jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
NVD-CWE-noinfo
CVE-2022-32387
In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler.
CVE-2022-32411
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32420
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.
CVE-2022-32244
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can’t make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.