Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41031 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2022-10-13 | N/A | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability. | |||||
| CVE-2022-40047 | 1 Flatpress | 1 Flatpress | 2022-10-13 | N/A | 5.4 MEDIUM |
| Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. | |||||
| CVE-2022-37617 | 1 Browserify-shim Project | 1 Browserify-shim | 2022-10-13 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. | |||||
| CVE-2022-41033 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 7.8 HIGH |
| Windows COM+ Event System Service Elevation of Privilege Vulnerability. | |||||
| CVE-2022-41034 | 1 Microsoft | 1 Visual Studio Code | 2022-10-13 | N/A | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability. | |||||
| CVE-2022-3154 | 3 Integration For Billingo \& Gravity Forms Project, Integration For Szamlazz.hu \& Gravity Forms Project, Woo Billingo Plus Project | 3 Integration For Billingo \& Gravity Forms, Integration For Szamlazz.hu \& Gravity Forms, Woo Billingo Plus | 2022-10-13 | N/A | 7.1 HIGH |
| The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license | |||||
| CVE-2022-3208 | 1 Simplefilelist | 1 Simple-file-list | 2022-10-13 | N/A | 6.5 MEDIUM |
| The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. | |||||
| CVE-2022-28866 | 1 Nokia | 1 Airframe Bmc Web Gui R18 Firmware | 2022-10-13 | N/A | 8.8 HIGH |
| Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity). | |||||
| CVE-2022-37978 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 7.5 HIGH |
| Windows Active Directory Certificate Services Security Feature Bypass. | |||||
| CVE-2022-37977 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 6.5 MEDIUM |
| Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability. | |||||
| CVE-2022-33634 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | |||||
| CVE-2022-30198 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | |||||
| CVE-2022-24504 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | |||||
| CVE-2022-22035 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081. | |||||
| CVE-2022-42711 | 1 Progress | 1 Whatsup Gold | 2022-10-13 | N/A | 9.6 CRITICAL |
| In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. | |||||
| CVE-2022-37997 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-38051. | |||||
| CVE-2022-37982 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38031. | |||||
| CVE-2022-37981 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-13 | N/A | 4.3 MEDIUM |
| Windows Event Logging Service Denial of Service Vulnerability. | |||||
| CVE-2022-41532 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2022-10-13 | N/A | 7.2 HIGH |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. | |||||
| CVE-2022-41406 | 1 Church Management System Project | 1 Church Management System | 2022-10-13 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||