6574 matches found
CVE-2022-1812
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10...
CVE-2022-1344
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...
CVE-2022-1461
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1...
CVE-2022-1212
Use-After-Free in strescape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited...
CVE-2022-1715
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07...
CVE-2022-1571
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...
CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5...
CVE-2022-1931
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3...
CVE-2022-1346
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...
CVE-2022-1544
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
CVE-2022-1445
Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...
CVE-2022-1926
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3...
CVE-2022-1432
Cross-site Scripting XSS - Generic in GitHub repository octoprint/octoprint prior to 1.8.0...
CVE-2022-1531
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover...
CVE-2022-1045
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0...
CVE-2022-1997
Cross-site Scripting XSS - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0...
CVE-2022-1243
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-2636
Improper Control of Generation of Code 'Code Injection' in GitHub repository hestiacp/hestiacp prior to 1.6.6...
CVE-2022-2924
Cross-site Scripting XSS - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3...
CVE-2022-2595
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1...