Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44081 | 1 Lodev | 1 Lodepng | 2022-11-01 | N/A | 5.5 MEDIUM |
| Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. | |||||
| CVE-2022-37620 | 1 Html-minifier Project | 1 Html-minifier | 2022-11-01 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. | |||||
| CVE-2022-42924 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 6.5 MEDIUM |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database. | |||||
| CVE-2022-3766 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-11-01 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-3765 | 1 Phpmyfaq | 1 Phpmyfaq | 2022-11-01 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | |||||
| CVE-2022-43167 | 1 Rukovoditel | 1 Rukovoditel | 2022-11-01 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". | |||||
| CVE-2022-40487 | 1 Processwire | 1 Processwire | 2022-11-01 | N/A | 6.1 MEDIUM |
| ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. | |||||
| CVE-2022-43353 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | |||||
| CVE-2022-40488 | 1 Processwire | 1 Processwire | 2022-11-01 | N/A | 6.5 MEDIUM |
| ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-43355 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-43354 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. | |||||
| CVE-2022-42925 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 8.8 HIGH |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2020-21016 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-11-01 | N/A | 9.8 CRITICAL |
| D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. | |||||
| CVE-2022-37424 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2022-11-01 | N/A | 6.5 MEDIUM |
| Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | |||||
| CVE-2022-43283 | 1 Webassembly | 1 Wabt | 2022-11-01 | N/A | 5.5 MEDIUM |
| wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | |||||
| CVE-2022-3770 | 1 Xjyunjing | 1 Yunjing Content Management System | 2022-11-01 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. | |||||
| CVE-2022-3408 | 1 Redlettuce | 1 Wp Word Count | 2022-11-01 | N/A | 4.8 MEDIUM |
| The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-40471 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-11-01 | N/A | 9.8 CRITICAL |
| Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | |||||
| CVE-2022-43282 | 1 Webassembly | 1 Wabt | 2022-11-01 | N/A | 7.1 HIGH |
| wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. | |||||
| CVE-2022-43281 | 1 Webassembly | 1 Wasm | 2022-11-01 | N/A | 7.8 HIGH |
| wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. | |||||