‼ CVE-2022-27140 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28397 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28772 ‼
📖 Read
via "National Vulnerability Database".
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27952 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21168 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28036 ‼
📖 Read
via "National Vulnerability Database".
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27163 ‼
📖 Read
via "National Vulnerability Database".
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27654 ‼
📖 Read
via "National Vulnerability Database".
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27262 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28035 ‼
📖 Read
via "National Vulnerability Database".
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28795 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28773 ‼
📖 Read
via "National Vulnerability Database".
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27260 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27139 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28215 ‼
📖 Read
via "National Vulnerability Database".
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27669 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27263 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28216 ‼
📖 Read
via "National Vulnerability Database".
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27670 ‼
📖 Read
via "National Vulnerability Database".
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28396 ‼
📖 Read
via "National Vulnerability Database".
Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28770 ‼
📖 Read
via "National Vulnerability Database".
Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.📖 Read
via "National Vulnerability Database".