• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-94

CVE-2022-25759

February 23, 2023 by godfreyd94

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.

CVE-2022-25760

February 23, 2023 by godfreyd94

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package’s exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.

CVE-2022-25644

February 23, 2023 by godfreyd94

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.

CVE-2022-25578

February 23, 2023 by godfreyd94

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

CVE-2022-25371

February 23, 2023 by godfreyd94

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.

CVE-2022-25018

February 23, 2023 by godfreyd94

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 210
  • Go to page 211
  • Go to page 212
  • Go to page 213
  • Go to page 214
  • Interim pages omitted …
  • Go to page 225
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE