Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38892 | 2022-02-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-24263 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | |||||
| CVE-2022-24677 | 1 Hyphp | 1 Hybbs2 | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. | |||||
| CVE-2022-24676 | 1 Hyphp | 1 Hybbs2 | 2022-02-11 | 6.5 MEDIUM | 8.8 HIGH |
| update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | |||||
| CVE-2022-24682 | 1 Zimbra | 1 Collaboration | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. | |||||
| CVE-2021-45919 | 1 Std42 | 1 Elfinder | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. | |||||
| CVE-2022-0526 | 1 Chatwoot | 1 Chatwoot | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | |||||
| CVE-2021-45329 | 1 Gitea | 1 Gitea | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | |||||
| CVE-2022-0527 | 1 Chatwoot | 1 Chatwoot | 2022-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | |||||
| CVE-2022-0506 | 1 Microweber | 1 Microweber | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-21193 | 1 Dounokouno | 1 Transmitmail | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2021-45325 | 1 Gitea | 1 Gitea | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | |||||
| CVE-2021-44957 | 1 Ffjpeg Project | 1 Ffjpeg | 2022-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. | |||||
| CVE-2022-0505 | 1 Microweber | 1 Microweber | 2022-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-45326 | 1 Gitea | 1 Gitea | 2022-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | |||||
| CVE-2021-44956 | 1 Ffjpeg Project | 1 Ffjpeg | 2022-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. | |||||
| CVE-2021-45327 | 1 Gitea | 1 Gitea | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code. | |||||
| CVE-2022-0510 | 1 Pimcore | 1 Pimcore | 2022-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. | |||||
| CVE-2021-45328 | 1 Gitea | 1 Gitea | 2022-02-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | |||||
| CVE-2022-0139 | 1 Radare | 1 Radare2 | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. | |||||