Total
5454 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30580 | 1 Golang | 1 Go | 2024-11-21 | 7.8 High |
| Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | ||||
| CVE-2022-30083 | 1 Elliegrid | 1 Elliegrid | 2024-11-21 | 9.8 Critical |
| EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). | ||||
| CVE-2022-2636 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | ||||
| CVE-2022-2073 | 1 Getgrav | 1 Grav | 2024-11-21 | 7.2 High |
| Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | ||||
| CVE-2022-2054 | 1 Nuitka | 1 Nuitka | 2024-11-21 | 8.4 High |
| Code Injection in GitHub repository nuitka/nuitka prior to 0.9. | ||||
| CVE-2022-2014 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.4 Medium |
| Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. | ||||
| CVE-2022-29821 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 6.9 Medium |
| In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | ||||
| CVE-2022-29819 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | ||||
| CVE-2022-29815 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | ||||
| CVE-2022-29814 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | ||||
| CVE-2022-29813 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 6.9 Medium |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | ||||
| CVE-2022-29307 | 1 Ionizecms | 1 Ionize | 2024-11-21 | 9.8 Critical |
| IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. | ||||
| CVE-2022-29078 | 1 Ejs | 1 Ejs | 2024-11-21 | 9.8 Critical |
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | ||||
| CVE-2022-27837 | 2 Google, Samsung | 2 Android, Accessibility | 2024-11-21 | 4.4 Medium |
| A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | ||||
| CVE-2022-26982 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 7.2 High |
| SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server. | ||||
| CVE-2022-25813 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 High |
| In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. | ||||
| CVE-2022-25812 | 1 Transposh | 1 Transposh Wordpress Translation | 2024-11-21 | 7.2 High |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE | ||||
| CVE-2022-25760 | 1 Accesslog Project | 1 Accesslog | 2024-11-21 | 7.1 High |
| All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on. | ||||
| CVE-2022-25759 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2024-11-21 | 9.9 Critical |
| The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. | ||||
| CVE-2022-25578 | 1 Taogogo | 1 Taocms | 2024-11-21 | 9.8 Critical |
| taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | ||||