Export limit exceeded: 10463 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10463 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26174 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | ||||
| CVE-2022-26111 | 1 Canon | 1 Irisnext | 2024-11-21 | 8.8 High |
| The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. | ||||
| CVE-2022-26049 | 1 Diffplug | 1 Goomph | 2024-11-21 | 5.3 Medium |
| This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. | ||||
| CVE-2022-25914 | 2 Jib Project, Redhat | 2 Jib, Migration Toolkit Runtimes | 2024-11-21 | 5.6 Medium |
| The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input. | ||||
| CVE-2022-25795 | 1 Autodesk | 1 Autocad | 2024-11-21 | 7.8 High |
| A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. | ||||
| CVE-2022-25767 | 1 Ureport2 Project | 1 Ureport2 | 2024-11-21 | 9.8 Critical |
| All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. | ||||
| CVE-2022-25766 | 1 Ungit Project | 1 Ungit | 2024-11-21 | 8.8 High |
| The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution. | ||||
| CVE-2022-25642 | 1 Obyte | 1 Obyte | 2024-11-21 | 6.1 Medium |
| Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution. | ||||
| CVE-2022-25498 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | ||||
| CVE-2022-25487 | 1 Thedigitalcraft | 1 Atomcms | 2024-11-21 | 9.8 Critical |
| Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | ||||
| CVE-2022-25411 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25371 | 1 Apache | 1 Ofbiz | 2024-11-21 | 9.8 Critical |
| Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. | ||||
| CVE-2022-25330 | 2 Microsoft, Trendmicro | 4 Windows, Serverprotect, Serverprotect For Network Appliance Filer and 1 more | 2024-11-21 | 9.8 Critical |
| Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. | ||||
| CVE-2022-25237 | 1 Bonitasoft | 1 Bonita Web | 2024-11-21 | 9.8 Critical |
| Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions. | ||||
| CVE-2022-25225 | 1 Softinventive | 1 Network Olympus | 2024-11-21 | 7.2 High |
| Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. | ||||
| CVE-2022-25168 | 1 Apache | 1 Hadoop | 2024-11-21 | 9.8 Critical |
| Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). | ||||
| CVE-2022-25167 | 1 Apache | 1 Flume | 2024-11-21 | 9.8 Critical |
| Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | ||||
| CVE-2022-25115 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 7.8 High |
| A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. | ||||
| CVE-2022-25094 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 8.8 High |
| Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. | ||||
| CVE-2022-25069 | 1 Marktext | 1 Marktext | 2024-11-21 | 9.6 Critical |
| Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. | ||||