Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-74
Total 803 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8720 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-12-13 4.3 MEDIUM 4.3 MEDIUM
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.
CVE-2022-4364 1 Flir 2 Flir Ax8, Flir Ax8 Firmware 2022-12-12 N/A 9.8 CRITICAL
A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.
CVE-2022-4170 2 Fedoraproject, Rxvt-unicode Project 3 Extra Packages For Enterprise Linux, Fedora, Rxvt-unicode 2022-12-12 N/A 9.8 CRITICAL
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
CVE-2022-4353 1 Pb-cms Project 1 Pb-cms 2022-12-12 N/A 9.0 CRITICAL
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability.
CVE-2022-4347 1 Beetl-bbs Project 1 Beetl-bbs 2022-12-09 N/A 5.4 MEDIUM
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.
CVE-2022-4348 1 Ruoyi 1 Ruoyi-cloud 2022-12-09 N/A 6.1 MEDIUM
A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.
CVE-2022-4350 1 Mingsoft 1 Mcms 2022-12-09 N/A 6.1 MEDIUM
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.
CVE-2020-36609 1 Duxcms Project 1 Duxcms 2022-12-09 N/A 5.4 MEDIUM
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.
CVE-2021-43818 5 Debian, Fedoraproject, Lxml and 2 more 12 Debian Linux, Fedora, Lxml and 9 more 2022-12-09 6.8 MEDIUM 7.1 HIGH
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
CVE-2022-45550 1 Ayacms Project 1 Ayacms 2022-12-08 N/A 9.8 CRITICAL
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).
CVE-2021-29454 3 Debian, Fedoraproject, Smarty 3 Debian Linux, Fedora, Smarty 2022-12-08 6.5 MEDIUM 8.8 HIGH
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
CVE-2022-35507 1 Proxmox 3 Proxmox Mail Gateway, Pve Http Server, Virtual Environment 2022-12-06 N/A 7.1 HIGH
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.
CVE-2022-4282 1 Jrecms 1 Springbootcms 2022-12-06 N/A 7.2 HIGH
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.
CVE-2022-4257 1 Cdatatec 1 C-data Web Management System 2022-12-05 N/A 9.8 CRITICAL
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.
CVE-2022-4251 1 Movie Ticket Booking System Project 1 Movie Ticket Booking System 2022-12-05 N/A 5.4 MEDIUM
A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628.
CVE-2022-3080 2 Fedoraproject, Isc 2 Fedora, Bind 2022-12-02 N/A 7.5 HIGH
By sending specific queries to the resolver, an attacker can cause named to crash.
CVE-2022-4250 1 Movie Ticket Booking System Project 1 Movie Ticket Booking System 2022-12-02 N/A 6.1 MEDIUM
A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627.
CVE-2022-4253 1 Canteen Management System Project 1 Canteen Management System 2022-12-02 N/A 5.4 MEDIUM
A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability.
CVE-2022-4252 1 Canteen Management System Project 1 Canteen Management System 2022-12-02 N/A 6.1 MEDIUM
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability.
CVE-2022-4248 1 Movie Ticket Booking System Project 1 Movie Ticket Booking System 2022-12-02 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability.