Latest CVE Feed
-
6.1
MEDIUMCVE-2022-46381
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-46355
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
5.3
MEDIUMCVE-2022-46354
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
6.5
MEDIUMCVE-2022-46059
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).... Read more
Affected Products : aerocms- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
4.8
MEDIUMCVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.... Read more
Affected Products : aerocms- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
7.2
HIGHCVE-2022-46051
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.... Read more
Affected Products : aerocms- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
4.9
MEDIUMCVE-2022-46047
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.... Read more
Affected Products : aerocms- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
8.1
HIGHCVE-2022-45936
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensit... Read more
Affected Products : mendix_email_connector- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-45871
A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request. The exploit can be triggered remotely by an attacker.... Read more
Affected Products : atlant- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-45693
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-45690
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.... Read more
Affected Products : hutool- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-45689
hutool-json v5.8.10 was discovered to contain an out of memory error.... Read more
Affected Products : hutool- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
6.1
MEDIUMCVE-2022-44303
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client s... Read more
Affected Products : resque-scheduler- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
5.4
MEDIUMCVE-2022-43996
The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently... Read more
Affected Products : csaf_provider- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
5.5
MEDIUMCVE-2022-42811
An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data.... Read more
- Published: Nov. 01, 2022
- Modified: Apr. 22, 2025
-
5.5
MEDIUMCVE-2022-42810
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.... Read more
- Published: Nov. 01, 2022
- Modified: Apr. 22, 2025
-
7.8
HIGHCVE-2022-42809
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution.... Read more
Affected Products : macos- Published: Nov. 01, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-42808
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution.... Read more
- Published: Nov. 01, 2022
- Modified: Apr. 22, 2025
-
7.0
HIGHCVE-2022-42806
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more
- Published: Nov. 01, 2022
- Modified: Apr. 22, 2025
-
7.0
HIGHCVE-2022-42803
A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel pr... Read more
- Published: Nov. 01, 2022
- Modified: Apr. 22, 2025