Export limit exceeded: 349390 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80138 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25867 | 1 Socket | 1 Socket.io-client Java | 2024-11-21 | 7.5 High |
| The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format. | ||||
| CVE-2022-25866 | 1 Git-php Project | 1 Git-php | 2024-11-21 | 8.1 High |
| The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | ||||
| CVE-2022-25865 | 1 Microsoft | 1 Workspace-tools | 2024-11-21 | 8.1 High |
| The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | ||||
| CVE-2022-25863 | 1 Gatsbyjs | 1 Gatsby | 2024-11-21 | 8.1 High |
| The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. | ||||
| CVE-2022-25857 | 3 Debian, Redhat, Snakeyaml Project | 18 Debian Linux, Amq Broker, Amq Clients and 15 more | 2024-11-21 | 7.5 High |
| The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | ||||
| CVE-2022-25856 | 1 Argo Events Project | 1 Argo Events | 2024-11-21 | 7.5 High |
| The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | ||||
| CVE-2022-25852 | 2 Libpq Project, Pg-native Project | 2 Libpq, Pg-native | 2024-11-21 | 7.5 High |
| All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq. | ||||
| CVE-2022-25851 | 1 Jpeg-js Project | 1 Jpeg-js | 2024-11-21 | 7.5 High |
| The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. | ||||
| CVE-2022-25850 | 1 Proxyscotch Project | 1 Proxyscotch | 2024-11-21 | 7.5 High |
| The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. | ||||
| CVE-2022-25845 | 3 Alibaba, Oracle, Redhat | 3 Fastjson, Communications Cloud Native Core Unified Data Repository, Jboss Fuse | 2024-11-21 | 8.1 High |
| The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). | ||||
| CVE-2022-25838 | 1 Laravel | 1 Fortify | 2024-11-21 | 8.1 High |
| Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. | ||||
| CVE-2022-25813 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 High |
| In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. | ||||
| CVE-2022-25812 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | 7.2 High |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE | ||||
| CVE-2022-25811 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | 7.2 High |
| The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection | ||||
| CVE-2022-25806 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 8.8 High |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. | ||||
| CVE-2022-25797 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.8 High |
| A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. | ||||
| CVE-2022-25796 | 1 Autodesk | 1 Navisworks | 2024-11-21 | 7.8 High |
| A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
| CVE-2022-25795 | 1 Autodesk | 1 Autocad | 2024-11-21 | 7.8 High |
| A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. | ||||
| CVE-2022-25794 | 1 Autodesk | 1 Fbx Review | 2024-11-21 | 7.8 High |
| An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-25793 | 1 Autodesk | 1 3ds Max | 2024-11-21 | 7.8 High |
| A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max. | ||||