Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37248 | 1 Craftcms | 1 Craft Cms | 2022-09-16 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. | |||||
| CVE-2022-35195 | 1 Testlink | 1 Testlink | 2022-09-16 | N/A | 7.2 HIGH |
| TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php | |||||
| CVE-2022-38979 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-09-16 | N/A | 7.5 HIGH |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-40661 | 1 Nikon | 1 Nis-elements Viewer | 2022-09-16 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15134. | |||||
| CVE-2022-3216 | 1 Nintendo | 2 Game Boy Color, Game Boy Color Firmware | 2022-09-16 | N/A | 8.8 HIGH |
| A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This vulnerability affects unknown code of the component Mobile Adapter GB. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-208606 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-38995 | 1 Huawei | 2 Emui, Harmonyos | 2022-09-16 | N/A | 7.5 HIGH |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-35193 | 1 Testlink | 1 Testlink | 2022-09-16 | N/A | 7.2 HIGH |
| TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. | |||||
| CVE-2022-38994 | 1 Huawei | 2 Emui, Harmonyos | 2022-09-16 | N/A | 7.5 HIGH |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-38993 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-09-16 | N/A | 7.5 HIGH |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-35415 | 1 Ni | 1 Configuration Manager | 2022-09-16 | N/A | 7.8 HIGH |
| An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36536 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2022-09-16 | N/A | 9.8 CRITICAL |
| An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens. | |||||
| CVE-2022-2737 | 1 Wp-staging | 1 Wp Staging | 2022-09-16 | N/A | 4.8 MEDIUM |
| The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3224 | 1 Parse-url Project | 1 Parse-url | 2022-09-16 | N/A | 6.1 MEDIUM |
| Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |||||
| CVE-2022-38844 | 1 Espocrm | 1 Espocrm | 2022-09-16 | N/A | 8.0 HIGH |
| CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system. | |||||
| CVE-2022-38843 | 1 Espocrm | 1 Espocrm | 2022-09-16 | N/A | 8.8 HIGH |
| EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. | |||||
| CVE-2022-38808 | 1 Yimihome | 1 Ywoa | 2022-09-16 | N/A | 8.8 HIGH |
| ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | |||||
| CVE-2022-36533 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2022-09-16 | N/A | 5.4 MEDIUM |
| Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-38845 | 1 Espocrm | 1 Espocrm | 2022-09-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser. | |||||
| CVE-2022-38846 | 1 Espocrm | 1 Espocrm | 2022-09-16 | N/A | 5.9 MEDIUM |
| EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack. | |||||
| CVE-2021-42949 | 1 Digitaldruid | 1 Hoteldruid | 2022-09-16 | N/A | 9.8 CRITICAL |
| The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | |||||