Security Vulnerabilities - CVEs Published In February 2022
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.
CVSS Score
9.8
EPSS Score
0.281
Published
2022-02-14
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.011
Published
2022-02-14
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-14
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-14
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-02-14
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-14
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
CVSS Score
6.8
EPSS Score
0.004
Published
2022-02-14
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
CVSS Score
7.6
EPSS Score
0.0
Published
2022-02-14
The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-14
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-02-14