Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-21626 |
|
Vulnerability in c (CVE-2022-21626)
vulnerability in c (CVE-2022-21626). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-21624 |
|
Unsafe Deserialization in c (CVE-2022-21624)
vulnerability in c (CVE-2022-21624). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-38902 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-38902)
cross-site scripting in liferay (CVE-2022-38902). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40047 |
|
Cross-Site Scripting (XSS) in flatpress (CVE-2022-40047)
cross-site scripting in flatpress (CVE-2022-40047). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40227 |
|
Vulnerability in dos (CVE-2022-40227)
vulnerability in dos (CVE-2022-40227). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40684 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2022-40684)
vulnerability in Fortinet multiple-products (CVE-2022-40684). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41033 KEV |
|
[KEV] Vulnerability in Microsoft windows-com-event-system-service (CVE-2022-41033)
vulnerability in Microsoft windows-com-event-system-service (CVE-2022-41033). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-20920 |
|
Vulnerability in cisco (CVE-2022-20920)
vulnerability in cisco (CVE-2022-20920). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42724 |
|
Information Disclosure in misp-project (CVE-2022-42724)
vulnerability in misp-project (CVE-2022-42724). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-36635 |
|
SQL Injection in sqli (CVE-2022-36635)
SQL injection in sqli (CVE-2022-36635). Successful exploitation can lead to full system takeover.
|
| CVE-2022-36634 |
|
Authorization Flaw in zkteco (CVE-2022-36634)
vulnerability in zkteco (CVE-2022-36634). Successful exploitation can lead to full system takeover.
|
| CVE-2022-35156 |
|
SQL Injection in sqli (CVE-2022-35156)
SQL injection in sqli (CVE-2022-35156). Successful exploitation can lead to full system takeover.
|
| CVE-2022-41082 KEV |
|
[KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2022-41082)
vulnerability in Microsoft exchange-server (CVE-2022-41082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41040 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Microsoft exchange-server (CVE-2022-41040)
SSRF in Microsoft exchange-server (CVE-2022-41040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-36804 KEV |
|
[KEV] OS Command Injection in Atlassian bitbucket-server-and-data-center (CVE-2022-36804)
OS command injection in Atlassian bitbucket-server-and-data-center (CVE-2022-36804). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-3236 KEV |
|
[KEV] Code Injection in Sophos firewall (CVE-2022-3236)
code injection in Sophos firewall (CVE-2022-3236). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-28981 |
|
Path Traversal in path-traversal (CVE-2022-28981)
path traversal in path-traversal (CVE-2022-28981). Confidential information can be exposed externally. Exploitable via ``parameter``.
|
| CVE-2022-28980 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28980)
cross-site scripting in liferay (CVE-2022-28980). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-38512 |
|
Vulnerability in liferay (CVE-2022-38512)
vulnerability in liferay (CVE-2022-38512). Confidential information can be exposed externally.
|
| CVE-2022-28977 |
|
Open Redirect in liferay (CVE-2022-28977)
vulnerability in liferay (CVE-2022-28977). Risk of unauthorized operations or information disclosure. Exploitable via ``FORWARD_URL``.
|
| CVE-2022-39975 |
|
Vulnerability in liferay (CVE-2022-39975)
vulnerability in liferay (CVE-2022-39975). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28978 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28978)
cross-site scripting in liferay (CVE-2022-28978). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28979 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28979)
cross-site scripting in liferay (CVE-2022-28979). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28982 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28982)
cross-site scripting in liferay (CVE-2022-28982). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-35405 KEV |
|
[KEV] Unsafe Deserialization in Zoho manageengine (CVE-2022-35405)
vulnerability in Zoho manageengine (CVE-2022-35405). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-40027 |
|
Cross-Site Scripting (XSS) in simple-task-managing-system-project (CVE-2022-40027)
cross-site scripting in simple-task-managing-system-project (CVE-2022-40027). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40030 |
|
SQL Injection in sqli (CVE-2022-40030)
SQL injection in sqli (CVE-2022-40030). Successful exploitation can lead to full system takeover.
|
| CVE-2022-40028 |
|
Cross-Site Scripting (XSS) in simple-task-managing-system-project (CVE-2022-40028)
cross-site scripting in simple-task-managing-system-project (CVE-2022-40028). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40029 |
|
Cross-Site Scripting (XSS) in simple-task-managing-system-project (CVE-2022-40029)
cross-site scripting in simple-task-managing-system-project (CVE-2022-40029). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-37700 |
|
Path Traversal in path-traversal (CVE-2022-37700)
path traversal in path-traversal (CVE-2022-37700). Confidential information can be exposed externally.
|
| CVE-2022-36534 |
|
Command Injection in syncovery (CVE-2022-36534)
command injection in syncovery (CVE-2022-36534). Successful exploitation can lead to full system takeover.
|
| CVE-2022-36533 |
|
Cross-Site Scripting (XSS) in syncovery (CVE-2022-36533)
cross-site scripting in syncovery (CVE-2022-36533). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-37251 |
|
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
|
| CVE-2022-36536 |
|
Vulnerability in syncovery (CVE-2022-36536)
vulnerability in syncovery (CVE-2022-36536). Successful exploitation can lead to full system takeover.
|
| CVE-2013-6282 KEV |
|
[KEV] Vulnerability in Linux kernel (CVE-2013-6282)
vulnerability in Linux kernel (CVE-2013-6282). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-2596 KEV |
|
[KEV] Vulnerability in Linux kernel (CVE-2013-2596)
vulnerability in Linux kernel (CVE-2013-2596). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-2094 KEV |
|
[KEV] Vulnerability in Linux kernel (CVE-2013-2094)
vulnerability in Linux kernel (CVE-2013-2094). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2010-2568 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2010-2568)
vulnerability in Microsoft windows (CVE-2010-2568). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-40139 KEV |
|
[KEV] Vulnerability in Trend micro trend-micro (CVE-2022-40139)
vulnerability in Trend micro trend-micro (CVE-2022-40139). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-2597 KEV |
|
[KEV] Buffer Overflow in Code aurora code-aurora (CVE-2013-2597)
vulnerability in Code aurora code-aurora (CVE-2013-2597). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-32917 KEV |
|
[KEV] Vulnerability in Apple ios (CVE-2022-32917)
vulnerability in Apple ios (CVE-2022-32917). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-37969 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-37969)
vulnerability in Microsoft windows (CVE-2022-37969). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-38013 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.9` or later.
|
| CVE-2022-38096 |
|
Vulnerability in c (CVE-2022-38096)
vulnerability in c (CVE-2022-38096). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-30079 |
|
OS Command Injection in netgear (CVE-2022-30079)
OS command injection in netgear (CVE-2022-30079). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26258 KEV |
|
[KEV] OS Command Injection in D-link dir-820l (CVE-2022-26258)
OS command injection in D-link dir-820l (CVE-2022-26258). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2018-6530 KEV |
|
[KEV] OS Command Injection in D-link multiple-routers (CVE-2018-6530)
OS command injection in D-link multiple-routers (CVE-2018-6530). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2011-4723 KEV |
|
[KEV] Vulnerability in D-link dir-300-router (CVE-2011-4723)
vulnerability in D-link dir-300-router (CVE-2011-4723). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-13374 KEV |
|
[KEV] Vulnerability in Fortinet fortios-and-fortiadc (CVE-2018-13374)
vulnerability in Fortinet fortios-and-fortiadc (CVE-2018-13374). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-2628 KEV |
|
[KEV] Unsafe Deserialization in Oracle weblogic-server (CVE-2018-2628)
vulnerability in Oracle weblogic-server (CVE-2018-2628). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|