CVE-2022-26628

Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.

Source: CVE-2022-26628

CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation’s default currency name.

Source: CVE-2022-25245

CVE-2022-28219

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

Source: CVE-2022-28219

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.

Source: CVE-2022-24978

CVE-2022-24811

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

Source: CVE-2022-24811

CVE-2022-25373

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.

Source: CVE-2022-25373

CVE-2022-24780

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

Source: CVE-2022-24780

CVE-2022-1244

heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

Source: CVE-2022-1244

CVE-2022-28651

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

Source: CVE-2022-28651

CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI

Source: CVE-2022-28650