Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0896 | 1 Microweber | 1 Microweber | 2022-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-22909 | 1 Digitaldruid | 1 Hoteldruid | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. | |||||
| CVE-2022-25018 | 1 Pluxml | 1 Pluxml | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. | |||||
| CVE-2021-44238 | 1 Ayacms Project | 1 Ayacms | 2022-03-08 | 6.5 MEDIUM | 7.2 HIGH |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, | |||||
| CVE-2021-22395 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-23810 | 1 Appleple | 1 A-blog Cms | 2022-03-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2012-0171 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." | |||||
| CVE-2012-0169 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." | |||||
| CVE-2012-0168 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-03-01 | 7.6 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." | |||||
| CVE-2012-0155 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." | |||||
| CVE-2012-0011 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-03-01 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." | |||||
| CVE-2022-24665 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. | |||||
| CVE-2022-24663 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. | |||||
| CVE-2022-24664 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 4.0 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. | |||||
| CVE-2018-17036 | 1 Ucms Project | 1 Ucms | 2022-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | |||||
| CVE-2019-19208 | 1 Codiad | 1 Codiad | 2022-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| Codiad Web IDE through 2.8.4 allows PHP Code injection. | |||||
| CVE-2008-4250 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2022-02-09 | 10.0 HIGH | N/A |
| The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." | |||||
| CVE-2021-44978 | 1 Idreamsoft | 1 Icms | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | |||||
| CVE-2009-3302 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2022-02-07 | 9.3 HIGH | N/A |
| filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." | |||||
| CVE-2022-21686 | 1 Prestashop | 1 Prestashop | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds. | |||||