Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28033 1 Thedigitalcraft 1 Atomcms 2022-04-18 7.5 HIGH 9.8 CRITICAL
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php
CVE-2022-28032 1 Thedigitalcraft 1 Atomcms 2022-04-18 7.5 HIGH 9.8 CRITICAL
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php
CVE-2022-28036 1 Thedigitalcraft 1 Atomcms 2022-04-18 7.5 HIGH 9.8 CRITICAL
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php
CVE-2022-27576 1 Google 1 Android 2022-04-18 4.3 MEDIUM 3.3 LOW
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
CVE-2021-43442 1 I3international 6 Ax46, Ax46 Firmware, Ax68 and 3 more 2022-04-18 6.8 MEDIUM 8.1 HIGH
A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.
CVE-2019-14277 1 Axway 1 Securetransport 2022-04-18 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version.”
CVE-2021-22055 1 Vmware 1 Photon Os 2022-04-18 5.0 MEDIUM 5.3 MEDIUM
The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.
CVE-2022-1286 1 Mruby 1 Mruby 2022-04-18 7.5 HIGH 9.8 CRITICAL
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVE-2022-27575 1 Google 1 Android 2022-04-18 4.3 MEDIUM 3.3 LOW
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.
CVE-2022-27574 1 Google 1 Android 2022-04-18 7.5 HIGH 7.2 HIGH
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
CVE-2022-27573 1 Google 1 Android 2022-04-18 6.5 MEDIUM 7.2 HIGH
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
CVE-2022-27572 1 Google 1 Android 2022-04-18 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
CVE-2022-27571 1 Google 1 Android 2022-04-18 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-27570 1 Google 1 Android 2022-04-18 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-27569 1 Google 1 Android 2022-04-18 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-27568 1 Google 1 Android 2022-04-18 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-27567 1 Google 1 Android 2022-04-18 7.5 HIGH 9.8 CRITICAL
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
CVE-2022-26099 1 Google 1 Android 2022-04-18 6.4 MEDIUM 9.1 CRITICAL
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
CVE-2022-27577 1 Sick 2 Msc800, Msc800 Firmware 2022-04-18 6.4 MEDIUM 9.1 CRITICAL
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
CVE-2022-1262 1 Dlink 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more 2022-04-18 7.2 HIGH 7.8 HIGH
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.