Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-24572 Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user deta... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-24685 HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6. | 7.5 | HIGH | — | 0 |
| CVE-2021-43086 ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in fun... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25642 Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-44339 David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline... | 7.8 | HIGH | — | 0 |
| CVE-2021-44340 David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffm... | 7.8 | HIGH | — | 0 |
| CVE-2022-24711 CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP reques... | 9.4 | CRITICAL | — | 0 |
| CVE-2022-24712 CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request For... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-26155 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-35107 SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-26156 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hi... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-26157 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an ... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-26158 An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malic... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-44331 ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). | 7.8 | HIGH | — | 0 |
| CVE-2021-44342 David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in "/ok_png.c:494". | 7.8 | HIGH | — | 0 |
| CVE-2020-22844 A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. | 7.5 | HIGH | — | 0 |
| CVE-2020-22845 A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. | 7.5 | HIGH | — | 0 |
| CVE-2022-25014 Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to comp... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-25015 A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-25023 Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h. | 8.8 | HIGH | — | 0 |
| CVE-2022-26181 Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. | 7.8 | HIGH | — | 0 |
| CVE-2022-26315 qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41111 Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one p... | 6.4 | MEDIUM | — | 0 |
| CVE-2021-41112 Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Pr... | 8.1 | HIGH | — | 0 |
| CVE-2021-45414 A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0743 Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 4.6 | MEDIUM | — | 0 |
| CVE-2022-23906 CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | 7.2 | HIGH | — | 0 |
| CVE-2022-23907 CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-25028 Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-25407 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-25408 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-25409 Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-25410 Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-26332 Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-12775 Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to per... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42767 A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, ... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-42951 A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try t... | 8.8 | HIGH | — | 0 |
| CVE-2021-44961 A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide mali... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44962 An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure.... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-35458 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-22262 ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before dele... | 7.7 | HIGH | — | 0 |
| CVE-2022-25018 Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. | 8.8 | HIGH | — | 0 |
| CVE-2022-25020 A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-25022 A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-35036 A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuratio... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-4039 A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0776 Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-0777 Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. | 7.5 | HIGH | — | 0 |
| CVE-2021-44747 A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can b... | 4.6 | MEDIUM | — | 0 |
| CVE-2022-23377 Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.