Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40115 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. | |||||
| CVE-2022-40114 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. | |||||
| CVE-2022-40113 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. | |||||
| CVE-2022-35896 | 1 Insyde | 1 Insydeh2o | 2022-09-26 | N/A | 6.0 MEDIUM |
| An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure. | |||||
| CVE-2022-40118 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. | |||||
| CVE-2022-40117 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. | |||||
| CVE-2022-40121 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. | |||||
| CVE-2022-40120 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. | |||||
| CVE-2022-40119 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. | |||||
| CVE-2022-40122 | 1 Online Banking System Project | 1 Online Banking System | 2022-09-26 | N/A | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. | |||||
| CVE-2022-40310 | 1 Blazzdev | 1 Rate My Post - Wp Rating System | 2022-09-26 | N/A | 3.1 LOW |
| Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. | |||||
| CVE-2022-39238 | 1 Arvados | 1 Arvados | 2022-09-26 | N/A | 8.8 HIGH |
| Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules (PAM) for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host (such as an expired password), it would still be accepted for access to Arvados. Other authentication methods (LDAP, OpenID Connect) supported by Arvados are not affected by this flaw. This issue is patched in version 2.4.3. Workaround for this issue is to migrate to a different authentication method supported by Arvados, such as LDAP. | |||||
| CVE-2022-39240 | 1 Mygraph Project | 1 Mygraph | 2022-09-26 | N/A | 5.4 MEDIUM |
| MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround. | |||||
| CVE-2022-2937 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2022-09-26 | N/A | 5.4 MEDIUM |
| The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users. | |||||
| CVE-2022-40672 | 1 Wpchill | 1 Cpo Shortcodes | 2022-09-26 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress. | |||||
| CVE-2022-40671 | 1 Blazzdev | 1 Rate My Post - Wp Rating System | 2022-09-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress. | |||||
| CVE-2022-38095 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2022-09-26 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. | |||||
| CVE-2022-37339 | 1 Fullworksplugins | 1 Meet My Team | 2022-09-26 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress. | |||||
| CVE-2022-37338 | 1 Blossomthemes | 1 Blossom Recipe Maker | 2022-09-26 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress. | |||||
| CVE-2022-37330 | 1 Webhelpagency | 1 Wha Crossword | 2022-09-26 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress. | |||||