CVE-2022-40313
- EPSS 0.54%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 19:15:47
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVE-2022-40315
- EPSS 0.85%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 17:15:45
A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVE-2022-40316
- EPSS 0.55%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 17:15:45
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVE-2022-3352
- EPSS 0.49%
- Veröffentlicht 29.09.2022 12:15:09
- Zuletzt bearbeitet 21.11.2024 07:19:21
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVE-2014-0147
- EPSS 0.33%
- Veröffentlicht 29.09.2022 03:15:11
- Zuletzt bearbeitet 21.11.2024 02:01:28
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrect...
CVE-2022-31629
- EPSS 49.34%
- Veröffentlicht 28.09.2022 23:15:10
- Zuletzt bearbeitet 04.11.2025 18:15:39
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2022-31628
- EPSS 0.59%
- Veröffentlicht 28.09.2022 23:15:09
- Zuletzt bearbeitet 21.11.2024 07:04:53
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-39264
- EPSS 0.64%
- Veröffentlicht 28.09.2022 22:15:14
- Zuletzt bearbeitet 21.11.2024 07:17:54
nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect agains...
CVE-2022-39261
- EPSS 1.56%
- Veröffentlicht 28.09.2022 14:15:10
- Zuletzt bearbeitet 21.11.2024 07:17:54
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `in...
CVE-2022-3324
- EPSS 0.5%
- Veröffentlicht 27.09.2022 23:15:15
- Zuletzt bearbeitet 03.11.2025 21:15:54
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.