CVE-2022-0578
Code Injection in GitHub repository publify/publify prior to 9.2.8.
Source: CVE-2022-0578
CVE-2022-0578
Code Injection in GitHub repository publify/publify prior to 9.2.8.
Source: CVE-2022-0578
CVE-2022-0867
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
Source: CVE-2022-0867
CVE-2022-30013
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.
Source: CVE-2022-30013
CVE-2022-30776
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
Source: CVE-2022-30776
CVE-2022-30777
Parallels H-Sphere 3.6.2 allows XSS via the index_en.php from parameter.
Source: CVE-2022-30777
CVE-2022-29623
An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arbitrary code via a crafted PDF file.
Source: CVE-2022-29623
CVE-2022-29622
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename.
Source: CVE-2022-29622
CVE-2021-42966
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2021-42966
CVE-2021-42870
ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.
Source: CVE-2021-42870
CVE-2021-42897
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.
Source: CVE-2021-42897