Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41135 | 1 Wpchill | 1 Customizable Wordpress Gallery Plugin - Modula Image Gallery | 2022-11-23 | N/A | 5.3 MEDIUM |
| Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. | |||||
| CVE-2022-38755 | 1 Microfocus | 1 Filr | 2022-11-23 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. | |||||
| CVE-2022-41655 | 1 Algolplus | 1 Phone Orders For Woocommerce | 2022-11-23 | N/A | 6.5 MEDIUM |
| Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress. | |||||
| CVE-2021-26391 | 1 Amd | 98 Enterprise Driver, Radeon Pro Software, Radeon Pro W5500 and 95 more | 2022-11-23 | N/A | 7.8 HIGH |
| Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | |||||
| CVE-2022-45369 | 1 Richplugins | 1 Plugin For Google Reviews | 2022-11-23 | N/A | 4.3 MEDIUM |
| Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. | |||||
| CVE-2022-42883 | 1 Expresstech | 1 Quiz And Survey Master | 2022-11-22 | N/A | 7.5 HIGH |
| Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress. | |||||
| CVE-2022-36784 | 1 Elsight | 2 Halo, Halo Firmware | 2022-11-22 | N/A | 9.8 CRITICAL |
| Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. | |||||
| CVE-2022-40903 | 1 Aiphone | 8 Gt-db-vn, Gt-db-vn Firmware, Gt-dmb and 5 more | 2022-11-22 | N/A | 6.5 MEDIUM |
| Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. | |||||
| CVE-2022-42904 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2022-11-22 | N/A | 7.2 HIGH |
| Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings. | |||||
| CVE-2022-38165 | 1 Withsecure | 1 F-secure Policy Manager | 2022-11-21 | N/A | 9.8 CRITICAL |
| Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. | |||||
| CVE-2022-43096 | 1 M5t | 2 Mediatrix 4102s, Mediatrix 4102s Firmware | 2022-11-21 | N/A | 6.8 MEDIUM |
| Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. | |||||
| CVE-2020-10382 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2022-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler. | |||||
| CVE-2020-10383 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2022-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module. | |||||
| CVE-2018-8172 | 1 Microsoft | 3 Expression Blend, Visual Studio, Visual Studio 2017 | 2022-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | |||||
| CVE-2021-31608 | 1 Proofpoint | 1 Enterprise Protection | 2022-11-21 | N/A | 4.3 MEDIUM |
| Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. | |||||
| CVE-2020-2722 | 1 Oracle | 1 Flexcube Investor Servicing | 2022-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). | |||||
| CVE-2022-41652 | 1 Expresstech | 1 Quiz And Survey Master | 2022-11-21 | N/A | 9.8 CRITICAL |
| Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress. | |||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2022-11-21 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | |||||
| CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2022-11-21 | N/A | 8.8 HIGH |
| Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | |||||
| CVE-2022-30323 | 1 Hashicorp | 1 Go-getter | 2022-11-21 | 7.5 HIGH | 8.6 HIGH |
| go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | |||||