Vulnerabilities (CVE)

Filtered by CWE-74
Total 4770 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1523 1 Canonical 2 Snapd, Ubuntu Linux 2026-06-17 N/A 10.0 CRITICAL
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
CVE-2023-1061 1 Doctors Appointment System Project 1 Doctors Appointment System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-1059 1 Doctors Appointment System Project 1 Doctors Appointment System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-0493 1 Btcpayserver 1 Btcpay Server 2026-06-17 N/A 5.3 MEDIUM
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVE-2023-0476 1 Tenable 1 Tenable.sc 2026-06-17 N/A 6.5 MEDIUM
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.
CVE-2023-0302 1 Radare 1 Radare2 2026-06-17 N/A 7.8 HIGH
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
CVE-2023-0040 1 Asynchttpclient Project 1 Async-http-client 2026-06-17 N/A 7.5 HIGH
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted data into HTTP header field values without prior sanitisation. Common use-cases here might be to place usernames from a database into HTTP header fields. This vulnerability allows attackers to inject new HTTP header fields, or entirely new requests, into the data stream. This can cause requests to be understood very differently by the remote server than was intended. In general, this is unlikely to result in data disclosure, but it can result in a number of logical errors and other misbehaviours.
CVE-2022-4864 1 Froxlor 1 Froxlor 2026-06-17 N/A 5.4 MEDIUM
Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.
CVE-2022-4768 1 Dropbox 1 Merou 2026-06-17 N/A 6.3 MEDIUM
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to injection. It is possible to launch the attack remotely. The name of the patch is d93087973afa26bc0a2d0a5eb5c0fde748bdd107. It is recommended to apply a patch to fix this issue. VDB-216906 is the identifier assigned to this vulnerability.
CVE-2022-4364 1 Flir 2 Flir Ax8, Flir Ax8 Firmware 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 can resolve this issue. Upgrading the affected component is advised. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
CVE-2022-4188 1 Google 2 Android, Chrome 2026-06-17 N/A 4.3 MEDIUM
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-4145 1 Redhat 1 Openshift Container Platform 2026-06-17 N/A 4.3 MEDIUM
A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.
CVE-2022-4064 1 Dalli Project 1 Dalli 2026-06-17 2.6 LOW 3.7 LOW
A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.3 is able to address this issue. The patch is identified as 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to upgrade the affected component.
CVE-2022-47583 1 Mintty Project 1 Mintty 2026-06-17 N/A 9.8 CRITICAL
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
CVE-2022-47052 1 Netgear 2 Ac1200 R6220, Ac1200 R6220 Firmware 2026-06-17 N/A 6.1 MEDIUM
The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.
CVE-2022-47028 1 Actionlauncher 1 Action Launcher 2026-06-17 N/A 5.5 MEDIUM
An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.
CVE-2022-46873 1 Mozilla 1 Firefox 2026-06-17 N/A 8.8 HIGH
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108.
CVE-2022-46337 1 Apache 1 Derby 2026-06-17 N/A 9.8 CRITICAL
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8.
CVE-2022-46265 1 Siemens 1 Polarion Alm 2026-06-17 N/A 5.4 MEDIUM
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.
CVE-2022-45910 1 Apache 1 Manifoldcf 2026-06-17 N/A 5.3 MEDIUM
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.