Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2261 | 1 Xplodedthemes | 1 Wpide | 2022-08-31 | N/A | 7.2 HIGH |
| The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | |||||
| CVE-2022-2080 | 1 Automattic | 1 Sensei Lms | 2022-08-31 | N/A | 4.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | |||||
| CVE-2022-2034 | 1 Automattic | 1 Sensei Lms | 2022-08-31 | N/A | 5.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | |||||
| CVE-2022-1663 | 1 Stop Spam Comments Project | 1 Stop Spam Comments | 2022-08-31 | N/A | 6.5 MEDIUM |
| The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. | |||||
| CVE-2022-1123 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2022-08-31 | N/A | 7.2 HIGH |
| The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. | |||||
| CVE-2022-36690 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-08-31 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. | |||||
| CVE-2022-36689 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-08-31 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. | |||||
| CVE-2022-36688 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-08-31 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. | |||||
| CVE-2022-36687 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-08-31 | N/A | 6.5 MEDIUM |
| Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | |||||
| CVE-2022-36686 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-08-31 | N/A | 8.8 HIGH |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. | |||||
| CVE-2022-37059 | 1 Intelliants | 1 Subrion Cms | 2022-08-31 | N/A | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field | |||||
| CVE-2022-36529 | 1 Kensite Cms Project | 1 Kensite Cms | 2022-08-31 | N/A | 8.8 HIGH |
| Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | |||||
| CVE-2022-36521 | 1 Cskefu | 1 Cskefu | 2022-08-31 | N/A | 7.5 HIGH |
| Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. | |||||
| CVE-2021-40285 | 1 Htmly | 1 Htmly | 2022-08-31 | N/A | 8.1 HIGH |
| htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | |||||
| CVE-2022-24551 | 1 Starwindsoftware | 2 Nas, San | 2022-08-31 | 9.0 HIGH | 8.8 HIGH |
| A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633. | |||||
| CVE-2021-45389 | 1 Starwind | 2 Command Center, San\&nas | 2022-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864. | |||||
| CVE-2022-24552 | 1 Starwindsoftware | 2 Nas, San | 2022-08-31 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633. | |||||
| CVE-2021-3644 | 1 Redhat | 2 Descision Manager, Wildfly | 2022-08-31 | N/A | 3.3 LOW |
| A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. | |||||
| CVE-2021-4216 | 1 Artifex | 1 Mupdf | 2022-08-31 | N/A | 5.5 MEDIUM |
| A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. | |||||
| CVE-2020-28589 | 1 Tinyobjloader Project | 1 Tinyobjloader | 2022-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||