Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2022-08-23 | N/A | 9.8 CRITICAL |
| Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2022-37175 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2022-08-23 | N/A | 9.8 CRITICAL |
| Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. | |||||
| CVE-2022-2909 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2022-08-23 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206845 was assigned to this vulnerability. | |||||
| CVE-2022-2551 | 1 Snapcreek | 1 Duplicator | 2022-08-23 | N/A | 7.5 HIGH |
| The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. | |||||
| CVE-2022-2544 | 1 Wpmanageninja | 1 Ninja Job Board | 2022-08-23 | N/A | 7.5 HIGH |
| The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. | |||||
| CVE-2022-21229 | 1 Intel | 5 Control Center, Lapqc71a, Lapqc71b and 2 more | 2022-08-23 | N/A | 7.8 HIGH |
| Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2022-08-23 | N/A | 7.5 HIGH |
| Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | |||||
| CVE-2022-1322 | 1 Rich-web | 1 Coming Soon | 2022-08-23 | N/A | 4.8 MEDIUM |
| The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-36030 | 1 Project-nexus Project | 1 Project-nexus | 2022-08-23 | N/A | 9.8 CRITICAL |
| Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | |||||
| CVE-2022-1251 | 1 Inkthemes | 1 Ask Me | 2022-08-23 | N/A | 4.3 MEDIUM |
| The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request. | |||||
| CVE-2021-3659 | 3 Fedoraproject, Linux, Redhat | 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more | 2022-08-23 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-36157 | 1 Xuxueli | 1 Xxl-job | 2022-08-23 | N/A | 8.8 HIGH |
| XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | |||||
| CVE-2021-3513 | 1 Redhat | 1 Keycloak | 2022-08-23 | N/A | 7.5 HIGH |
| A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2022-2593 | 1 Deliciousbrains | 1 Better Search Replace | 2022-08-23 | N/A | 7.2 HIGH |
| The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks | |||||
| CVE-2021-37289 | 1 Planex | 2 Mzk-dp150n, Mzk-dp150n Firmware | 2022-08-23 | N/A | 7.2 HIGH |
| Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | |||||
| CVE-2022-33900 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2022-08-23 | N/A | 7.2 HIGH |
| PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | |||||
| CVE-2022-34149 | 1 Miniorange | 1 Wp Oauth Server | 2022-08-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | |||||
| CVE-2022-34347 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-08-23 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | |||||
| CVE-2022-36346 | 1 Maxfoundry | 1 Maxbuttons | 2022-08-23 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | |||||
| CVE-2022-36606 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | |||||