Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25760 | 1 Accesslog Project | 1 Accesslog | 2022-03-23 | 10.0 HIGH | 9.8 CRITICAL |
| All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on. | |||||
| CVE-2022-0944 | 1 Sqlpad | 1 Sqlpad | 2022-03-21 | 6.5 MEDIUM | 7.2 HIGH |
| Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. | |||||
| CVE-2021-44618 | 1 Nystudio107 | 1 Seomatic | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. | |||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2022-03-18 | 6.5 MEDIUM | 6.7 MEDIUM |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2022-0896 | 1 Microweber | 1 Microweber | 2022-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0845 | 1 Pytorchlightning | 1 Pytorch Lightning | 2022-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | |||||
| CVE-2022-22909 | 1 Digitaldruid | 1 Hoteldruid | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. | |||||
| CVE-2022-25018 | 1 Pluxml | 1 Pluxml | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. | |||||
| CVE-2021-44238 | 1 Ayacms Project | 1 Ayacms | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, | |||||
| CVE-2021-22395 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-23810 | 1 Appleple | 1 A-blog Cms | 2022-03-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2012-0171 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." | |||||
| CVE-2012-0169 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." | |||||
| CVE-2012-0168 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-03-01 | 7.6 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." | |||||
| CVE-2012-0155 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." | |||||
| CVE-2012-0011 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." | |||||
| CVE-2022-24665 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. | |||||
| CVE-2022-24664 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 4.0 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. | |||||
| CVE-2022-24663 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. | |||||
| CVE-2018-17036 | 1 Ucms Project | 1 Ucms | 2022-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | |||||