| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-25003 | Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerabili... | E | |
| CVE-2022-25004 | Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerabili... | E | |
| CVE-2022-25008 | totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an auth... | E | |
| CVE-2022-25010 | The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entir... | S | |
| CVE-2022-25012 | Argus Surveillance DVR v4.0 employs weak password encryption.... | E | |
| CVE-2022-25013 | Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabil... | E | |
| CVE-2022-25014 | Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2022-25015 | A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal coo... | E | |
| CVE-2022-25016 | Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vul... | E | |
| CVE-2022-25017 | Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS dd... | E | |
| CVE-2022-25018 | Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inser... | E | |
| CVE-2022-25019 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38602. Reason: This candidat... | R | |
| CVE-2022-25020 | A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary we... | E | |
| CVE-2022-25022 | A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web ... | E | |
| CVE-2022-25023 | Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesT... | E S | |
| CVE-2022-25024 | The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remot... | E S | |
| CVE-2022-25026 | A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to ... | E S | |
| CVE-2022-25027 | The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to ... | S | |
| CVE-2022-25028 | Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS)... | E | |
| CVE-2022-25029 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-25096. Reason: This candidat... | R | |
| CVE-2022-25031 | Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows atta... | | |
| CVE-2022-25037 | An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site s... | | |
| CVE-2022-25038 | wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video... | | |
| CVE-2022-25041 | OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.... | | |
| CVE-2022-25044 | Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromStr... | E S | |
| CVE-2022-25045 | Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which ... | E | |
| CVE-2022-25046 | A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrar... | E | |
| CVE-2022-25047 | The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.... | E | |
| CVE-2022-25048 | Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the r... | E | |
| CVE-2022-25050 | rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This v... | S | |
| CVE-2022-25051 | An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.... | S | |
| CVE-2022-25060 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via t... | E | |
| CVE-2022-25061 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via t... | E | |
| CVE-2022-25062 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm... | | |
| CVE-2022-25064 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerabi... | E | |
| CVE-2022-25069 | Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability whi... | E S | |
| CVE-2022-25072 | TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in t... | E | |
| CVE-2022-25073 | TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fi... | E | |
| CVE-2022-25074 | TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function... | E | |
| CVE-2022-25075 | TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in... | E S | |
| CVE-2022-25076 | TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability i... | E S | |
| CVE-2022-25077 | TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability ... | E S | |
| CVE-2022-25078 | TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability ... | E S | |
| CVE-2022-25079 | TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability i... | E S | |
| CVE-2022-25080 | TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in t... | E S | |
| CVE-2022-25081 | TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the... | E S | |
| CVE-2022-25082 | TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a comman... | E S | |
| CVE-2022-25083 | TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability i... | E S | |
| CVE-2022-25084 | TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the ... | E S | |
| CVE-2022-25089 | Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify ... | E | |
| CVE-2022-25090 | Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a dire... | E | |
| CVE-2022-25091 | Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside priv... | | |
| CVE-2022-25094 | Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE... | E | |
| CVE-2022-25095 | Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user ac... | | |
| CVE-2022-25096 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-25098 | ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parame... | | |
| CVE-2022-25099 | A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute... | E | |
| CVE-2022-25101 | A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execu... | E | |
| CVE-2022-25104 | HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the... | E | |
| CVE-2022-25106 | D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacg... | E | |
| CVE-2022-25108 | Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer derefere... | | |
| CVE-2022-25114 | Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability... | E | |
| CVE-2022-25115 | A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_u... | E | |
| CVE-2022-25125 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/... | E | |
| CVE-2022-25130 | A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V... | | |
| CVE-2022-25131 | A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology r... | | |
| CVE-2022-25132 | A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_... | | |
| CVE-2022-25133 | A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 ... | | |
| CVE-2022-25134 | A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_F... | | |
| CVE-2022-25135 | A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router ... | | |
| CVE-2022-25136 | A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 ... | | |
| CVE-2022-25137 | A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers ... | | |
| CVE-2022-25138 | Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability v... | E | |
| CVE-2022-25139 | njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfi... | E S | |
| CVE-2022-25146 | The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4... | | |
| CVE-2022-25147 | Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions | | |
| CVE-2022-25148 | WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id | E S | |
| CVE-2022-25149 | WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via IP | E S | |
| CVE-2022-25150 | In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, programs executed from the Tools t... | | |
| CVE-2022-25151 | ITarian - Session cookie not protected by HttpOnly flag | | |
| CVE-2022-25152 | ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals | | |
| CVE-2022-25153 | ITarian - Local privilege escalation in Endpoint Manager agent on Windows | | |
| CVE-2022-25154 | A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a loca... | | |
| CVE-2022-25155 | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MEL... | | |
| CVE-2022-25156 | Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, M... | | |
| CVE-2022-25157 | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MEL... | | |
| CVE-2022-25158 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series F... | | |
| CVE-2022-25159 | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U... | | |
| CVE-2022-25160 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series F... | | |
| CVE-2022-25161 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64... | | |
| CVE-2022-25162 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64... | | |
| CVE-2022-25163 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 d... | | |
| CVE-2022-25164 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions f... | M | |
| CVE-2022-25165 | An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the va... | E | |
| CVE-2022-25166 | An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the ... | E | |
| CVE-2022-25167 | Apache Flume vulnerable to a JNDI RCE in JMSSource | S | |
| CVE-2022-25168 | Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar | M | |
| CVE-2022-25169 | Apache Tika BPGParser Memory Usage DoS | | |
| CVE-2022-25170 | ICSA-22-055-01 FATEK Automation FvDesigner | S | |
| CVE-2022-25171 | Command Injection | E S | |
| CVE-2022-25172 | An information disclosure vulnerability exists in the web interface session cookie functionality of ... | E | |
| CVE-2022-25173 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories fo... | S | |
| CVE-2022-25174 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkou... | S | |
| CVE-2022-25175 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directorie... | S | |
| CVE-2022-25176 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations o... | S | |
| CVE-2022-25177 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic link... | S | |
| CVE-2022-25178 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the... | S | |
| CVE-2022-25179 | Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locatio... | S | |
| CVE-2022-25180 | Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the... | S | |
| CVE-2022-25181 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1... | S | |
| CVE-2022-25182 | A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1... | S | |
| CVE-2022-25183 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pip... | S | |
| CVE-2022-25184 | Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when ... | S | |
| CVE-2022-25185 | Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using t... | S | |
| CVE-2022-25186 | Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processe... | | |
| CVE-2022-25187 | Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the suppo... | S | |
| CVE-2022-25188 | Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters o... | S | |
| CVE-2022-25189 | Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom c... | S | |
| CVE-2022-25190 | A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with... | S | |
| CVE-2022-25191 | Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent serve... | S | |
| CVE-2022-25192 | A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier ... | S | |
| CVE-2022-25193 | Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Ove... | S | |
| CVE-2022-25194 | A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allow... | S | |
| CVE-2022-25195 | A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overal... | S | |
| CVE-2022-25196 | Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the... | S | |
| CVE-2022-25197 | Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows ag... | S | |
| CVE-2022-25198 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier al... | S | |
| CVE-2022-25199 | A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Ove... | S | |
| CVE-2022-25200 | A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier a... | S | |
| CVE-2022-25201 | Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Over... | S | |
| CVE-2022-25202 | Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion... | S | |
| CVE-2022-25203 | Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-... | | |
| CVE-2022-25204 | Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to rend... | S | |
| CVE-2022-25205 | A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allow... | S | |
| CVE-2022-25206 | A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read perm... | S | |
| CVE-2022-25207 | A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier al... | | |
| CVE-2022-25208 | A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Ove... | | |
| CVE-2022-25209 | Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML extern... | | |
| CVE-2022-25210 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configurat... | S | |
| CVE-2022-25211 | A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/R... | | |
| CVE-2022-25212 | A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows a... | | |
| CVE-2022-25213 | Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacke... | E | |
| CVE-2022-25214 | Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attack... | E | |
| CVE-2022-25215 | Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacke... | E | |
| CVE-2022-25216 | An absolute path traversal vulnerability allows a remote attacker to download any file on the Window... | E | |
| CVE-2022-25217 | Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the ... | E | |
| CVE-2022-25218 | The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows a... | E | |
| CVE-2022-25219 | A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses t... | E | |
| CVE-2022-25220 | PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code insid... | E | |
| CVE-2022-25221 | Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL... | E | |
| CVE-2022-25222 | Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in... | E | |
| CVE-2022-25223 | Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in '... | E | |
| CVE-2022-25224 | Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim ... | E | |
| CVE-2022-25225 | Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/even... | E | |
| CVE-2022-25226 | ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http:... | E | |
| CVE-2022-25227 | Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allo... | E | |
| CVE-2022-25228 | CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=set... | E | |
| CVE-2022-25229 | Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The... | E | |
| CVE-2022-25230 | Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) ... | | |
| CVE-2022-25231 | Denial of Service (DoS) | S | |
| CVE-2022-25234 | Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4... | | |
| CVE-2022-25235 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che... | S | |
| CVE-2022-25236 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator chara... | S | |
| CVE-2022-25237 | Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overl... | E | |
| CVE-2022-25238 | Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be... | | |
| CVE-2022-25241 | In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forg... | E | |
| CVE-2022-25242 | In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).... | | |
| CVE-2022-25243 | "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under cert... | M | |
| CVE-2022-25244 | Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key t... | M | |
| CVE-2022-25245 | Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default cur... | S | |
| CVE-2022-25246 | PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials | S | |
| CVE-2022-25247 | PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function | S | |
| CVE-2022-25248 | PTC Axeda agent and Axeda Desktop Server Information Exposure | S | |
| CVE-2022-25249 | PTC Axeda agent and Axeda Desktop Server Path Traversal | S | |
| CVE-2022-25250 | PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function | S | |
| CVE-2022-25251 | PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function | S | |
| CVE-2022-25252 | PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions | S | |
| CVE-2022-25255 | In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could exec... | S | |
| CVE-2022-25256 | SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: sasp... | | |
| CVE-2022-25258 | An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The US... | S | |
| CVE-2022-25259 | JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.... | | |
| CVE-2022-25260 | JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).... | | |
| CVE-2022-25261 | JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.... | | |
| CVE-2022-25262 | In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.... | | |
| CVE-2022-25263 | JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature ... | | |
| CVE-2022-25264 | In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged ... | | |
| CVE-2022-25265 | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they we... | E S | |
| CVE-2022-25266 | Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (t... | | |
| CVE-2022-25267 | Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to ... | | |
| CVE-2022-25268 | Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsyste... | | |
| CVE-2022-25269 | Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.... | | |
| CVE-2022-25270 | The Quick Edit module does not properly check entity access in some circumstances. This could result... | S | |
| CVE-2022-25271 | Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be... | S | |
| CVE-2022-25273 | Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be... | | |
| CVE-2022-25274 | Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not c... | | |
| CVE-2022-25275 | In some situations, the Image module does not correctly check access to image files not stored in th... | | |
| CVE-2022-25276 | The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows emb... | | |
| CVE-2022-25277 | Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) ... | | |
| CVE-2022-25278 | Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. Thi... | | |
| CVE-2022-25290 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged crede... | | |
| CVE-2022-25291 | An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker... | | |
| CVE-2022-25292 | A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticat... | | |
| CVE-2022-25293 | A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticat... | | |
| CVE-2022-25294 | Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function th... | | |
| CVE-2022-25295 | Open Redirect | E S | |
| CVE-2022-25296 | Prototype Pollution | E | |
| CVE-2022-25297 | Arbitrary File Write | E S | |
| CVE-2022-25298 | Path Traversal | E S | |
| CVE-2022-25299 | Arbitrary File Write | E S | |
| CVE-2022-25301 | Prototype Pollution | E | |
| CVE-2022-25302 | Denial of Service (DoS) | | |
| CVE-2022-25303 | Cross-site Scripting (XSS) | S | |
| CVE-2022-25304 | Denial of Service (DoS) | | |
| CVE-2022-25305 | WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via IP | E S | |
| CVE-2022-25306 | WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser | E S | |
| CVE-2022-25307 | WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via platform | E S | |
| CVE-2022-25308 | A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to... | E S | |
| CVE-2022-25309 | A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_t... | E S | |
| CVE-2022-25310 | A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bid... | E S | |
| CVE-2022-25311 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All ver... | M | |
| CVE-2022-25312 | An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor | S | |
| CVE-2022-25313 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a ... | S | |
| CVE-2022-25314 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.... | S | |
| CVE-2022-25315 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.... | E S | |
| CVE-2022-25317 | An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descripti... | S | |
| CVE-2022-25318 | An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivil... | S | |
| CVE-2022-25319 | An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.... | E S | |
| CVE-2022-25320 | An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.... | S | |
| CVE-2022-25321 | An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.... | E S | |
| CVE-2022-25322 | ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.... | E | |
| CVE-2022-25323 | ZEROF Web Server 2.0 allows /admin.back XSS.... | E | |
| CVE-2022-25324 | Denial of Service (DoS) | E | |
| CVE-2022-25325 | Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) ... | | |
| CVE-2022-25326 | Denial of Service in fscrypt | S | |
| CVE-2022-25327 | Local Denial of Service in fscrypt PAM module | S | |
| CVE-2022-25328 | Privilege escalation through command injection in fscrypt | S | |
| CVE-2022-25329 | Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authenticat... | S | |
| CVE-2022-25330 | Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could... | E S | |
| CVE-2022-25331 | Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server... | E S | |
| CVE-2022-25332 | SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138 | | |
| CVE-2022-25333 | Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138 | | |
| CVE-2022-25334 | Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138 | | |
| CVE-2022-25335 | RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This ena... | E | |
| CVE-2022-25336 | Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Dir... | M | |
| CVE-2022-25337 | Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection at... | M | |
| CVE-2022-25338 | ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attacker... | | |
| CVE-2022-25339 | ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.... | | |
| CVE-2022-25342 | An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is ... | E | |
| CVE-2022-25343 | An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is ... | E | |
| CVE-2022-25344 | An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application... | E | |
| CVE-2022-25345 | Denial of Service (DoS) | E | |
| CVE-2022-25347 | Delta Electronics DIAEnergie Path Traversal | S | |
| CVE-2022-25348 | Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gai... | | |
| CVE-2022-25349 | Cross-site Scripting (XSS) | E | |
| CVE-2022-25350 | All versions of the package puppet-facter are vulnerable to Command Injection via the getFact funct... | E | |
| CVE-2022-25352 | Prototype Pollution | E S | |
| CVE-2022-25354 | Prototype Pollution | E S | |
| CVE-2022-25355 | EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, whi... | M | |
| CVE-2022-25356 | Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.... | E S | |
| CVE-2022-25357 | Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a confer... | | |
| CVE-2022-25358 | A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4... | S | |
| CVE-2022-25359 | On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers... | E | |
| CVE-2022-25360 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged crede... | | |
| CVE-2022-25361 | WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary f... | | |
| CVE-2022-25363 | WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged crede... | | |
| CVE-2022-25364 | In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymo... | | |
| CVE-2022-25365 | Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue ex... | S | |
| CVE-2022-25366 | Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Harden... | | |
| CVE-2022-25368 | Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (store... | S | |
| CVE-2022-25370 | Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz | | |
| CVE-2022-25371 | Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz | S | |
| CVE-2022-25372 | Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL e... | E S | |
| CVE-2022-25373 | Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.... | E | |
| CVE-2022-25374 | HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log... | | |
| CVE-2022-25375 | An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. T... | S | |
| CVE-2022-25377 | The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers t... | E S | |
| CVE-2022-25389 | DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the pat... | | |
| CVE-2022-25390 | DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via t... | | |
| CVE-2022-25393 | Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the u... | E | |
| CVE-2022-25394 | Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2022-25395 | Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-si... | E | |
| CVE-2022-25396 | Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerabili... | E | |
| CVE-2022-25398 | Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the use... | E | |
| CVE-2022-25399 | Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2022-25401 | The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current ... | E | |
| CVE-2022-25402 | An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify al... | E | |
| CVE-2022-25403 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php.... | E | |
| CVE-2022-25404 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELE... | | |
| CVE-2022-25405 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the ... | | |
| CVE-2022-25406 | Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via th... | | |
| CVE-2022-25407 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner... | E | |
| CVE-2022-25408 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner... | E | |
| CVE-2022-25409 | Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulner... | E | |
| CVE-2022-25410 | Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the... | E S | |
| CVE-2022-25411 | A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers t... | E | |
| CVE-2022-25412 | Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admi... | E S | |
| CVE-2022-25413 | Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the... | E S | |
| CVE-2022-25414 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.... | E | |
| CVE-2022-25417 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontr... | E | |
| CVE-2022-25418 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.... | E | |
| CVE-2022-25420 | NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vul... | E | |
| CVE-2022-25427 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in t... | E | |
| CVE-2022-25428 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the s... | E | |
| CVE-2022-25429 | Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the save... | E | |
| CVE-2022-25431 | Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and ... | E | |
| CVE-2022-25433 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the savep... | E | |
| CVE-2022-25434 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the... | E | |
| CVE-2022-25435 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetSt... | E | |
| CVE-2022-25437 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVi... | E | |
| CVE-2022-25438 | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via t... | E | |
| CVE-2022-25439 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIp... | E | |
| CVE-2022-25440 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the ... | E | |
| CVE-2022-25441 | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via t... | E | |
| CVE-2022-25445 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in th... | E | |
| CVE-2022-25446 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime param... | E | |
| CVE-2022-25447 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime paramet... | E | |
| CVE-2022-25448 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the... | E | |
| CVE-2022-25449 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter i... | E | |
| CVE-2022-25450 | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in th... | E | |
| CVE-2022-25451 | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in th... | E | |
| CVE-2022-25452 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in th... | E | |
| CVE-2022-25453 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in th... | E | |
| CVE-2022-25454 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter i... | E | |
| CVE-2022-25455 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in th... | E | |
| CVE-2022-25456 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g paramete... | E | |
| CVE-2022-25457 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter ... | E | |
| CVE-2022-25458 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter i... | E | |
| CVE-2022-25459 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the ... | E | |
| CVE-2022-25460 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in t... | E | |
| CVE-2022-25461 | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in... | E | |
| CVE-2022-25462 | Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnera... | E | |
| CVE-2022-25464 | A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.... | E | |
| CVE-2022-25465 | Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNex... | E | |
| CVE-2022-25471 | An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated a... | | |
| CVE-2022-25477 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and... | | |
| CVE-2022-25478 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and... | | |
| CVE-2022-25479 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and... | | |
| CVE-2022-25480 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and... | | |
| CVE-2022-25481 | ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allo... | E | |
| CVE-2022-25484 | tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v... | E | |
| CVE-2022-25485 | CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/aler... | E | |
| CVE-2022-25486 | CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/aler... | E | |
| CVE-2022-25487 | Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploa... | E | |
| CVE-2022-25488 | Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin... | E | |
| CVE-2022-25489 | Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the... | E | |
| CVE-2022-25490 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in departm... | E | |
| CVE-2022-25491 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appoint... | E | |
| CVE-2022-25492 | HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in aja... | E | |
| CVE-2022-25493 | HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmen... | E | |
| CVE-2022-25494 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.p... | E | |
| CVE-2022-25495 | The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload a... | E | |
| CVE-2022-25497 | CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.... | E | |
| CVE-2022-25498 | CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConf... | E | |
| CVE-2022-25505 | Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \inclu... | E | |
| CVE-2022-25506 | FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint... | E | |
| CVE-2022-25507 | FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability ... | E | |
| CVE-2022-25508 | An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unaut... | E | |
| CVE-2022-25510 | FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted c... | E | |
| CVE-2022-25511 | An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows... | E | |
| CVE-2022-25512 | FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.... | E | |
| CVE-2022-25514 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at... | E | |
| CVE-2022-25515 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at ... | E | |
| CVE-2022-25516 | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_t... | E | |
| CVE-2022-25517 | MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter... | E | |
| CVE-2022-25518 | In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which all... | | |
| CVE-2022-25521 | NUUO v03.11.00 was discovered to contain access control issue.... | | |
| CVE-2022-25523 | TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited ... | E | |
| CVE-2022-25546 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS.... | E | |
| CVE-2022-25547 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Thi... | E | |
| CVE-2022-25548 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Thi... | E | |
| CVE-2022-25549 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS.... | E | |
| CVE-2022-25550 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlIn... | E | |
| CVE-2022-25551 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS.... | E | |
| CVE-2022-25552 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_w... | E | |
| CVE-2022-25553 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS.... | E | |
| CVE-2022-25554 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlIn... | E | |
| CVE-2022-25555 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Thi... | E | |
| CVE-2022-25556 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This ... | E | |
| CVE-2022-25557 | Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInf... | E | |
| CVE-2022-25558 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. Th... | E | |
| CVE-2022-25560 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This ... | E | |
| CVE-2022-25561 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This ... | E | |
| CVE-2022-25566 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlIn... | E | |
| CVE-2022-25568 | MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /c... | E | |
| CVE-2022-25569 | Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, ... | E | |
| CVE-2022-25570 | In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain acces... | E | |
| CVE-2022-25571 | Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to co... | | |
| CVE-2022-25574 | A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows a... | | |
| CVE-2022-25575 | Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attacke... | E | |
| CVE-2022-25576 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component a... | E | |
| CVE-2022-25577 | ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database... | E | |
| CVE-2022-25578 | taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.... | E | |
| CVE-2022-25581 | Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This... | E | |
| CVE-2022-25582 | A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below al... | E | |
| CVE-2022-25584 | Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to acc... | E | |
| CVE-2022-25585 | Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the... | E | |
| CVE-2022-25590 | SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers t... | E | |
| CVE-2022-25591 | BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which all... | E | |
| CVE-2022-25594 | Microprogram parking lot management system - Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2022-25595 | ASUS RT-AC86U - Improper Input Validation | S | |
| CVE-2022-25596 | ASUS RT-AC86U - Heap-based buffer overflow | S | |
| CVE-2022-25597 | ASUS RT-AC86U - Command Injection | S | |
| CVE-2022-25598 | Apache DolphinScheduler user registration is vulnerable to ReDoS attacks | | |
| CVE-2022-25599 | WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-25600 | WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-25601 | WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25602 | WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability | S | |
| CVE-2022-25603 | WordPress MaxGalleria plugin <= 6.2.5 - Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25604 | WordPress Price Table plugin <= 0.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25605 | WordPress WP-DownloadManager plugin <= 1.68.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-25606 | WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-25607 | WordPress FV Flowplayer Video Player plugin <= 7.5.15.727 - SQL Injection (SQLi) vulnerability | S | |
| CVE-2022-25608 | WordPress Yoo Slider – Image Slider & Video Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete | S | |
| CVE-2022-25609 | WordPress Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25610 | WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25611 | WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25612 | WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-25613 | WordPress FV Flowplayer Video Player plugin <= 7.5.18.727 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25614 | WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability | S | |
| CVE-2022-25615 | WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion | S | |
| CVE-2022-25617 | WordPress Code Snippets plugin <= 2.14.3 - Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25618 | WordPress wpDataTables plugin <= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-25619 | Authenticated Command Injection to RCE | S | |
| CVE-2022-25620 | Stored Cross-Site Scripting (XSS) | S | |
| CVE-2022-25621 | UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2... | | |
| CVE-2022-25622 | The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal... | | |
| CVE-2022-25623 | The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privileg... | | |
| CVE-2022-25625 | A malicious unauthorized PAM user can access the administration configuration data and change the va... | | |
| CVE-2022-25626 | An unauthenticated user can access Identity Manager’s management console specific page URLs. However... | | |
| CVE-2022-25627 | An authenticated administrator who has physical access to the environment can carry out Remote Comma... | | |
| CVE-2022-25628 | An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Id... | | |
| CVE-2022-25629 | An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a ... | | |
| CVE-2022-25630 | An authenticated user can embed malicious content with XSS into the admin group policy page.... | | |
| CVE-2022-25631 | Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation ... | | |
| CVE-2022-25634 | Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working dir... | S | |
| CVE-2022-25635 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow | S | |
| CVE-2022-25636 | net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain priv... | E S | |
| CVE-2022-25638 | In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a... | S | |
| CVE-2022-25640 | In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentic... | S | |
| CVE-2022-25641 | Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle... | | |
| CVE-2022-25642 | Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote ... | | |
| CVE-2022-25643 | seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when instal... | | |
| CVE-2022-25644 | Arbitrary Code Execution | E | |
| CVE-2022-25645 | Prototype Pollution | E | |
| CVE-2022-25646 | Cross-site Scripting (XSS) | E | |
| CVE-2022-25647 | Deserialization of Untrusted Data | S | |
| CVE-2022-25648 | Command Injection | E S | |
| CVE-2022-25649 | WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilities | S | |
| CVE-2022-25650 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27),... | S | |
| CVE-2022-25651 | Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in ... | | |
| CVE-2022-25652 | Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and... | | |
| CVE-2022-25653 | Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Comp... | | |
| CVE-2022-25654 | Memory corruption in kernel due to improper input validation while processing ION commands in Snapdr... | S | |
| CVE-2022-25655 | Buffer copy without checking the size of input in WLAN HAL. | | |
| CVE-2022-25656 | Possible integer overflow and memory corruption due to improper validation of buffer size sent to wr... | S | |
| CVE-2022-25657 | Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid ... | | |
| CVE-2022-25658 | Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in vi... | | |
| CVE-2022-25659 | Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdra... | | |
| CVE-2022-25660 | Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdra... | | |
| CVE-2022-25661 | Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Comp... | | |
| CVE-2022-25662 | Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon... | | |
| CVE-2022-25663 | Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead... | | |
| CVE-2022-25664 | Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, S... | | |
| CVE-2022-25665 | Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Sna... | | |
| CVE-2022-25666 | Memory corruption due to use after free in service while trying to access maps by different threads ... | S | |
| CVE-2022-25667 | Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infra... | | |
| CVE-2022-25668 | Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snap... | | |
| CVE-2022-25669 | Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdr... | | |
| CVE-2022-25670 | Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Sn... | S | |
| CVE-2022-25671 | Denial of service in MODEM due to reachable assertion in Snapdragon Mobile... | | |
| CVE-2022-25672 | Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth i... | | |
| CVE-2022-25673 | Denial of service in MODEM due to reachable assertion while processing configuration from network in... | | |
| CVE-2022-25674 | Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon C... | | |
| CVE-2022-25675 | Denial of service due to reachable assertion in modem while processing filter rule from application ... | | |
| CVE-2022-25676 | Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, ... | | |
| CVE-2022-25677 | Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snap... | S | |
| CVE-2022-25678 | Buffer Copy Without Checking Size of Input in MODEM | | |
| CVE-2022-25679 | Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compu... | | |
| CVE-2022-25680 | Memory corruption in multimedia due to buffer overflow while processing count variable from client i... | | |
| CVE-2022-25681 | Possible memory corruption in kernel while performing memory access due to hypervisor not correctly ... | | |
| CVE-2022-25682 | Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command fr... | | |
| CVE-2022-25685 | Denial of service in Modem module due to improper authorization while error handling in Snapdragon A... | | |
| CVE-2022-25686 | Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Aut... | | |
| CVE-2022-25687 | memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdr... | | |
| CVE-2022-25688 | Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, S... | | |
| CVE-2022-25689 | Denial of service in Modem due to reachable assertion in Snapdragon Mobile... | | |
| CVE-2022-25690 | Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP ... | | |
| CVE-2022-25691 | Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and ban... | | |
| CVE-2022-25692 | Denial of service in Modem due to reachable assertion while processing the common config procedure i... | | |
| CVE-2022-25693 | Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectiv... | S | |
| CVE-2022-25694 | Use of Out-of-range Pointer Offset in MODEM | | |
| CVE-2022-25695 | Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive... | | |
| CVE-2022-25696 | Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in ... | | |
| CVE-2022-25697 | Memory corruption in i2c buses due to improper input validation while reading address configuration ... | | |
| CVE-2022-25698 | Memory corruption in SPI buses due to improper input validation while reading address configuration ... | | |
| CVE-2022-25702 | Denial of service in modem due to reachable assertion while processing reconfiguration message in Sn... | | |
| CVE-2022-25705 | Integer Overflow to Buffer Overflow in Modem | | |
| CVE-2022-25706 | Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Sna... | S | |
| CVE-2022-25708 | Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Sn... | | |
| CVE-2022-25709 | Use of Out-of-range Pointer Offset in Data Modem | | |
| CVE-2022-25710 | Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snap... | | |
| CVE-2022-25711 | Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon... | S | |
| CVE-2022-25712 | Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Sn... | S | |
| CVE-2022-25713 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Automotive | | |
| CVE-2022-25715 | Incorrect type casting in Display driver | S | |
| CVE-2022-25716 | Time-of-check Time-of-use Race Condition in Multimedia Framework | S | |
| CVE-2022-25717 | Use-After-Free Issue in Display | S | |
| CVE-2022-25718 | Cryptographic issue in WLAN due to improper check on return value while authentication handshake in ... | | |
| CVE-2022-25719 | Information disclosure in WLAN due to improper length check while processing authentication handshak... | | |
| CVE-2022-25720 | Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto... | S | |
| CVE-2022-25721 | Incorrect Type Conversion in Video driver | S | |
| CVE-2022-25722 | Information Exposure in DSP Services | S | |
| CVE-2022-25723 | Memory corruption in multimedia due to use after free during callback registration failure in Snapdr... | S | |
| CVE-2022-25724 | Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon... | S | |
| CVE-2022-25725 | Use-after-Free in MODEM | | |
| CVE-2022-25726 | Buffer Over-read in MODEM | | |
| CVE-2022-25727 | Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Cons... | | |
| CVE-2022-25728 | Buffer Over-read in MODEM | | |
| CVE-2022-25729 | Improper Input Validation in MODEM | | |
| CVE-2022-25730 | Buffer Over-read in MODEM | | |
| CVE-2022-25731 | Incorrect Calculation of Buffer Size in MODEM | | |
| CVE-2022-25732 | Buffer Over-read in MODEM | | |
| CVE-2022-25733 | Null Pointer Dereference in MODEM | | |
| CVE-2022-25734 | Loop with Unreachable Exit Condition in MODEM | | |
| CVE-2022-25735 | Null Pointer Dereference in MODEM | | |
| CVE-2022-25736 | Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snap... | | |
| CVE-2022-25737 | Use of Uninitialized Variable in MODEM | | |
| CVE-2022-25738 | Buffer Over-read in MODEM | | |
| CVE-2022-25739 | Null Point Dereference in MODEM | | |
| CVE-2022-25740 | Buffer Copy Without Checking Size of Input in MODEM | | |
| CVE-2022-25741 | Denial of service in WLAN due to potential null pointer dereference while accessing the memory locat... | S | |
| CVE-2022-25742 | Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdrago... | | |
| CVE-2022-25743 | Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Au... | S | |
| CVE-2022-25745 | Always Incorrect Control Flow Implementation in MODEM | | |
| CVE-2022-25746 | Buffer Copy Without Checking Size of Input in Kernel | | |
| CVE-2022-25747 | Buffer Over-read in MODEM | | |
| CVE-2022-25748 | Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Sn... | | |
| CVE-2022-25749 | Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon... | | |
| CVE-2022-25750 | Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset... | S | |
| CVE-2022-25751 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-25752 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-25753 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-25754 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-25755 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-25756 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-25757 | Apache APISIX: the body_schema check in request-validation plugin can be bypassed | M | |
| CVE-2022-25758 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2022-25759 | Remote Code Injection | E S | |
| CVE-2022-25760 | Arbitrary Code Injection | E | |
| CVE-2022-25761 | Denial of Service (DoS) | S | |
| CVE-2022-25762 | Response mix-up with WebSocket concurrent send and close | S | |
| CVE-2022-25763 | Improper input validation on HTTP/2 headers | | |
| CVE-2022-25765 | Command Injection | E | |
| CVE-2022-25766 | Remote Code Execution (RCE) | E S | |
| CVE-2022-25767 | Remote Code Execution | E | |
| CVE-2022-25768 | Improper Access Control in UI upgrade process | S | |
| CVE-2022-25769 | Improper regex in htaccess file | S | |
| CVE-2022-25770 | Insufficient authentication in upgrade flow | S | |
| CVE-2022-25772 | A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allo... | | |
| CVE-2022-25773 | Relative Path Traversal in assets file upload | | |
| CVE-2022-25774 | XSS in Notifications via saving Dashboards | S | |
| CVE-2022-25775 | SQL Injection in dynamic Reports | S | |
| CVE-2022-25776 | Sensitive Data Exposure due to inadequate user permission settings | S | |
| CVE-2022-25777 | Server-Side Request Forgery in Asset section | S | |
| CVE-2022-25778 | Unload handlers may unintentionally defeat CSRF guards | | |
| CVE-2022-25779 | Insufficient scope checks allows adding unrelated audit log entries | | |
| CVE-2022-25780 | Information leak via device availability query function | | |
| CVE-2022-25781 | Reflected XSS issues in GateManager | | |
| CVE-2022-25782 | Insufficient privilege checks on object access and updates. | | |
| CVE-2022-25783 | Hacking attempts from logged-in users are not properly logged by GM | | |
| CVE-2022-25784 | User controllable HTML element attribute (potential XSS) | | |
| CVE-2022-25785 | Buffer overrun | | |
| CVE-2022-25786 | GateManager debug interface is included in production builds | | |
| CVE-2022-25787 | GTA URLs issued by LMM WEB API may leak information | | |
| CVE-2022-25788 | A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buf... | | |
| CVE-2022-25789 | A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used... | | |
| CVE-2022-25790 | A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 20... | | |
| CVE-2022-25791 | A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 ... | | |
| CVE-2022-25792 | A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 20... | | |
| CVE-2022-25793 | A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to cod... | | |
| CVE-2022-25794 | An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code ... | | |
| CVE-2022-25795 | A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code executi... | | |
| CVE-2022-25796 | A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in ... | | |
| CVE-2022-25797 | A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference... | | |
| CVE-2022-25799 | An open redirect vulnerability exists in CERT/CC VINCE software prior to version 1.50.0 | E | |
| CVE-2022-25800 | Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the... | S | |
| CVE-2022-25801 | Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scr... | S | |
| CVE-2022-25802 | Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted conte... | S | |
| CVE-2022-25803 | Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.... | S | |
| CVE-2022-25804 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions ... | E | |
| CVE-2022-25805 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of c... | E | |
| CVE-2022-25806 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key i... | E | |
| CVE-2022-25807 | An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key i... | E | |
| CVE-2022-25809 | Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows a... | E | |
| CVE-2022-25810 | Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls | E | |
| CVE-2022-25811 | Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection | E | |
| CVE-2022-25812 | Transposh WordPress Translation < 1.0.8 - Admin+ RCE | E | |
| CVE-2022-25813 | Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz | S | |
| CVE-2022-25814 | PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 ... | | |
| CVE-2022-25815 | PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows ... | | |
| CVE-2022-25816 | Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows... | | |
| CVE-2022-25817 | Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate p... | | |
| CVE-2022-25818 | Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution... | | |
| CVE-2022-25819 | OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to vie... | | |
| CVE-2022-25820 | A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physica... | | |
| CVE-2022-25821 | Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB re... | | |
| CVE-2022-25822 | An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.... | | |
| CVE-2022-25823 | Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows a... | | |
| CVE-2022-25824 | Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows... | | |
| CVE-2022-25825 | Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers ... | | |
| CVE-2022-25826 | Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attac... | | |
| CVE-2022-25827 | Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows at... | | |
| CVE-2022-25828 | Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows at... | | |
| CVE-2022-25829 | Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows a... | | |
| CVE-2022-25830 | Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows a... | | |
| CVE-2022-25831 | Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical at... | | |
| CVE-2022-25832 | Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical at... | | |
| CVE-2022-25833 | Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI w... | | |
| CVE-2022-25834 | In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the loca... | | |
| CVE-2022-25836 | Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauth... | | |
| CVE-2022-25837 | Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated ... | | |
| CVE-2022-25838 | Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question th... | | |
| CVE-2022-25839 | Improper Input Validation | E S | |
| CVE-2022-25841 | Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all ve... | | |
| CVE-2022-25842 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2022-25844 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2022-25845 | Deserialization of Untrusted Data | E S | |
| CVE-2022-25847 | All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it ... | E | |
| CVE-2022-25848 | Directory Traversal | E | |
| CVE-2022-25849 | Cross-site Scripting (XSS) | E | |
| CVE-2022-25850 | Server-side Request Forgery (SSRF) | E S | |
| CVE-2022-25851 | Denial of Service (DoS) | E S | |
| CVE-2022-25852 | Denial of Service (DoS) | E | |
| CVE-2022-25853 | All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote... | E | |
| CVE-2022-25854 | Cross-site Scripting (XSS) | E S | |
| CVE-2022-25855 | All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall ... | E | |
| CVE-2022-25856 | Directory Traversal | E S | |
| CVE-2022-25857 | Denial of Service (DoS) | E S | |
| CVE-2022-25858 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2022-25860 | Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via t... | E S | |
| CVE-2022-25862 | Prototype Pollution | E | |
| CVE-2022-25863 | Deserialization of Untrusted Data | E S | |
| CVE-2022-25864 | Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authent... | | |
| CVE-2022-25865 | Command Injection | E S | |
| CVE-2022-25866 | Command Injection | E S | |
| CVE-2022-25867 | NULL Pointer Dereference | E S | |
| CVE-2022-25868 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-25869 | Cross-site Scripting (XSS) | E | |
| CVE-2022-25870 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-25871 | Prototype Pollution | E | |
| CVE-2022-25872 | Out-of-bounds Read | E | |
| CVE-2022-25873 | Cross-site Scripting (XSS) | E S | |
| CVE-2022-25875 | Cross-site Scripting (XSS) | E S | |
| CVE-2022-25876 | Server-side Request Forgery (SSRF) | E S | |
| CVE-2022-25878 | Prototype Pollution | E S | |
| CVE-2022-25880 | Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx | S | |
| CVE-2022-25881 | This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited v... | E | |
| CVE-2022-25882 | Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_dat... | E S | |
| CVE-2022-25883 | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (... | E S | |
| CVE-2022-25885 | Denial of Service (DoS) | E S | |
| CVE-2022-25887 | Regular Expression Denial of Service (ReDoS) | S | |
| CVE-2022-25888 | Denial of Service (DoS) | S | |
| CVE-2022-25889 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-25890 | All versions of the package wifey are vulnerable to Command Injection via the connect() function due... | E | |
| CVE-2022-25891 | Denial of Service (DoS) | E S | |
| CVE-2022-25892 | Denial of Service (DoS) | S | |
| CVE-2022-25893 | Arbitrary Code Execution | E S | |
| CVE-2022-25894 | All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) i... | E | |
| CVE-2022-25895 | Directory Traversal | E | |
| CVE-2022-25896 | Session Fixation | S | |
| CVE-2022-25897 | Denial of Service (DoS) | S | |
| CVE-2022-25898 | Improper Verification of Cryptographic Signature | E S | |
| CVE-2022-25899 | Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions... | S | |
| CVE-2022-25900 | Command Injection | E S | |
| CVE-2022-25901 | Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Servic... | E S | |
| CVE-2022-25903 | Denial of Service (DoS) | S | |
| CVE-2022-25904 | Prototype Pollution | E | |
| CVE-2022-25905 | Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before versi... | | |
| CVE-2022-25906 | All versions of the package is-http2 are vulnerable to Command Injection due to missing input saniti... | E | |
| CVE-2022-25907 | Prototype Pollution | E S | |
| CVE-2022-25908 | All versions of the package create-choo-electron are vulnerable to Command Injection via the devInst... | E | |
| CVE-2022-25909 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-25912 | Remote Code Execution (RCE) | E S | |
| CVE-2022-25914 | Remote Code Execution (RCE) | S | |
| CVE-2022-25915 | Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, ... | S | |
| CVE-2022-25916 | Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improp... | S | |
| CVE-2022-25917 | Uncaught exception in the firmware for some Intel(R) Server Board M50CYP Family before version R01.0... | S | |
| CVE-2022-25918 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2022-25920 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-25921 | Arbitrary Code Execution | E | |
| CVE-2022-25922 | ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497 | M | |
| CVE-2022-25923 | Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theP... | E S | |
| CVE-2022-25926 | Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the send... | S | |
| CVE-2022-25927 | Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are... | E S | |
| CVE-2022-25929 | Cross-site Scripting (XSS) | E S | |
| CVE-2022-25931 | Directory Traversal | E | |
| CVE-2022-25932 | The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2... | | |
| CVE-2022-25936 | Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sa... | E S | |
| CVE-2022-25937 | Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users ... | E S | |
| CVE-2022-25940 | Denial of Service (DoS) | E | |
| CVE-2022-25942 | An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4.... | E | |
| CVE-2022-25943 | The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly ... | E | |
| CVE-2022-25946 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM... | | |
| CVE-2022-25948 | Information Exposure | E S | |
| CVE-2022-25949 | The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to ... | | |
| CVE-2022-25952 | WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-25957 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-25959 | Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer | S | |
| CVE-2022-25962 | All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function d... | | |
| CVE-2022-25966 | Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 m... | | |
| CVE-2022-25967 | Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwritin... | S | |
| CVE-2022-25968 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-25969 | The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), al... | | |
| CVE-2022-25972 | An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4... | E | |
| CVE-2022-25973 | Arbitrary Command Execution | E | |
| CVE-2022-25976 | Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authe... | | |
| CVE-2022-25978 | All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting ... | E S | |
| CVE-2022-25979 | Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to imp... | E S | |
| CVE-2022-25980 | Delta Electronics DIAEnergie SQL Injection in HandlerCommon.ashx | S | |
| CVE-2022-25986 | Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remo... | | |
| CVE-2022-25987 | Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Cla... | | |
| CVE-2022-25989 | An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker... | E | |
| CVE-2022-25990 | On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports ... | | |
| CVE-2022-25992 | Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may a... | | |
| CVE-2022-25995 | A command execution vulnerability exists in the console inhand functionality of InHand Networks InRo... | E | |
| CVE-2022-25996 | A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL ... | E | |
| CVE-2022-25997 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-25999 | Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software... | M |