CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

Source: CVE-2022-24303

CVE-2021-44212

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPTt substring.

Source: CVE-2021-44212

CVE-2021-44213

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.

Source: CVE-2021-44213

CVE-2021-44617

A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.

Source: CVE-2021-44617

CVE-2021-45490

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

Source: CVE-2021-45490

CVE-2021-45491

3CX System through 2022-03-17 stores cleartext passwords in a database.

Source: CVE-2021-45491

CVE-2022-26259

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.

Source: CVE-2022-26259

CVE-2022-26271

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at indexcontrollerDownload.php.

Source: CVE-2022-26271

CVE-2021-44210

OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.

Source: CVE-2021-44210

CVE-2021-44209

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.

Source: CVE-2021-44209