CVE-2022-25923

Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.

Source: CVE-2022-25923

CVE-2022-42979

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link.

Source: CVE-2022-42979

CVE-2022-44870

A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.

Source: CVE-2022-44870

CVE-2022-40049

SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.

Source: CVE-2022-40049

CVE-2022-44540

CVE was unused by HPE.

Source: CVE-2022-44540

CVE-2022-44536

CVE was unused by HPE.

Source: CVE-2022-44536

CVE-2022-44541

CVE was unused by HPE.

Source: CVE-2022-44541

CVE-2022-44538

CVE was unused by HPE.

Source: CVE-2022-44538

CVE-2022-44539

CVE was unused by HPE.

Source: CVE-2022-44539

CVE-2022-44537

CVE was unused by HPE.

Source: CVE-2022-44537