osTicket Arbitrary File Read via PHP Filter Chains in mPDF

This module exploits an arbitrary file read vulnerability in osTicket CVE-2026-22200. The vulnerability exists in osTicket's PDF export functionality which uses mPDF. By injecting a specially crafted HTML payload containing PHP filter chain URIs into a ticket reply, an attacker can read arbitrary...

CVE-2025-22200

creationtimestamp| type| source ---|---|--- 2026-01-01 04:48:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbdlbl5qqv2o...

PT-2026-1166

CVE-2025-22200 - Apache HTTP Server SQL Injection CVE ID : CVE-2025-22200 Published : Jan. 1, 2026, 1:15 a.m. | 3 hours, 5 minutes ago Description : Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. Severity: 0.0 | NA Visit the...

MAL-2025-22200 Malicious code in harbor-india-eqi7 (npm)

The package harbor-india-eqi7 was found to contain malicious code...

CVE-2024-22200

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

CVE-2020-22200

Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to publicgetsuggestkeyword...

CVE-2024-22200

creationtimestamp| type| source ---|---|--- 2024-01-30 17:22:00+00:00| seen| https://t.me/ctinow/176105 2024-02-22 08:37:19+00:00| seen| https://t.me/ctinow/190529...

CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

GitLab 12.6 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22200)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork...

CVE-2020-22200

The CVE-2020-22200 entry concerns phpcms 9.1.13 with a directory traversal flaw exploitable via the q parameter to public_get_suggest_keyword. Affected component: phpcms web CMS (PHP/MySQL stack). Root cause: improper handling of user-supplied q parameter allowing path traversal. Impact stated as...

CVE-2021-22200

Technical details about CVE-2021-22200 are not provided in the accompanying documents. Monitor for updates from vendors and security advisories; no affected versions or fixes are disclosed here.

CVE-2017-15023

readformattedentries in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ELF file...

CVE-2025-22200

...

CVE-2025-22200

CVE-2025-22200 entry is rejected/not used and does not represent an active vulnerability.

CVE-2022-22200

CVE-2022-22200 entry is rejected and does not represent an active vulnerability.