Newest CVEs

IDDescriptionSeverity
CVE-2021-44650Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
No Score
CVE-2021-4080crater is vulnerable to Unrestricted Upload of File with Dangerous Type
No Score
CVE-2021-44649Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
No Score
CVE-2021-44648GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
No Score
CVE-2021-3852growi is vulnerable to Authorization Bypass Through User-Controlled Key
No Score
CVE-2022-0179snipe-it is vulnerable to Improper Access Control
No Score
CVE-2022-0159orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
No Score
CVE-2022-0087keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
No Score
CVE-2022-21646SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` return a resource as "accessible" if it is *not* accessible by virtue of the inclusion of the wildcard in the intersection or the right side of the exclusion. In `v1.3.0`, the wildcard is ignored entirely in lookup's dispatch, resulting in the `banned` wildcard being ignored in the exclusion. Version 1.4.0 contains a patch for this issue. As a workaround, don't make use of wildcards on the right side of intersections or within exclusions.
No Score
CVE-2021-46283nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
No Score
CVE-2021-43999Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
No Score
CVE-2021-41767Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
No Score
CVE-2022-21970Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.
medium
CVE-2022-21969Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21855.
critical
CVE-2022-21964Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability.
medium
CVE-2022-21963Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962.
medium
CVE-2022-21962Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21963.
medium
CVE-2022-21961Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21962, CVE-2022-21963.
medium
CVE-2022-21960Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.
medium
CVE-2022-21959Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.
medium
CVE-2022-21958Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.
medium
CVE-2022-21954Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970.
medium
CVE-2022-21932Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability.
high
CVE-2022-21931Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21930.
medium
CVE-2022-21930Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21931.
medium
CVE-2022-21929Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931.
low
CVE-2022-21928Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.
medium
CVE-2022-21925Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability.
medium
CVE-2022-21924Workstation Service Remote Protocol Security Feature Bypass Vulnerability.
medium
CVE-2022-21922Remote Procedure Call Runtime Remote Code Execution Vulnerability.
No Score
CVE-2022-21921Windows Defender Credential Guard Security Feature Bypass Vulnerability.
medium
CVE-2022-21920Windows Kerberos Elevation of Privilege Vulnerability.
No Score
CVE-2022-21919Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895.
high
CVE-2022-21918DirectX Graphics Kernel File Denial of Service Vulnerability.
medium
CVE-2022-21917HEVC Video Extensions Remote Code Execution Vulnerability.
high
CVE-2022-21916Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21897.
high
CVE-2022-21915Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880.
medium
CVE-2022-21914Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21885.
high
CVE-2022-21913Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass.
medium
CVE-2022-21912DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21898.
high
CVE-2022-21911.NET Framework Denial of Service Vulnerability.
high
CVE-2022-21910Microsoft Cluster Port Driver Elevation of Privilege Vulnerability.
high
CVE-2022-21908Windows Installer Elevation of Privilege Vulnerability.
high
CVE-2022-21907HTTP Protocol Stack Remote Code Execution Vulnerability.
critical
CVE-2022-21906Windows Defender Application Control Security Feature Bypass Vulnerability.
medium
CVE-2022-21905Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21900.
medium
CVE-2022-21904Windows GDI Information Disclosure Vulnerability.
high
CVE-2022-21903Windows GDI Elevation of Privilege Vulnerability.
high
CVE-2022-21902Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21896.
high
CVE-2022-21901Windows Hyper-V Elevation of Privilege Vulnerability.
critical