
|
[KEV] Code Injection in Sophos firewall (CVE-2022-3236)
code injection in Sophos firewall (CVE-2022-3236). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|