CVE-2022-35015

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

Source: CVE-2022-35015

CVE-2022-35014

Advancecomp v2.3 contains a segmentation fault.

Source: CVE-2022-35014

CVE-2022-37059

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field

Source: CVE-2022-37059

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Source: CVE-2022-32548

CVE-2022-3019

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id’s might also be an option but I wouldn’t count on it, since it would take a long time to find a valid one).

Source: CVE-2022-3019

CVE-2022-36194

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.

Source: CVE-2022-36194

CVE-2022-22897

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.

Source: CVE-2022-22897

CVE-2022-25644

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.

Source: CVE-2022-25644

CVE-2022-25921

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.

Source: CVE-2022-25921

CVE-2022-21165

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.

Source: CVE-2022-21165