Total
5287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22909 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 8.8 High |
| HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. | ||||
| CVE-2022-22286 | 2 Google, Samsung | 2 Android, Bixby Routines | 2024-11-21 | 4.4 Medium |
| A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | ||||
| CVE-2022-22285 | 2 Google, Samsung | 2 Android, Reminder | 2024-11-21 | 4.4 Medium |
| A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | ||||
| CVE-2022-22270 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. | ||||
| CVE-2022-21831 | 2 Debian, Rubyonrails | 2 Debian Linux, Active Storage | 2024-11-21 | 9.8 Critical |
| A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | ||||
| CVE-2022-21797 | 3 Debian, Fedoraproject, Joblib Project | 3 Debian Linux, Fedora, Joblib | 2024-11-21 | 7.3 High |
| The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. | ||||
| CVE-2022-21122 | 1 Metarhia | 1 Metacalc | 2024-11-21 | 9 Critical |
| The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor. | ||||
| CVE-2022-1575 | 1 Diagrams | 1 Drawio | 2024-11-21 | 9.6 Critical |
| Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app. | ||||
| CVE-2022-0944 | 1 Sqlpad | 1 Sqlpad | 2024-11-21 | 7.2 High |
| Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. | ||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.7 Medium |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | ||||
| CVE-2022-0896 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0885 | 1 Memberhero | 1 Member Hero | 2024-11-21 | 9.8 Critical |
| The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. | ||||
| CVE-2022-0845 | 1 Lightningai | 1 Pytorch Lightning | 2024-11-21 | 9.8 Critical |
| Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. | ||||
| CVE-2022-0819 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | ||||
| CVE-2022-0811 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-11-21 | 8.8 High |
| A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. | ||||
| CVE-2022-0661 | 1 Ad Injection Project | 1 Ad Injection | 2024-11-21 | 7.2 High |
| The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set. | ||||
| CVE-2022-0578 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
| Code Injection in GitHub repository publify/publify prior to 9.2.8. | ||||
| CVE-2022-0323 | 1 Mustache Project | 1 Mustache | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. | ||||
| CVE-2021-4434 | 1 Warfareplugins | 1 Social Warfare | 2024-11-21 | 10 Critical |
| The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server. | ||||
| CVE-2021-4315 | 1 Psiturk | 1 Psiturk | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676. | ||||