Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-46169 KEV |
|
[KEV] Vulnerability in cacti (CVE-2022-46169)
vulnerability in cacti (CVE-2022-46169). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-24187 |
|
XXE (XML External Entity) in ureport-project (CVE-2023-24187)
vulnerability in ureport-project (CVE-2023-24187). Successful exploitation can lead to full system takeover.
|
| CVE-2023-21715 KEV |
|
[KEV] Authorization Flaw in Microsoft office (CVE-2023-21715)
vulnerability in Microsoft office (CVE-2023-21715). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23376 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2023-23376)
vulnerability in Microsoft windows (CVE-2023-23376). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23529 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2023-23529)
vulnerability in Apple multiple-products (CVE-2023-23529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-21823 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2023-21823)
vulnerability in Microsoft windows (CVE-2023-21823). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-45725 |
|
Vulnerability in comfast (CVE-2022-45725)
vulnerability in comfast (CVE-2022-45725). Successful exploitation can lead to full system takeover.
|
| CVE-2022-45090 |
|
SQL Injection in sqli (CVE-2022-45090)
SQL injection in sqli (CVE-2022-45090). Successful exploitation can lead to full system takeover.
|
| CVE-2022-45089 |
|
SQL Injection in sqli (CVE-2022-45089)
SQL injection in sqli (CVE-2022-45089). Successful exploitation can lead to full system takeover.
|
| CVE-2015-2291 KEV |
|
[KEV] Vulnerability in Intel ethernet-diagnostics-driver-for-windows (CVE-2015-2291)
vulnerability in Intel ethernet-diagnostics-driver-for-windows (CVE-2015-2291). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24990 KEV |
|
[KEV] Vulnerability in terramaster (CVE-2022-24990)
vulnerability in terramaster (CVE-2022-24990). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-0669 KEV |
|
[KEV] Unsafe Deserialization in Fortra goanywhere-mft (CVE-2023-0669)
vulnerability in Fortra goanywhere-mft (CVE-2023-0669). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-37492 |
|
Vulnerability in cpp (CVE-2021-37492)
vulnerability in cpp (CVE-2021-37492). Confidential information can be exposed externally.
|
| CVE-2021-37491 |
|
Vulnerability in cpp (CVE-2021-37491)
vulnerability in cpp (CVE-2021-37491). Confidential information can be exposed externally.
|
| CVE-2022-45589 |
|
SQL Injection in sqli (CVE-2022-45589)
SQL injection in sqli (CVE-2022-45589). Successful exploitation can lead to full system takeover.
|
| CVE-2022-45588 |
|
XXE (XML External Entity) in talend (CVE-2022-45588)
vulnerability in talend (CVE-2022-45588). Successful exploitation can lead to full system takeover.
|
| CVE-2022-46965 |
|
SQL Injection in sqli (CVE-2022-46965)
SQL injection in sqli (CVE-2022-46965). Confidential information can be exposed externally.
|
| CVE-2022-21587 KEV |
|
[KEV] Vulnerability in Oracle e-business-suite (CVE-2022-21587)
vulnerability in Oracle e-business-suite (CVE-2022-21587). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-22952 KEV |
|
[KEV] Vulnerability in Sugarcrm multiple-products (CVE-2023-22952)
vulnerability in Sugarcrm multiple-products (CVE-2023-22952). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-47768 |
|
Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal.
Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal.
|
| CVE-2017-11357 KEV |
|
[KEV] Vulnerability in Telerik user-interface-ui-for-aspnet-ajax (CVE-2017-11357)
vulnerability in Telerik user-interface-ui-for-aspnet-ajax (CVE-2017-11357). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-47966 KEV |
|
[KEV] Vulnerability in Zoho manageengine (CVE-2022-47966)
vulnerability in Zoho manageengine (CVE-2022-47966). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-25502 |
|
Vulnerability in cybereason (CVE-2020-25502)
vulnerability in cybereason (CVE-2020-25502). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37500 |
|
Path Traversal in path-traversal (CVE-2021-37500)
path traversal in path-traversal (CVE-2021-37500). Data can be tampered with by attackers.
|
| CVE-2021-36630 |
|
Vulnerability in dos (CVE-2021-36630)
vulnerability in dos (CVE-2021-36630). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-44877 KEV |
|
[KEV] OS Command Injection in Cwp control-web-panel (CVE-2022-44877)
OS command injection in Cwp control-web-panel (CVE-2022-44877). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-47630 |
|
Out-of-Bounds Read in trustedfirmware (CVE-2022-47630)
vulnerability in trustedfirmware (CVE-2022-47630). Confidential information can be exposed externally.
|
| CVE-2022-3693 |
|
Path Traversal in path-traversal (CVE-2022-3693)
path traversal in path-traversal (CVE-2022-3693). Confidential information can be exposed externally.
|
| CVE-2022-41080 KEV |
|
[KEV] Vulnerability in Microsoft exchange-server (CVE-2022-41080)
vulnerability in Microsoft exchange-server (CVE-2022-41080). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-21674 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2023-21674)
vulnerability in Microsoft windows (CVE-2023-21674). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-5430 KEV |
|
[KEV] Path Traversal in Tibco jasperreports (CVE-2018-5430)
path traversal in Tibco jasperreports (CVE-2018-5430). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-18809 KEV |
|
[KEV] Path Traversal in Tibco jasperreports (CVE-2018-18809)
path traversal in Tibco jasperreports (CVE-2018-18809). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-3775 |
|
Out-of-Bounds Write in gnu (CVE-2022-3775)
out-of-bounds write in gnu (CVE-2022-3775). Data can be tampered with by attackers.
|
| CVE-2022-2601 |
|
Vulnerability in gnu (CVE-2022-2601)
vulnerability in gnu (CVE-2022-2601). Successful exploitation can lead to full system takeover.
|
| CVE-2022-42856 KEV |
|
[KEV] Vulnerability in Apple ios (CVE-2022-42856)
vulnerability in Apple ios (CVE-2022-42856). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-44696 |
|
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
|
| CVE-2022-44695 |
|
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
|
| CVE-2022-44694 |
|
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
|
| CVE-2022-44702 |
|
Windows Terminal Remote Code Execution Vulnerability
Windows Terminal Remote Code Execution Vulnerability
|
| CVE-2021-32415 |
|
Vulnerability in privilege-escalation (CVE-2021-32415)
vulnerability in privilege-escalation (CVE-2021-32415). Successful exploitation can lead to full system takeover.
|
| CVE-2022-42475 KEV |
|
[KEV] Vulnerability in Fortinet fortios (CVE-2022-42475)
vulnerability in Fortinet fortios (CVE-2022-42475). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-44698 KEV |
|
[KEV] Vulnerability in Microsoft defender (CVE-2022-44698)
vulnerability in Microsoft defender (CVE-2022-44698). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-27518 KEV |
|
[KEV] Vulnerability in Citrix application-delivery-controller-adc-and-gateway (CVE-2022-27518)
vulnerability in Citrix application-delivery-controller-adc-and-gateway (CVE-2022-27518). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26500 KEV |
|
[KEV] Path Traversal in Veeam backup-replication (CVE-2022-26500)
path traversal in Veeam backup-replication (CVE-2022-26500). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26501 KEV |
|
[KEV] Vulnerability in Veeam backup-replication (CVE-2022-26501)
vulnerability in Veeam backup-replication (CVE-2022-26501). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-37325 |
|
Out-of-Bounds Write in c (CVE-2022-37325)
out-of-bounds write in c (CVE-2022-37325). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-3907 |
|
Vulnerability in wordpress (CVE-2022-3907)
vulnerability in wordpress (CVE-2022-3907). Confidential information can be exposed externally.
|
| CVE-2022-4262 KEV |
|
[KEV] Vulnerability in Google chromium-v8 (CVE-2022-4262)
vulnerability in Google chromium-v8 (CVE-2022-4262). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-2808 |
|
Vulnerability in algan (CVE-2022-2808)
vulnerability in algan (CVE-2022-2808). Successful exploitation can lead to full system takeover.
|
| CVE-2022-46152 |
|
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The funct...
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The...
|