CVE-2026-21622

creationtimestamp| type| source ---|---|--- 2026-03-05 22:23:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdtlp7eur2y...

CVE-2026-21622 Password Reset Tokens Do Not Expire

Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...

CVE-2022-21622

Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware component: Adapters. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successf...

CVE-2025-21622

ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatarurl as a filepath within the avatars subdirectory. If the URL path exists within the...

CVE-2025-21622

creationtimestamp| type| source ---|---|--- 2025-01-07 16:07:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113787932641923201 2025-01-07 16:17:10+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62dvrvje2m 2025-01-07 17:41:49+00:00|...

CVE-2025-21622 ClipBucket V5 Avatar URL Path Traversal to Arbitrary File Delete

ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatarurl as a filepath within the avatars subdirectory. If the URL path exists within the...

CVE-2025-21622 ClipBucket V5 Avatar URL Path Traversal to Arbitrary File Delete

ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatarurl as a filepath within the avatars subdirectory. If the URL path exists within the...

CVE-2023-41222

D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

CVE-2023-41222 D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

CVE-2023-41222

The CVE-2023-41222 entry concerns D-Link DIR-3040 routers. A stack-based buffer overflow in prog.cgi (SetWan2Settings) processes HNAP requests to the lighttpd webserver (ports 80/443). The flaw arises from insufficient validation of a user-supplied string copied into a fixed-size stack buffer, en...

CVE-2023-41222 D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

CVE-2024-21622

creationtimestamp| type| source ---|---|--- 2024-01-03 18:31:55+00:00| seen| https://t.me/ctinow/162525 2024-01-04 01:37:13+00:00| seen| https://t.me/cibsecurity/74336 2024-01-23 22:01:55+00:00| seen| https://t.me/ctinow/172332...

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

CVE-2024-21622

CVE-2024-21622 is a Privilege Escalation issue in Craft CMS. The vulnerability affects Craft 3.x (prior to 3.9.6) and Craft 4.x (prior to 4.4.16) and arises under certain user permission configurations, allowing elevated access. The condition and root cause are described as a permission-checking ...

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

CVE-2023-21622

FrameMaker 2020 Update 4 and earlier, 2022 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-21622

Adobe FrameMaker is affected by CVE-2023-21622 (out-of-bounds write) that could allow arbitrary code execution in the context of the current user. Affected: FrameMaker 2020 Update 4 and earlier, and FrameMaker 2022 and earlier. Root cause: out-of-bounds write in the font parsing component. Attack...

Adobe FrameMaker 2020 < 16.0.5 (2020.0.5) / Adobe FrameMaker 2022 < 17.0.1 (2022.0.1) Multiple Vulnerabilities (APSB23-06)

The version of Adobe FrameMaker installed on the remote Windows host is prior to Adobe FrameMaker 2020 16.0.5 / Adobe FrameMaker 2022 17.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb23-06 advisory. - FrameMaker 2020 Update 4 and earlier, 2022 and earlier ar...

CVE-2022-21622

Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware component: Adapters. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successf...

CVE-2022-21622

The CVE-2022-21622 entry affects Oracle Fusion Middleware’s Oracle SOA Suite (Adapters) with affected versions 12.2.1.3.0 and 12.2.1.4.0. The issue enables an unauthenticated attacker, over the network via HTTP, to compromise data in the Oracle SOA Suite, potentially allowing unauthorized creatio...