Total
5287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35649 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 9.8 Critical |
| The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | ||||
| CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | ||||
| CVE-2022-34625 | 1 Mealie Project | 1 Mealie | 2024-11-21 | 7.2 High |
| Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. | ||||
| CVE-2022-33725 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. | ||||
| CVE-2022-33721 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | ||||
| CVE-2022-32897 | 1 Apple | 1 Macos | 2024-11-21 | 7.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution. | ||||
| CVE-2022-32417 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 9.8 Critical |
| PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | ||||
| CVE-2022-30580 | 1 Golang | 1 Go | 2024-11-21 | 7.8 High |
| Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | ||||
| CVE-2022-30083 | 1 Elliegrid | 1 Elliegrid | 2024-11-21 | 9.8 Critical |
| EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). | ||||
| CVE-2022-2636 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | ||||
| CVE-2022-2073 | 1 Getgrav | 1 Grav | 2024-11-21 | 7.2 High |
| Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | ||||
| CVE-2022-2054 | 1 Nuitka | 1 Nuitka | 2024-11-21 | 8.4 High |
| Code Injection in GitHub repository nuitka/nuitka prior to 0.9. | ||||
| CVE-2022-2014 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.4 Medium |
| Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. | ||||
| CVE-2022-29821 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 6.9 Medium |
| In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | ||||
| CVE-2022-29819 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | ||||
| CVE-2022-29815 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | ||||
| CVE-2022-29814 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | ||||
| CVE-2022-29813 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | ||||
| CVE-2022-29307 | 1 Ionizecms | 1 Ionize | 2024-11-21 | 9.8 Critical |
| IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. | ||||
| CVE-2022-29078 | 1 Ejs | 1 Ejs | 2024-11-21 | 9.8 Critical |
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | ||||