Main entries ~3681 : No results found. Remaining NVD entries (unprocessed / no code available): ~181977 :
Date Id Summary Products Score Patch
2022-05-20 CVE-2022-25229 Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the webpage to use 'NodeJs' features, an attacker can leverage this to run OS commands. N/A N/A
2022-05-20 CVE-2022-1806 Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. N/A N/A
2022-05-20 CVE-2022-1754 Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. N/A N/A
2022-05-20 CVE-2022-28987 ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. N/A N/A
2022-05-20 CVE-2021-34111 Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. N/A N/A
2022-05-20 CVE-2022-28964 An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. N/A N/A
2022-05-20 CVE-2022-28965 Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. N/A N/A