CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-43243 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Servic... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43244 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Ser... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43245 Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafte... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43248 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Ser... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-41551 Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. | 7.2 | HIGH | — | 0 |
| CVE-2025-20101 Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | 8.4 | HIGH | — | 0 |
| CVE-2022-43249 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43250 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43252 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) vi... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43253 Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Servi... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-43254 GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-22820 MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43226 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. | 8.8 | HIGH | — | 0 |
| CVE-2022-43227 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. | 7.2 | HIGH | — | 0 |
| CVE-2022-2904 A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4... | 7.3 | HIGH | — | 0 |
| CVE-2022-43066 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. | 7.2 | HIGH | — | 0 |
| CVE-2022-43068 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. | 7.2 | HIGH | — | 0 |
| CVE-2021-46853 Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-37930 A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive informa... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-44638 In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | 8.8 | HIGH | — | 0 |
| CVE-2022-32287 A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefu... | 7.5 | HIGH | — | 0 |
| CVE-2022-41435 OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to ex... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-43101 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43102 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43103 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43104 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43105 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43106 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43107 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43108 Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43109 D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22818 MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-22819 MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42751 CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to cr... | 8.8 | HIGH | — | 0 |
| CVE-2022-42753 SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-43372 Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. | 4.8 | MEDIUM | — | 0 |
| CVE-2022-22425 "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22442 "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." | 6.5 | MEDIUM | — | 0 |
| CVE-2022-30608 "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the websit... | 8.8 | HIGH | — | 0 |
| CVE-2022-42744 CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage par... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30615 "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-34339 "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." | 6.5 | MEDIUM | — | 0 |
| CVE-2022-35279 "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticat... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-35642 "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-42746 CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not pro... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-35717 "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361. | 7.8 | HIGH | — | 0 |
| CVE-2022-38712 "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Forc... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-40230 "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 23553... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-40235 "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725." | 6.5 | MEDIUM | — | 0 |
| CVE-2022-40276 Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the app... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.