Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24711 | 1 Codeigniter | 1 Codeigniter | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability. | |||||
| CVE-2021-44340 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2022-03-08 | 6.8 MEDIUM | 7.8 HIGH |
| David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in "/ok_jpg.c:403". | |||||
| CVE-2022-25642 | 1 Obyte | 1 Obyte | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. | |||||
| CVE-2022-25260 | 1 Jetbrains | 1 Hub | 2022-03-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-25261 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||||
| CVE-2022-25359 | 1 Iclinks | 3 Scadaflex Ii, Scadaflex Ii Firmware, Weblib | 2022-03-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. | |||||
| CVE-2022-25262 | 1 Jetbrains | 1 Hub | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | |||||
| CVE-2022-24572 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | |||||
| CVE-2022-24571 | 1 Car Driving School Management System Project | 1 Car Driving School Management System | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. | |||||
| CVE-2022-0768 | 1 Alltubedownload | 1 Alltube | 2022-03-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. | |||||
| CVE-2022-25263 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | |||||
| CVE-2022-0762 | 1 Microweber | 1 Microweber | 2022-03-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-23988 | 1 Westguardsolutions | 1 Ws Form | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission | |||||
| CVE-2022-0723 | 1 Microweber | 1 Microweber | 2022-03-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0763 | 1 Microweber | 1 Microweber | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2022-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | |||||
| CVE-2022-24709 | 1 Amazon | 1 Awsui\/components-react | 2022-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| @awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue. | |||||
| CVE-2022-26149 | 1 Modx | 1 Revolution | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. | |||||
| CVE-2022-23987 | 1 Westguardsolutions | 1 Ws Form | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-43945 | 1 Atlassian | 2 Data Center, Jira | 2022-03-08 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3. | |||||