Total
3677 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40486 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. | |||||
| CVE-2022-40127 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. | |||||
| CVE-2022-3960 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 6.3 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. | |||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3418 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A | 7.2 HIGH |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | |||||
| CVE-2022-3394 | 1 Soflyy | 1 Wp All Export | 2024-11-21 | N/A | 7.2 HIGH |
| The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. | |||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2024-11-21 | N/A | 9.8 CRITICAL |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
| CVE-2022-39424 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | N/A | 8.1 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2022-39365 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A | 9.8 CRITICAL |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually. | |||||
| CVE-2022-39326 | 1 Kartverket | 1 Github-workflows | 2024-11-21 | N/A | 8.8 HIGH |
| kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the context of the workflow. Users should upgrade to at least version 2.7.5 to resolve the issue. As a workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build. | |||||
| CVE-2022-38745 | 1 Apache | 1 Openoffice | 2024-11-21 | N/A | 7.8 HIGH |
| Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. | |||||
| CVE-2022-38193 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 6.1 MEDIUM |
| There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | |||||
| CVE-2022-38078 | 1 Sixapart | 1 Movable Type | 2024-11-21 | N/A | 9.8 CRITICAL |
| Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | |||||
| CVE-2022-37053 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-37009 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 3.9 LOW |
| In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible | |||||
| CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | |||||
| CVE-2022-36799 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | N/A | 7.2 HIGH |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1. | |||||
| CVE-2022-36756 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-36262 | 1 Taogogo | 1 Taocms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | |||||