Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45557 | 2 Apple, Left Project | 2 Macos, Left | 2023-01-25 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. | |||||
| CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 5.4 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | |||||
| CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | |||||
| CVE-2022-46890 | 1 Nexusphp | 1 Nexusphp | 2023-01-25 | N/A | 4.3 MEDIUM |
| Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page). | |||||
| CVE-2022-46889 | 1 Nexusphp | 1 Nexusphp | 2023-01-25 | N/A | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php. | |||||
| CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | |||||
| CVE-2022-47766 | 1 Popojicms | 1 Popojicms | 2023-01-25 | N/A | 8.8 HIGH |
| PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | |||||
| CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | |||||
| CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | |||||
| CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2023-01-25 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | |||||
| CVE-2022-41989 | 1 Sewio | 1 Real-time Location System Studio | 2023-01-25 | N/A | 9.8 CRITICAL |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution. | |||||
| CVE-2023-22592 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2023-01-25 | N/A | 7.8 HIGH |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | |||||
| CVE-2022-34462 | 1 Dell | 1 Emc Secure Connect Gateway Policy Manager | 2023-01-25 | N/A | 7.8 HIGH |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges. | |||||
| CVE-2022-34442 | 1 Dell | 1 Emc Secure Connect Gateway Policy Manager | 2023-01-25 | N/A | 9.8 CRITICAL |
| Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges. | |||||
| CVE-2022-47990 | 1 Ibm | 2 Aix, Vios | 2023-01-25 | N/A | 7.8 HIGH |
| IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556. | |||||
| CVE-2022-34460 | 1 Dell | 52 G5 Se 5505, G5 Se 5505 Firmware, Inspiron 27 7775 and 49 more | 2023-01-25 | N/A | 7.8 HIGH |
| Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2020-35326 | 1 Inxedu | 1 Inxedu | 2023-01-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value. | |||||
| CVE-2023-21603 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-01-25 | N/A | 5.5 MEDIUM |
| Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34456 | 1 Dell | 1 Emc Metro Node | 2023-01-25 | N/A | 8.8 HIGH |
| Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application. | |||||
| CVE-2023-21601 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-01-25 | N/A | 5.5 MEDIUM |
| Adobe Dimension version 3.4.6 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||