The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-42113 | A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter. | -- | Oct 20, 2022 |
| CVE-2022-42112 | A Cross-site scripting (XSS) vulnerability in the Portal Search module\'s Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload. | -- | Oct 20, 2022 |
| CVE-2022-42111 | A Cross-site scripting (XSS) vulnerability in the Sharing module\'s user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. | -- | Nov 17, 2022 |
| CVE-2022-42110 | A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. | -- | Nov 17, 2022 |
| CVE-2022-42109 | Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. | -- | Nov 30, 2022 |
| CVE-2022-42100 | KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. | -- | Nov 30, 2022 |
| CVE-2022-42099 | KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | -- | Nov 30, 2022 |
| CVE-2022-42098 | KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. | -- | Nov 23, 2022 |
| CVE-2022-42097 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \'Comment.\' . | -- | Nov 23, 2022 |
| CVE-2022-42096 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | -- | Nov 23, 2022 |
| CVE-2022-42095 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | -- | Nov 25, 2022 |
| CVE-2022-42094 | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the \'Card\' content. | -- | Nov 23, 2022 |
| CVE-2022-42092 | Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via \'themes\' that allows attackers to Remote Code Execution. | -- | Oct 9, 2022 |
| CVE-2022-42087 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | -- | Oct 14, 2022 |
| CVE-2022-42086 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | -- | Oct 14, 2022 |
| CVE-2022-42081 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. | -- | Oct 14, 2022 |
| CVE-2022-42080 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. | -- | Oct 14, 2022 |
| CVE-2022-42079 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. | -- | Oct 14, 2022 |
| CVE-2022-42078 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | -- | Oct 14, 2022 |
| CVE-2022-42077 | Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | -- | Oct 14, 2022 |
| CVE-2022-42075 | Wedding Planner v1.0 is vulnerable to arbitrary code execution. | -- | Oct 7, 2022 |
| CVE-2022-42074 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. | -- | Oct 7, 2022 |
| CVE-2022-42073 | Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. | -- | Oct 7, 2022 |
| CVE-2022-42071 | Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. | -- | Oct 14, 2022 |
| CVE-2022-42070 | Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). | -- | Oct 14, 2022 |
| CVE-2022-42069 | Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. | -- | Oct 15, 2022 |
| CVE-2022-42067 | Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | -- | Oct 14, 2022 |
| CVE-2022-42066 | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | -- | Oct 15, 2022 |
| CVE-2022-42064 | Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. | -- | Oct 15, 2022 |
| CVE-2022-42060 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | -- | Nov 18, 2022 |
| CVE-2022-42058 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | -- | Nov 18, 2022 |
| CVE-2022-42055 | Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. | -- | Oct 27, 2022 |
| CVE-2022-42054 | Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. | -- | Oct 27, 2022 |
| CVE-2022-42053 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | -- | Nov 18, 2022 |
| CVE-2022-42044 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42043 | The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42042 | The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42041 | The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42040 | The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42039 | The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42038 | The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42037 | The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42036 | The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | -- | Oct 13, 2022 |
| CVE-2022-42034 | Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | -- | Oct 11, 2022 |
| CVE-2022-42029 | Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to \'big file uploads\' to copy/move files from anywhere in the file system into the web directory. | -- | Oct 19, 2022 |
| CVE-2022-42021 | Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. | -- | Oct 21, 2022 |
| CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | -- | Oct 8, 2022 |
| CVE-2022-42011 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | -- | Oct 8, 2022 |
| CVE-2022-42010 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. | -- | Oct 8, 2022 |
| CVE-2022-42004 | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | -- | Oct 4, 2022 |
