Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2022-37768 libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. | 7.5 | HIGH | — | 0 |
| CVE-2022-37769 libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafte... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-37770 libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-36947 Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36599 lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35540 Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21423 Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | 5.1 | MEDIUM | — | 0 |
| CVE-2020-23466 Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-35167 Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. | 8.8 | HIGH | — | 0 |
| CVE-2022-1901 In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-2049 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | 7.5 | HIGH | — | 0 |
| CVE-2022-2074 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | 7.5 | HIGH | — | 0 |
| CVE-2022-37254 DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-2075 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | 7.5 | HIGH | — | 0 |
| CVE-2022-2886 A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. T... | 5.0 | MEDIUM | — | 0 |
| CVE-2022-1021 Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-29805 A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2889 Use After Free in GitHub repository vim/vim prior to 9.0.0225. | 7.8 | HIGH | — | 0 |
| CVE-2022-0542 Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-35909 In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. | 8.8 | HIGH | — | 0 |
| CVE-2022-35910 In Jellyfin before 10.8, stored XSS allows theft of an admin access token. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-36220 Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34615 Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34621 Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_i... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-40325 SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-34624 Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-35201 Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36605 Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36606 Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36224 XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 | HIGH | — | 0 |
| CVE-2022-36225 EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | 8.8 | HIGH | — | 0 |
| CVE-2022-36577 An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | 8.8 | HIGH | — | 0 |
| CVE-2022-36578 jizhicms v2.3.1 has SQL injection in the background. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36579 Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 | HIGH | — | 0 |
| CVE-2022-22489 IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to ex... | 9.1 | CRITICAL | — | 0 |
| CVE-2022-2788 Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables atta... | 3.9 | LOW | — | 0 |
| CVE-2022-36008 Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would caus... | 7.1 | HIGH | — | 0 |
| CVE-2022-36009 gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing... | 5.0 | MEDIUM | — | 0 |
| CVE-2022-36031 Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and acce... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-26911 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels. This issue af... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-36170 MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | 8.8 | HIGH | — | 0 |
| CVE-2022-37175 Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36157 XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | 8.8 | HIGH | — | 0 |
| CVE-2022-36171 MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | 8.1 | HIGH | — | 0 |
| CVE-2022-36233 Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-27793 An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | 7.5 | HIGH | — | 0 |
| CVE-2020-27794 A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-36030 Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are a... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27795 A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_g... | 7.5 | HIGH | — | 0 |
| CVE-2022-2789 Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled log... | 4.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.