PT-2022-26664 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted .dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a write access violation. This issue, in...

PT-2022-25809 · Autodesk · Autodesk Design Review

Name of the Vulnerable Software and Affected Versions: Autodesk DesignReview versions affected versions not specified Description: A maliciously crafted .dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a write access violation. Thi...

CVE-2022-42934

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

PT-2022-26669 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a read access violation. This issue, when...

CVE-2022-41537

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /useroperations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-25923 · Unknown · Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability in the /user operations/profile.php component...

CVE-2022-42154

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file...

Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)

Adobe Commerce versions 2.4.3-p3 and earlier, 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution...

PT-2022-25806 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted PCT file consumed through the DesignReview.exe application could lead to memory corruption by write access violation. This issue, in conjunction with other...

CVE-2022-41538

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photosadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17489)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2022-41533

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /phpaction/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41534

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /phpaction/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-5052

Name of the Vulnerable Software and Affected Versions Apache Commons Text versions 1.5 through 1.9 Description The issue concerns a vulnerability in Apache Commons Text that allows for variable interpolation, enabling properties to be dynamically evaluated and expanded. The standard format for...

CVE-2022-33921

Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context...

PYSEC-2022-43077

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

Microsoft Office Graphics Remote Code Execution Vulnerability

...

CVE-2022-42038

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...

CVE-2022-41384

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...