Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-24252 |
|
Unrestricted File Upload in extensis (CVE-2022-24252)
vulnerability in extensis (CVE-2022-24252). Successful exploitation can lead to full system takeover.
|
| CVE-2022-24253 |
|
Unrestricted File Upload in extensis (CVE-2022-24253)
vulnerability in extensis (CVE-2022-24253). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43619 |
|
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
|
| CVE-2022-25022 |
|
Cross-Site Scripting (XSS) in htmly (CVE-2022-25022)
cross-site scripting in htmly (CVE-2022-25022). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-44961 |
|
Vulnerability in slic3r (CVE-2021-44961)
vulnerability in slic3r (CVE-2021-44961). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-25018 |
|
Code Injection in pluxml (CVE-2022-25018)
code injection in pluxml (CVE-2022-25018). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25060 |
|
OS Command Injection in tp-link (CVE-2022-25060)
OS command injection in tp-link (CVE-2022-25060). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25064 |
|
OS Command Injection in tp-link (CVE-2022-25064)
OS command injection in tp-link (CVE-2022-25064). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25062 |
|
Vulnerability in dos (CVE-2022-25062)
vulnerability in dos (CVE-2022-25062). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-25061 |
|
OS Command Injection in tp-link (CVE-2022-25061)
OS command injection in tp-link (CVE-2022-25061). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37504 |
|
Cross-Site Scripting (XSS) in hayageek (CVE-2021-37504)
cross-site scripting in hayageek (CVE-2021-37504). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-24682 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaborate-suite-zcs (CVE-2022-24682)
cross-site scripting in Synacor zimbra-collaborate-suite-zcs (CVE-2022-24682). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-6352 KEV |
|
[KEV] Code Injection in Microsoft windows (CVE-2014-6352)
code injection in Microsoft windows (CVE-2014-6352). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-0222 KEV |
|
[KEV] Buffer Overflow in Microsoft internet-explorer (CVE-2017-0222)
vulnerability in Microsoft internet-explorer (CVE-2017-0222). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-23134 KEV |
|
[KEV] Vulnerability in Zabbix frontend (CVE-2022-23134)
vulnerability in Zabbix frontend (CVE-2022-23134). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-23131 KEV |
|
[KEV] Vulnerability in Zabbix frontend (CVE-2022-23131)
vulnerability in Zabbix frontend (CVE-2022-23131). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-23650 |
|
Vulnerability in github.com/gravitl/netmaker (CVE-2022-23650)
vulnerability in github.com/gravitl/netmaker (CVE-2022-23650). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.4` or later.
|
| CVE-2021-4090 |
|
Out-of-Bounds Write in c (CVE-2021-4090)
out-of-bounds write in c (CVE-2021-4090). Confidential information can be exposed externally.
|
| CVE-2022-0664 |
|
Vulnerability in netmaker (CVE-2022-0664)
vulnerability in netmaker (CVE-2022-0664). Successful exploitation can lead to full system takeover.
|
| CVE-2022-22899 |
|
Out-of-Bounds Write in dos (CVE-2022-22899)
out-of-bounds write in dos (CVE-2022-22899). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-22914 |
|
Path Traversal in path-traversal (CVE-2022-22914)
path traversal in path-traversal (CVE-2022-22914). Confidential information can be exposed externally.
|
| CVE-2018-8174 KEV |
|
[KEV] Out-of-Bounds Write in Microsoft windows (CVE-2018-8174)
out-of-bounds write in Microsoft windows (CVE-2018-8174). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-9841 KEV |
|
[KEV] Code Injection in phpunit (CVE-2017-9841)
code injection in phpunit (CVE-2017-9841). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-3906 KEV |
|
[KEV] Code Injection in Microsoft graphics-component (CVE-2013-3906)
code injection in Microsoft graphics-component (CVE-2013-3906). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-1761 KEV |
|
[KEV] Buffer Overflow in Microsoft word (CVE-2014-1761)
vulnerability in Microsoft word (CVE-2014-1761). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-0752 KEV |
|
[KEV] Vulnerability in Microsoft internet-explorer (CVE-2019-0752)
vulnerability in Microsoft internet-explorer (CVE-2019-0752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-20250 KEV |
|
[KEV] Vulnerability in Rarlab winrar (CVE-2018-20250)
vulnerability in Rarlab winrar (CVE-2018-20250). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24086 KEV |
|
[KEV] Vulnerability in Adobe commerce-and-magento-open-source (CVE-2022-24086)
vulnerability in Adobe commerce-and-magento-open-source (CVE-2022-24086). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-0609 KEV |
|
[KEV] Use-After-Free in Google chromium-animation (CVE-2022-0609)
vulnerability in Google chromium-animation (CVE-2022-0609). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-15982 KEV |
|
[KEV] Use-After-Free in Adobe flash-player (CVE-2018-15982)
vulnerability in Adobe flash-player (CVE-2018-15982). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-45420 |
|
Information Disclosure in dos (CVE-2021-45420)
vulnerability in dos (CVE-2021-45420). Successful exploitation can lead to full system takeover.
|
| CVE-2021-45421 |
|
Information Disclosure in emerson (CVE-2021-45421)
vulnerability in emerson (CVE-2021-45421). Confidential information can be exposed externally.
|
| CVE-2021-46355 |
|
Cross-Site Scripting (XSS) in factorfx (CVE-2021-46355)
cross-site scripting in factorfx (CVE-2021-46355). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-22787 |
|
Vulnerability in dos (CVE-2021-22787)
vulnerability in dos (CVE-2021-22787). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-22788 |
|
Out-of-Bounds Write in dos (CVE-2021-22788)
out-of-bounds write in dos (CVE-2021-22788). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-22785 |
|
Information Disclosure in schneider-electric (CVE-2021-22785)
vulnerability in schneider-electric (CVE-2021-22785). Confidential information can be exposed externally.
|
| CVE-2021-41445 |
|
Cross-Site Scripting (XSS) in dlink (CVE-2021-41445)
cross-site scripting in dlink (CVE-2021-41445). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-22620 KEV |
|
[KEV] Use-After-Free in Apple ios (CVE-2022-22620)
vulnerability in Apple ios (CVE-2022-22620). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-23321 |
|
Cross-Site Scripting (XSS) in xerox (CVE-2022-23321)
cross-site scripting in xerox (CVE-2022-23321). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-46354 |
|
Vulnerability in cybelesoft (CVE-2021-46354)
vulnerability in cybelesoft (CVE-2021-46354). Confidential information can be exposed externally.
|
| CVE-2021-41442 |
|
Vulnerability in dos (CVE-2021-41442)
vulnerability in dos (CVE-2021-41442). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-36934 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2021-36934)
vulnerability in Microsoft windows (CVE-2021-36934). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-1130 KEV |
|
[KEV] Vulnerability in Apple os-x (CVE-2015-1130)
vulnerability in Apple os-x (CVE-2015-1130). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-2051 KEV |
|
[KEV] Command Injection in D-link dir-645-router (CVE-2015-2051)
command injection in D-link dir-645-router (CVE-2015-2051). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-9791 KEV |
|
[KEV] Vulnerability in Apache struts-1 (CVE-2017-9791)
vulnerability in Apache struts-1 (CVE-2017-9791). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-0145 KEV |
|
[KEV] Vulnerability in Microsoft smbv1 (CVE-2017-0145)
vulnerability in Microsoft smbv1 (CVE-2017-0145). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-0144 KEV |
|
[KEV] Vulnerability in Microsoft smbv1 (CVE-2017-0144)
vulnerability in Microsoft smbv1 (CVE-2017-0144). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-3088 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2016-3088)
vulnerability in Apache activemq (CVE-2016-3088). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-0263 KEV |
|
[KEV] Use-After-Free in Microsoft win32k (CVE-2017-0263)
vulnerability in Microsoft win32k (CVE-2017-0263). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-1635 KEV |
|
[KEV] Code Injection in Microsoft httpsys (CVE-2015-1635)
code injection in Microsoft httpsys (CVE-2015-1635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|