Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39908 | 1 Gitlab | 1 Gitlab | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | |||||
| CVE-2020-22201 | 1 Phpcms | 1 Phpcms | 2022-09-29 | 6.5 MEDIUM | 8.8 HIGH |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | |||||
| CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2022-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | |||||
| CVE-2022-40628 | 1 Tacitine | 4 En6200-prime Quad-100, En6200-prime Quad-100 Firmware, En6200-prime Quad-35 and 1 more | 2022-09-26 | N/A | 9.8 CRITICAL |
| This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device. | |||||
| CVE-2022-3245 | 1 Microweber | 1 Microweber | 2022-09-22 | N/A | 6.1 MEDIUM |
| HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. | |||||
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2022-09-21 | N/A | 6.1 MEDIUM |
| Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | |||||
| CVE-2020-20124 | 1 Wuzhicms | 1 Wuzhi Cms | 2022-09-14 | 6.5 MEDIUM | 8.8 HIGH |
| Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | |||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2022-09-14 | 6.5 MEDIUM | 8.8 HIGH |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | |||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2022-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | |||||
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2022-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | |||||
| CVE-2021-23337 | 4 Lodash, Netapp, Oracle and 1 more | 23 Lodash, Active Iq Unified Manager, Cloud Manager and 20 more | 2022-09-13 | 6.5 MEDIUM | 7.2 HIGH |
| Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | |||||
| CVE-2022-22954 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2022-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | |||||
| CVE-2022-27837 | 2 Google, Samsung | 2 Android, Accessibility | 2022-09-09 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | |||||
| CVE-2022-25813 | 1 Apache | 1 Ofbiz | 2022-09-07 | N/A | 7.5 HIGH |
| In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. | |||||
| CVE-2022-36036 | 1 Mdx-mermaid Project | 1 Mdx-mermaid | 2022-09-01 | N/A | 7.8 HIGH |
| mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. | |||||
| CVE-2021-22952 | 1 Ui | 1 Unifi Talk | 2022-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. | |||||
| CVE-2016-2119 | 1 Samba | 1 Samba | 2022-08-29 | 6.8 MEDIUM | 7.5 HIGH |
| libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. | |||||
| CVE-2022-25812 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-25 | N/A | 7.2 HIGH |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE | |||||
| CVE-2022-36216 | 1 Dedecms | 1 Dedecms | 2022-08-19 | N/A | 7.2 HIGH |
| DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | |||||
| CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2022-08-19 | N/A | 9.8 CRITICAL |
| DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | |||||