Total
5227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36262 | 1 Taogogo | 1 Taocms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | |||||
| CVE-2022-36216 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 7.2 HIGH |
| DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | |||||
| CVE-2022-36036 | 1 Mdx-mermaid Project | 1 Mdx-mermaid | 2024-11-21 | N/A | 3.6 LOW |
| mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. | |||||
| CVE-2022-35944 | 1 Octobercms | 1 October | 2024-11-21 | N/A | 6.2 MEDIUM |
| October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66. | |||||
| CVE-2022-35847 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 6.3 MEDIUM |
| An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-35743 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | |||||
| CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | |||||
| CVE-2022-34625 | 1 Mealie Project | 1 Mealie | 2024-11-21 | N/A | 7.2 HIGH |
| Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. | |||||
| CVE-2022-34456 | 1 Dell | 1 Emc Metro Node | 2024-11-21 | N/A | 8.8 HIGH |
| Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application. | |||||
| CVE-2022-32897 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution. | |||||
| CVE-2022-32417 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | |||||
| CVE-2022-31161 | 1 Roxy-wi | 1 Roxy-wi | 2024-11-21 | N/A | 10.0 CRITICAL |
| Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue. | |||||
| CVE-2022-30580 | 1 Golang | 1 Go | 2024-11-21 | N/A | 7.8 HIGH |
| Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | |||||
| CVE-2022-30083 | 1 Elliegrid | 1 Elliegrid | 2024-11-21 | N/A | 9.8 CRITICAL |
| EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). | |||||
| CVE-2022-2636 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | |||||
| CVE-2022-2073 | 1 Getgrav | 1 Grav | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | |||||
| CVE-2022-2054 | 1 Nuitka | 1 Nuitka | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| Code Injection in GitHub repository nuitka/nuitka prior to 0.9. | |||||
| CVE-2022-2014 | 1 Diagrams | 1 Drawio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. | |||||
| CVE-2022-29821 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 4.4 MEDIUM | 6.9 MEDIUM |
| In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | |||||
| CVE-2022-29819 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 4.4 MEDIUM | 6.9 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | |||||