CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-45472 CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-46854 mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | 7.5 | HIGH | — | 0 |
| CVE-2022-45462 Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45149 A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-45150 A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to ope... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-48311 Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function. | 8.8 | HIGH | — | 0 |
| CVE-2022-45151 The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-44139 Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44249 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44250 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44251 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44252 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-29334 An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | 8.8 | HIGH | — | 0 |
| CVE-2022-44253 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function. | 8.8 | HIGH | — | 0 |
| CVE-2022-44254 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function. | 8.8 | HIGH | — | 0 |
| CVE-2022-44255 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44256 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. | 8.8 | HIGH | — | 0 |
| CVE-2022-44257 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. | 8.8 | HIGH | — | 0 |
| CVE-2022-44258 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. | 8.8 | HIGH | — | 0 |
| CVE-2022-44259 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. | 8.8 | HIGH | — | 0 |
| CVE-2022-44140 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | 8.8 | HIGH | — | 0 |
| CVE-2022-44260 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function. | 8.8 | HIGH | — | 0 |
| CVE-2022-44278 Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=. | 7.2 | HIGH | — | 0 |
| CVE-2022-44280 Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-35501 Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. | 5.4 | MEDIUM | — | 0 |
| CVE-2009-1142 An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory fu... | 6.7 | MEDIUM | — | 0 |
| CVE-2009-1143 An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in moun... | 7.0 | HIGH | — | 0 |
| CVE-2021-35284 SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45872 iTerm2 before 3.4.18 mishandles a DECRQSS response. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23740 CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an ... | 8.8 | HIGH | — | 0 |
| CVE-2022-39833 FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | 7.2 | HIGH | — | 0 |
| CVE-2022-40304 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be... | 7.8 | HIGH | — | 0 |
| CVE-2022-40771 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | 4.9 | MEDIUM | — | 0 |
| CVE-2022-40772 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-43258 CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a use... | 8.8 | HIGH | — | 0 |
| CVE-2025-20611 Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information discl... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-45866 qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-43196 dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-44118 dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44120 dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44789 A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a cra... | 8.8 | HIGH | — | 0 |
| CVE-2022-45276 An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45278 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | 8.8 | HIGH | — | 0 |
| CVE-2022-45280 A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-45873 systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation me... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-26885 When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. | 7.5 | HIGH | — | 0 |
| CVE-2022-45885 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | 7.0 | HIGH | — | 0 |
| CVE-2022-45887 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | 4.7 | MEDIUM | — | 0 |
| CVE-2022-2721 In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | 7.5 | HIGH | — | 0 |
| CVE-2022-40282 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir para... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.