Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28528 1 Bloofox 1 Bloofoxcms 2022-05-05 6.5 MEDIUM 8.8 HIGH
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
CVE-2022-28053 1 Typemill 1 Typemill 2022-05-05 6.5 MEDIUM 8.8 HIGH
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-26111 1 Canon 1 Irisnext 2022-05-05 9.0 HIGH 8.8 HIGH
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.
CVE-2022-27428 1 Gallerycms Project 1 Gallerycms 2022-05-05 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.
CVE-2021-26080 1 Atlassian 2 Jira Data Center, Jira Server 2022-05-05 4.3 MEDIUM 6.1 MEDIUM
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
CVE-2022-28527 1 Dhcms Project 1 Dhcms 2022-05-05 5.5 MEDIUM 8.1 HIGH
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.
CVE-2022-28523 1 Hongcms Project 1 Hongcms 2022-05-05 5.5 MEDIUM 8.1 HIGH
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.
CVE-2022-29813 1 Jetbrains 1 Intellij Idea 2022-05-05 4.6 MEDIUM 6.7 MEDIUM
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
CVE-2022-29812 1 Jetbrains 1 Intellij Idea 2022-05-05 2.1 LOW 2.3 LOW
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
CVE-2022-22392 1 Ibm 1 Planning Analytics Workspace 2022-05-05 6.8 MEDIUM 7.8 HIGH
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.
CVE-2022-29811 1 Jetbrains 1 Hub 2022-05-05 3.5 LOW 4.8 MEDIUM
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2022-29816 1 Jetbrains 1 Intellij Idea 2022-05-05 2.1 LOW 3.3 LOW
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
CVE-2022-29815 1 Jetbrains 1 Intellij Idea 2022-05-05 4.6 MEDIUM 6.7 MEDIUM
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
CVE-2022-29814 1 Jetbrains 1 Intellij Idea 2022-05-05 4.4 MEDIUM 7.7 HIGH
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
CVE-2022-29817 1 Jetbrains 1 Intellij Idea 2022-05-05 4.3 MEDIUM 6.1 MEDIUM
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
CVE-2022-29820 1 Jetbrains 1 Pycharm 2022-05-05 3.3 LOW 3.5 LOW
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
CVE-2021-45842 1 Terra-master 3 F2-210, F4-210, Tos 2022-05-05 5.0 MEDIUM 7.5 HIGH
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint.
CVE-2022-27135 1 Xpdfreader 1 Xpdf 2022-05-05 4.3 MEDIUM 5.5 MEDIUM
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
CVE-2022-27103 1 Element-plus 1 Element-plus 2022-05-05 4.3 MEDIUM 6.1 MEDIUM
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.
CVE-2022-29819 1 Jetbrains 1 Intellij Idea 2022-05-05 4.4 MEDIUM 7.7 HIGH
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible