Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-35293 |
|
Vulnerability in sap (CVE-2022-35293)
vulnerability in sap (CVE-2022-35293). Confidential information can be exposed externally.
|
| CVE-2021-33643 |
|
Out-of-Bounds Read in feep (CVE-2021-33643)
vulnerability in feep (CVE-2021-33643). Confidential information can be exposed externally.
|
| CVE-2022-36124 |
|
Vulnerability in apache-avro (CVE-2022-36124)
vulnerability in apache-avro (CVE-2022-36124). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.0` or later.
|
| CVE-2022-30333 KEV |
|
[KEV] Path Traversal in Rarlab unrar (CVE-2022-30333)
path traversal in Rarlab unrar (CVE-2022-30333). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-35493 |
|
Cross-Site Scripting (XSS) in wrteam (CVE-2022-35493)
cross-site scripting in wrteam (CVE-2022-35493). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-2356 |
|
Unrestricted File Upload in wordpress (CVE-2022-2356)
vulnerability in wordpress (CVE-2022-2356). Successful exploitation can lead to full system takeover.
|
| CVE-2022-28880 |
|
Vulnerability in f-secure (CVE-2022-28880)
vulnerability in f-secure (CVE-2022-28880). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-1754 |
|
Vulnerability in moodle (CVE-2020-1754)
vulnerability in moodle (CVE-2020-1754). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27924 KEV |
|
[KEV] Vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27924)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2022-27924). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-31321 |
|
Vulnerability in dos (CVE-2022-31321)
vulnerability in dos (CVE-2022-31321). Confidential information can be exposed externally.
|
| CVE-2022-35118 |
|
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
|
| CVE-2022-1277 |
|
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.
|
| CVE-2022-26138 KEV |
|
[KEV] Vulnerability in Atlassian confluence (CVE-2022-26138)
vulnerability in Atlassian confluence (CVE-2022-26138). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-41556 |
|
Out-of-Bounds Read in cpp (CVE-2021-41556)
vulnerability in cpp (CVE-2021-41556). Successful exploitation can lead to full system takeover.
|
| CVE-2022-2160 |
|
Vulnerability in google (CVE-2022-2160)
vulnerability in google (CVE-2022-2160). Confidential information can be exposed externally.
|
| CVE-2022-34611 |
|
Cross-Site Scripting (XSS) in online-fire-reporting-system-project (CVE-2022-34611)
cross-site scripting in online-fire-reporting-system-project (CVE-2022-34611). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-35131 |
|
Cross-Site Scripting (XSS) in joplinapp (CVE-2022-35131)
cross-site scripting in joplinapp (CVE-2022-35131). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24992 |
|
Path Traversal in path-traversal (CVE-2022-24992)
path traversal in path-traversal (CVE-2022-24992). Confidential information can be exposed externally.
|
| CVE-2022-29709 |
|
SQL Injection in sqli (CVE-2022-29709)
SQL injection in sqli (CVE-2022-29709). Confidential information can be exposed externally.
|
| CVE-2022-32450 |
|
Vulnerability in anydesk (CVE-2022-32450)
vulnerability in anydesk (CVE-2022-32450). Data can be tampered with by attackers.
|
| CVE-2021-42923 |
|
Vulnerability in showmypc (CVE-2021-42923)
vulnerability in showmypc (CVE-2021-42923). Successful exploitation can lead to full system takeover.
|
| CVE-2020-35305 |
|
Cross-Site Scripting (XSS) in gollum-project (CVE-2020-35305)
cross-site scripting in gollum-project (CVE-2020-35305). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-35409 |
|
Out-of-Bounds Read in arm (CVE-2022-35409)
vulnerability in arm (CVE-2022-35409). Confidential information can be exposed externally.
|
| CVE-2022-32119 |
|
Unrestricted File Upload in arox (CVE-2022-32119)
vulnerability in arox (CVE-2022-32119). Successful exploitation can lead to full system takeover.
|
| CVE-2022-30024 |
|
Vulnerability in tp-link (CVE-2022-30024)
vulnerability in tp-link (CVE-2022-30024). Successful exploitation can lead to full system takeover.
|
| CVE-2022-32074 |
|
Cross-Site Scripting (XSS) in enhancesoft (CVE-2022-32074)
cross-site scripting in enhancesoft (CVE-2022-32074). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-32114 |
|
Unrestricted File Upload in strapi (CVE-2022-32114)
vulnerability in strapi (CVE-2022-32114). Successful exploitation can lead to full system takeover.
|
| CVE-2021-36667 |
|
OS Command Injection in druva (CVE-2021-36667)
OS command injection in druva (CVE-2021-36667). Successful exploitation can lead to full system takeover.
|
| CVE-2022-32224 |
|
Unsafe Deserialization in activerecord (CVE-2022-32224)
vulnerability in activerecord (CVE-2022-32224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.2.8.1` or later.
|
| CVE-2022-31904 |
|
Cross-Site Scripting (XSS) in uberrider (CVE-2022-31904)
cross-site scripting in uberrider (CVE-2022-31904). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-36668 |
|
Vulnerability in druva (CVE-2021-36668)
vulnerability in druva (CVE-2021-36668). Successful exploitation can lead to full system takeover.
|
| CVE-2021-36666 |
|
Vulnerability in druva (CVE-2021-36666)
vulnerability in druva (CVE-2021-36666). Successful exploitation can lead to full system takeover.
|
| CVE-2021-36665 |
|
Unsafe Deserialization in druva (CVE-2021-36665)
vulnerability in druva (CVE-2021-36665). Successful exploitation can lead to full system takeover.
|
| CVE-2022-22047 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-22047)
vulnerability in Microsoft windows (CVE-2022-22047). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-33098 |
|
Cross-Site Scripting (XSS) in magnolia-cms (CVE-2022-33098)
cross-site scripting in magnolia-cms (CVE-2022-33098). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-24139 |
|
Vulnerability in iobit (CVE-2022-24139)
vulnerability in iobit (CVE-2022-24139). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24140 |
|
Vulnerability in iobit (CVE-2022-24140)
vulnerability in iobit (CVE-2022-24140). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24138 |
|
Vulnerability in iobit (CVE-2022-24138)
vulnerability in iobit (CVE-2022-24138). Successful exploitation can lead to full system takeover.
|
| CVE-2022-33047 |
|
OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.
OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.
|
| CVE-2022-32385 |
|
Out-of-Bounds Write in tendacn (CVE-2022-32385)
out-of-bounds write in tendacn (CVE-2022-32385). Successful exploitation can lead to full system takeover.
|
| CVE-2022-32386 |
|
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.
|
| CVE-2022-33075 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-33075)
cross-site scripting in phpgurukul (CVE-2022-33075). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-34151 |
|
Vulnerability in omron (CVE-2022-34151)
vulnerability in omron (CVE-2022-34151). Successful exploitation can lead to full system takeover.
|
| CVE-2022-33971 |
|
Vulnerability in dos (CVE-2022-33971)
vulnerability in dos (CVE-2022-33971). Successful exploitation can lead to full system takeover.
|
| CVE-2022-32384 |
|
Out-of-Bounds Write in tendacn (CVE-2022-32384)
out-of-bounds write in tendacn (CVE-2022-32384). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25898 |
|
Vulnerability in kjur (CVE-2022-25898)
vulnerability in kjur (CVE-2022-25898). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26925 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-26925)
vulnerability in Microsoft windows (CVE-2022-26925). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-34835 |
|
Out-of-Bounds Write in denx (CVE-2022-34835)
out-of-bounds write in denx (CVE-2022-34835). Successful exploitation can lead to full system takeover.
|
| CVE-2022-31897 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-31897)
cross-site scripting in phpgurukul (CVE-2022-31897). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-33009 |
|
Cross-Site Scripting (XSS) in lightcms-project (CVE-2022-33009)
cross-site scripting in lightcms-project (CVE-2022-33009). Risk of unauthorized operations or information disclosure.
|