Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-29145 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145)
vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.5` or later.
|
| CVE-2022-29117 |
|
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
|
| CVE-2022-26926 |
|
Windows Address Book Remote Code Execution Vulnerability.
Windows Address Book Remote Code Execution Vulnerability.
|
| CVE-2022-26987 |
|
Out-of-Bounds Write in tp-link (CVE-2022-26987)
out-of-bounds write in tp-link (CVE-2022-26987). Successful exploitation can lead to full system takeover. Exploitable via ``MmtAtePrase``.
|
| CVE-2022-26988 |
|
Out-of-Bounds Write in tp-link (CVE-2022-26988)
out-of-bounds write in tp-link (CVE-2022-26988). Successful exploitation can lead to full system takeover. Exploitable via ``MntAte``.
|
| CVE-2022-1388 KEV |
|
[KEV] Vulnerability in F5 big-ip (CVE-2022-1388)
vulnerability in F5 big-ip (CVE-2022-1388). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-43712 |
|
Cross-Site Scripting (XSS) in employee-daily-task-management-system-project (CVE-2021-43712)
cross-site scripting in employee-daily-task-management-system-project (CVE-2021-43712). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27224 |
|
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
|
| CVE-2021-45783 |
|
Path Traversal in path-traversal (CVE-2021-45783)
path traversal in path-traversal (CVE-2021-45783). Confidential information can be exposed externally.
|
| CVE-2022-28568 |
|
Unrestricted File Upload in simple-doctors-appointment-system-project (CVE-2022-28568)
vulnerability in simple-doctors-appointment-system-project (CVE-2022-28568). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29347 |
|
Unrestricted File Upload in web-at-rchiv-project (CVE-2022-29347)
vulnerability in web-at-rchiv-project (CVE-2022-29347). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27461 |
|
Open Redirect in nopcommerce (CVE-2022-27461)
vulnerability in nopcommerce (CVE-2022-27461). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-43164 |
|
OS Command Injection in ruijienetworks (CVE-2021-43164)
OS command injection in ruijienetworks (CVE-2021-43164). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43159 |
|
Command Injection in ruijienetworks (CVE-2021-43159)
command injection in ruijienetworks (CVE-2021-43159). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43160 |
|
Command Injection in ruijienetworks (CVE-2021-43160)
command injection in ruijienetworks (CVE-2021-43160). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43161 |
|
Command Injection in ruijienetworks (CVE-2021-43161)
command injection in ruijienetworks (CVE-2021-43161). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43163 |
|
Command Injection in ruijienetworks (CVE-2021-43163)
command injection in ruijienetworks (CVE-2021-43163). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43162 |
|
Command Injection in ruijienetworks (CVE-2021-43162)
command injection in ruijienetworks (CVE-2021-43162). Successful exploitation can lead to full system takeover.
|
| CVE-2014-0160 KEV |
|
[KEV] Out-of-Bounds Read in openssl (CVE-2014-0160)
vulnerability in openssl (CVE-2014-0160). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-0322 KEV |
|
[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2014-0322)
vulnerability in Microsoft internet-explorer (CVE-2014-0322). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-1789 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2021-1789)
vulnerability in Apple multiple-products (CVE-2021-1789). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-8506 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2019-8506)
vulnerability in Apple multiple-products (CVE-2019-8506). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-4113 KEV |
|
[KEV] Vulnerability in Microsoft win32k (CVE-2014-4113)
vulnerability in Microsoft win32k (CVE-2014-4113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-31674 |
|
Cross-Site Scripting (XSS) in cyclos (CVE-2021-31674)
cross-site scripting in cyclos (CVE-2021-31674). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-31673 |
|
Cross-Site Scripting (XSS) in cyclos (CVE-2021-31673)
cross-site scripting in cyclos (CVE-2021-31673). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-25647 |
|
Unsafe Deserialization in com.google.code.gson:gson (CVE-2022-25647)
vulnerability in com.google.code.gson:gson (CVE-2022-25647). Data can be tampered with by attackers. Mitigation: upgrade to `2.8.9` or later.
|
| CVE-2021-44595 |
|
Vulnerability in wondershare (CVE-2021-44595)
vulnerability in wondershare (CVE-2021-44595). Successful exploitation can lead to full system takeover.
|
| CVE-2021-41945 |
|
Vulnerability in encode (CVE-2021-41945)
vulnerability in encode (CVE-2021-41945). Confidential information can be exposed externally. Exploitable via ``httpx.URL``.
|
| CVE-2022-28102 |
|
Cross-Site Scripting (XSS) in php-mysql-admin-panel-generator-project (CVE-2022-28102)
cross-site scripting in php-mysql-admin-panel-generator-project (CVE-2022-28102). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-27984 |
|
SQL Injection in sqli (CVE-2022-27984)
SQL injection in sqli (CVE-2022-27984). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27985 |
|
SQL Injection in sqli (CVE-2022-27985)
SQL injection in sqli (CVE-2022-27985). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26596 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-26596)
cross-site scripting in liferay (CVE-2022-26596). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26597 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-26597)
cross-site scripting in liferay (CVE-2022-26597). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28094 |
|
Cross-Site Scripting (XSS) in online-sports-complex-booking-system-project (CVE-2022-28094)
cross-site scripting in online-sports-complex-booking-system-project (CVE-2022-28094). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-36460 |
|
Authentication Bypass in veryfitpro-project (CVE-2021-36460)
authentication bypass in veryfitpro-project (CVE-2021-36460). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26904 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-26904)
vulnerability in Microsoft windows (CVE-2022-26904). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-29464 KEV |
|
[KEV] Path Traversal in Wso2 multiple-products (CVE-2022-29464)
path traversal in Wso2 multiple-products (CVE-2022-29464). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-21919 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-21919)
vulnerability in Microsoft windows (CVE-2022-21919). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-0847 KEV |
|
[KEV] Vulnerability in :linux_kernel: (CVE-2022-0847)
vulnerability in :linux_kernel: (CVE-2022-0847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `:2022-05-05` or later.
|
| CVE-2022-27406 |
|
Out-of-Bounds Read in freetype (CVE-2022-27406)
vulnerability in freetype (CVE-2022-27406). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29529 |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
|
| CVE-2022-29530 |
|
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
|
| CVE-2022-29533 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29533)
cross-site scripting in misp-project (CVE-2022-29533). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29532 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29532)
cross-site scripting in misp-project (CVE-2022-29532). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29531 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29531)
cross-site scripting in misp-project (CVE-2022-29531). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29528 |
|
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
|
| CVE-2022-29534 |
|
Authentication Bypass in misp-project (CVE-2022-29534)
authentication bypass in misp-project (CVE-2022-29534). Data can be tampered with by attackers.
|
| CVE-2022-20773 |
|
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
|
| CVE-2022-26593 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-26593)
cross-site scripting in liferay (CVE-2022-26593). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26595 |
|
Vulnerability in liferay (CVE-2022-26595)
vulnerability in liferay (CVE-2022-26595). Risk of unauthorized operations or information disclosure.
|