Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-28528 | 1 Bloofox | 1 Bloofoxcms | 2022-05-05 | 6.5 MEDIUM | 8.8 HIGH |
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. | |||||
CVE-2022-28053 | 1 Typemill | 1 Typemill | 2022-05-05 | 6.5 MEDIUM | 8.8 HIGH |
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
CVE-2022-26111 | 1 Canon | 1 Irisnext | 2022-05-05 | 9.0 HIGH | 8.8 HIGH |
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. | |||||
CVE-2022-27428 | 1 Gallerycms Project | 1 Gallerycms | 2022-05-05 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. | |||||
CVE-2021-26080 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | |||||
CVE-2022-28527 | 1 Dhcms Project | 1 Dhcms | 2022-05-05 | 5.5 MEDIUM | 8.1 HIGH |
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. | |||||
CVE-2022-28523 | 1 Hongcms Project | 1 Hongcms | 2022-05-05 | 5.5 MEDIUM | 8.1 HIGH |
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. | |||||
CVE-2022-29813 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | |||||
CVE-2022-29812 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 2.1 LOW | 2.3 LOW |
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | |||||
CVE-2022-22392 | 1 Ibm | 1 Planning Analytics Workspace | 2022-05-05 | 6.8 MEDIUM | 7.8 HIGH |
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. | |||||
CVE-2022-29811 | 1 Jetbrains | 1 Hub | 2022-05-05 | 3.5 LOW | 4.8 MEDIUM |
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | |||||
CVE-2022-29816 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 2.1 LOW | 3.3 LOW |
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | |||||
CVE-2022-29815 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | |||||
CVE-2022-29814 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.4 MEDIUM | 7.7 HIGH |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | |||||
CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | |||||
CVE-2022-29820 | 1 Jetbrains | 1 Pycharm | 2022-05-05 | 3.3 LOW | 3.5 LOW |
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | |||||
CVE-2021-45842 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2022-05-05 | 5.0 MEDIUM | 7.5 HIGH |
It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. | |||||
CVE-2022-27135 | 1 Xpdfreader | 1 Xpdf | 2022-05-05 | 4.3 MEDIUM | 5.5 MEDIUM |
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. | |||||
CVE-2022-27103 | 1 Element-plus | 1 Element-plus | 2022-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. | |||||
CVE-2022-29819 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.4 MEDIUM | 7.7 HIGH |
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible |