Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24500 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Windows SMB Remote Code Execution Vulnerability. | |||||
| CVE-2022-22966 | 1 Vmware | 1 Vcloud Director | 2022-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. | |||||
| CVE-2022-24499 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530. | |||||
| CVE-2022-24498 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows iSCSI Target Service Information Disclosure Vulnerability. | |||||
| CVE-2022-27369 | 1 Chshcms | 1 Cscms | 2022-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. | |||||
| CVE-2022-27257 | 1 Hubzilla | 1 Hubzilla | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | |||||
| CVE-2022-27158 | 1 Php | 1 Pearweb | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| pearweb < 1.32 suffers from Deserialization of Untrusted Data. | |||||
| CVE-2022-27157 | 1 Php | 1 Pearweb | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. | |||||
| CVE-2021-44510 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. | |||||
| CVE-2022-24521 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481. | |||||
| CVE-2022-24513 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Elevation of Privilege Vulnerability. | |||||
| CVE-2021-44509 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. | |||||
| CVE-2021-44508 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. | |||||
| CVE-2021-43257 | 1 Mantisbt | 1 Mantisbt | 2022-04-22 | 6.0 MEDIUM | 7.8 HIGH |
| Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. | |||||
| CVE-2022-23865 | 1 Wecul | 1 Nyron | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. To exploit this vulnerability, an attacker must inject '"> on the thes1 parameter. | |||||
| CVE-2022-26624 | 1 Ecommerce Codeigniter Bootstrap Project | 1 Ecommerce Codeigniter Bootstrap | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. | |||||
| CVE-2010-1981 | 1 Fabrikar | 1 Fabrik | 2022-04-22 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2022-27188 | 1 Yokogawa | 2 B\/m9000 Vp, Centum Vp | 2022-04-22 | 4.4 MEDIUM | 7.8 HIGH |
| OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | |||||
| CVE-2022-26594 | 1 Liferay | 1 Liferay Portal | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder. | |||||
| CVE-2022-27474 | 1 Salesagility | 1 Suitecrm | 2022-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. | |||||