Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36857 | 1 Wpshopmart | 1 Testimonial Builder | 2022-08-23 | N/A | 5.4 MEDIUM |
| Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | |||||
| CVE-2021-36852 | 1 Thimpress | 1 Wp Hotel Booking | 2022-08-23 | N/A | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | |||||
| CVE-2022-36170 | 1 Mapgis | 1 Igserver | 2022-08-23 | N/A | 8.8 HIGH |
| MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | |||||
| CVE-2022-2890 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-2932 | 1 Bdg | 1 Mobiledoc Kit | 2022-08-23 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2. | |||||
| CVE-2021-36847 | 1 Webba-booking | 1 Webba Booking | 2022-08-23 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. | |||||
| CVE-2022-0446 | 1 Simple Banner Project | 1 Simple Banner | 2022-08-23 | N/A | 4.8 MEDIUM |
| The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2930 | 1 Octoprint | 1 Octoprint | 2022-08-23 | N/A | 7.8 HIGH |
| Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. | |||||
| CVE-2022-34623 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 5.3 MEDIUM |
| Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt. | |||||
| CVE-2022-1340 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-23 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-2927 | 1 Notrinos | 1 Notrinoserp | 2022-08-23 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
| CVE-2022-34621 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 6.5 MEDIUM |
| Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. | |||||
| CVE-2022-34615 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | |||||
| CVE-2022-34624 | 1 Mealie | 1 Mealie | 2022-08-23 | N/A | 5.9 MEDIUM |
| Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | |||||
| CVE-2022-2600 | 1 Auto-hyperlink Urls Project | 1 Auto-hyperlink Urls | 2022-08-23 | N/A | 5.4 MEDIUM |
| The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object. | |||||
| CVE-2022-34857 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2022-08-23 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | |||||
| CVE-2022-25972 | 1 Hdfgroup | 1 Hdf5 | 2022-08-23 | N/A | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-25942 | 1 Hdfgroup | 1 Hdf5 | 2022-08-23 | N/A | 7.8 HIGH |
| An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-36605 | 1 Yimihome | 1 Ywoa | 2022-08-23 | N/A | 9.8 CRITICAL |
| Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | |||||
| CVE-2022-26061 | 1 Hdfgroup | 1 Hdf5 | 2022-08-23 | N/A | 7.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||