Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2022-29145 Vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145)
vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.5` or later.
CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability.
Windows Address Book Remote Code Execution Vulnerability.
CVE-2022-26987 Out-of-Bounds Write in tp-link (CVE-2022-26987)
out-of-bounds write in tp-link (CVE-2022-26987). Successful exploitation can lead to full system takeover. Exploitable via ``MmtAtePrase``.
CVE-2022-26988 Out-of-Bounds Write in tp-link (CVE-2022-26988)
out-of-bounds write in tp-link (CVE-2022-26988). Successful exploitation can lead to full system takeover. Exploitable via ``MntAte``.
CVE-2022-1388 KEV [KEV] Vulnerability in F5 big-ip (CVE-2022-1388)
vulnerability in F5 big-ip (CVE-2022-1388). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-43712 Cross-Site Scripting (XSS) in employee-daily-task-management-system-project (CVE-2021-43712)
cross-site scripting in employee-daily-task-management-system-project (CVE-2021-43712). Risk of unauthorized operations or information disclosure.
CVE-2022-27224 An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
CVE-2021-45783 Path Traversal in path-traversal (CVE-2021-45783)
path traversal in path-traversal (CVE-2021-45783). Confidential information can be exposed externally.
CVE-2022-28568 Unrestricted File Upload in simple-doctors-appointment-system-project (CVE-2022-28568)
vulnerability in simple-doctors-appointment-system-project (CVE-2022-28568). Successful exploitation can lead to full system takeover.
CVE-2022-29347 Unrestricted File Upload in web-at-rchiv-project (CVE-2022-29347)
vulnerability in web-at-rchiv-project (CVE-2022-29347). Successful exploitation can lead to full system takeover.
CVE-2022-27461 Open Redirect in nopcommerce (CVE-2022-27461)
vulnerability in nopcommerce (CVE-2022-27461). Risk of unauthorized operations or information disclosure.
CVE-2021-43164 OS Command Injection in ruijienetworks (CVE-2021-43164)
OS command injection in ruijienetworks (CVE-2021-43164). Successful exploitation can lead to full system takeover.
CVE-2021-43159 Command Injection in ruijienetworks (CVE-2021-43159)
command injection in ruijienetworks (CVE-2021-43159). Successful exploitation can lead to full system takeover.
CVE-2021-43160 Command Injection in ruijienetworks (CVE-2021-43160)
command injection in ruijienetworks (CVE-2021-43160). Successful exploitation can lead to full system takeover.
CVE-2021-43161 Command Injection in ruijienetworks (CVE-2021-43161)
command injection in ruijienetworks (CVE-2021-43161). Successful exploitation can lead to full system takeover.
CVE-2021-43163 Command Injection in ruijienetworks (CVE-2021-43163)
command injection in ruijienetworks (CVE-2021-43163). Successful exploitation can lead to full system takeover.
CVE-2021-43162 Command Injection in ruijienetworks (CVE-2021-43162)
command injection in ruijienetworks (CVE-2021-43162). Successful exploitation can lead to full system takeover.
CVE-2014-0160 KEV [KEV] Out-of-Bounds Read in openssl (CVE-2014-0160)
vulnerability in openssl (CVE-2014-0160). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2014-0322 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2014-0322)
vulnerability in Microsoft internet-explorer (CVE-2014-0322). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-1789 KEV [KEV] Vulnerability in Apple multiple-products (CVE-2021-1789)
vulnerability in Apple multiple-products (CVE-2021-1789). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-8506 KEV [KEV] Vulnerability in Apple multiple-products (CVE-2019-8506)
vulnerability in Apple multiple-products (CVE-2019-8506). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2014-4113 KEV [KEV] Vulnerability in Microsoft win32k (CVE-2014-4113)
vulnerability in Microsoft win32k (CVE-2014-4113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-31674 Cross-Site Scripting (XSS) in cyclos (CVE-2021-31674)
cross-site scripting in cyclos (CVE-2021-31674). Risk of unauthorized operations or information disclosure.
CVE-2021-31673 Cross-Site Scripting (XSS) in cyclos (CVE-2021-31673)
cross-site scripting in cyclos (CVE-2021-31673). Risk of unauthorized operations or information disclosure.
CVE-2022-25647 Unsafe Deserialization in com.google.code.gson:gson (CVE-2022-25647)
vulnerability in com.google.code.gson:gson (CVE-2022-25647). Data can be tampered with by attackers. Mitigation: upgrade to `2.8.9` or later.
CVE-2021-44595 Vulnerability in wondershare (CVE-2021-44595)
vulnerability in wondershare (CVE-2021-44595). Successful exploitation can lead to full system takeover.
CVE-2021-41945 Vulnerability in encode (CVE-2021-41945)
vulnerability in encode (CVE-2021-41945). Confidential information can be exposed externally. Exploitable via ``httpx.URL``.
CVE-2022-28102 Cross-Site Scripting (XSS) in php-mysql-admin-panel-generator-project (CVE-2022-28102)
cross-site scripting in php-mysql-admin-panel-generator-project (CVE-2022-28102). Risk of unauthorized operations or information disclosure.
CVE-2022-27984 SQL Injection in sqli (CVE-2022-27984)
SQL injection in sqli (CVE-2022-27984). Successful exploitation can lead to full system takeover.
CVE-2022-27985 SQL Injection in sqli (CVE-2022-27985)
SQL injection in sqli (CVE-2022-27985). Successful exploitation can lead to full system takeover.
CVE-2022-26596 Cross-Site Scripting (XSS) in liferay (CVE-2022-26596)
cross-site scripting in liferay (CVE-2022-26596). Risk of unauthorized operations or information disclosure.
CVE-2022-26597 Cross-Site Scripting (XSS) in liferay (CVE-2022-26597)
cross-site scripting in liferay (CVE-2022-26597). Risk of unauthorized operations or information disclosure.
CVE-2022-28094 Cross-Site Scripting (XSS) in online-sports-complex-booking-system-project (CVE-2022-28094)
cross-site scripting in online-sports-complex-booking-system-project (CVE-2022-28094). Risk of unauthorized operations or information disclosure.
CVE-2021-36460 Authentication Bypass in veryfitpro-project (CVE-2021-36460)
authentication bypass in veryfitpro-project (CVE-2021-36460). Successful exploitation can lead to full system takeover.
CVE-2022-26904 KEV [KEV] Vulnerability in Microsoft windows (CVE-2022-26904)
vulnerability in Microsoft windows (CVE-2022-26904). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-29464 KEV [KEV] Path Traversal in Wso2 multiple-products (CVE-2022-29464)
path traversal in Wso2 multiple-products (CVE-2022-29464). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-21919 KEV [KEV] Vulnerability in Microsoft windows (CVE-2022-21919)
vulnerability in Microsoft windows (CVE-2022-21919). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-0847 KEV [KEV] Vulnerability in :linux_kernel: (CVE-2022-0847)
vulnerability in :linux_kernel: (CVE-2022-0847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `:2022-05-05` or later.
CVE-2022-27406 Out-of-Bounds Read in freetype (CVE-2022-27406)
vulnerability in freetype (CVE-2022-27406). Risk of unauthorized operations or information disclosure.
CVE-2022-29529 An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
CVE-2022-29530 An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
CVE-2022-29533 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29533)
cross-site scripting in misp-project (CVE-2022-29533). Risk of unauthorized operations or information disclosure.
CVE-2022-29532 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29532)
cross-site scripting in misp-project (CVE-2022-29532). Risk of unauthorized operations or information disclosure.
CVE-2022-29531 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29531)
cross-site scripting in misp-project (CVE-2022-29531). Risk of unauthorized operations or information disclosure.
CVE-2022-29528 An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
CVE-2022-29534 Authentication Bypass in misp-project (CVE-2022-29534)
authentication bypass in misp-project (CVE-2022-29534). Data can be tampered with by attackers.
CVE-2022-20773 A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
CVE-2022-26593 Cross-Site Scripting (XSS) in liferay (CVE-2022-26593)
cross-site scripting in liferay (CVE-2022-26593). Risk of unauthorized operations or information disclosure.
CVE-2022-26595 Vulnerability in liferay (CVE-2022-26595)
vulnerability in liferay (CVE-2022-26595). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →