Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45143 | 2 Apache, Redhat | 4 Tomcat, Jboss Enterprise Web Server, Jboss Fuse and 1 more | 2024-11-21 | 7.5 High |
| The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. | ||||
| CVE-2022-43713 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 7.5 High |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed. | ||||
| CVE-2022-41443 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 9.8 Critical |
| phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. | ||||
| CVE-2022-3941 | 1 Activity Log Project | 1 Activity Log | 2024-11-21 | 5.3 Medium |
| A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. | ||||
| CVE-2022-36446 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.8 Critical |
| software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | ||||
| CVE-2022-35153 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 9.8 Critical |
| FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | ||||
| CVE-2022-32549 | 1 Apache | 2 Sling Api, Sling Commons Log | 2024-11-21 | 5.3 Medium |
| Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. | ||||
| CVE-2022-31458 | 1 Rtx Trap Project | 1 Rtx Trap | 2024-11-21 | 6.1 Medium |
| RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning. | ||||
| CVE-2022-30966 | 1 Jenkins | 1 Random String Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30781 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| Gitea before 1.16.7 does not escape git fetch remote. | ||||
| CVE-2022-2619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | ||||
| CVE-2022-2241 | 1 Fifu | 1 Featured Image From Url | 2024-11-21 | 6.1 Medium |
| The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues | ||||
| CVE-2022-2099 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 4.8 Medium |
| The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | ||||
| CVE-2022-29599 | 3 Apache, Debian, Redhat | 8 Maven Shared Utils, Debian Linux, Enterprise Linux and 5 more | 2024-11-21 | 9.8 Critical |
| In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | ||||
| CVE-2022-28960 | 1 Spip | 1 Spip | 2024-11-21 | 8.8 High |
| A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | ||||
| CVE-2022-26174 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | ||||
| CVE-2022-23079 | 1 Getmotoradmin | 1 Motor Admin | 2024-11-21 | N/A |
| In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim. | ||||
| CVE-2022-22992 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | 7.8 High |
| A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input. | ||||
| CVE-2022-22734 | 1 Sedlex | 1 Simple Quotation | 2024-11-21 | 6.1 Medium |
| The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them | ||||
| CVE-2022-22151 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-11-21 | 8.1 High |
| CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | ||||