Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35589 | 1 Fork-cms | 1 Fork Cms | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | |||||
| CVE-2022-35585 | 1 Fork-cms | 1 Fork Cms | 2022-08-15 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | |||||
| CVE-2022-35932 | 1 Nextcloud | 1 Talk | 2022-08-15 | N/A | 5.3 MEDIUM |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations. | |||||
| CVE-2022-35587 | 1 Fork-cms | 1 Fork Cms | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | |||||
| CVE-2022-31672 | 1 Vmware | 1 Vrealize Operations | 2022-08-15 | N/A | 7.2 HIGH |
| VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. | |||||
| CVE-2022-31673 | 1 Vmware | 1 Vrealize Operations | 2022-08-15 | N/A | 8.8 HIGH |
| VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution. | |||||
| CVE-2021-42750 | 1 Thingsboard | 1 Thingsboard | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node. | |||||
| CVE-2021-42751 | 1 Thingsboard | 1 Thingsboard | 2022-08-15 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node. | |||||
| CVE-2021-29117 | 1 Esri | 1 Arcreader | 2022-08-15 | N/A | 7.8 HIGH |
| A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | |||||
| CVE-2021-29112 | 1 Esri | 1 Arcreader | 2022-08-15 | N/A | 5.5 MEDIUM |
| An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user. | |||||
| CVE-2021-29118 | 1 Esri | 1 Arcreader | 2022-08-15 | N/A | 5.5 MEDIUM |
| An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user. | |||||
| CVE-2022-2587 | 1 Google | 2 Chrome, Chrome Os | 2022-08-15 | N/A | 9.8 CRITICAL |
| Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. | |||||
| CVE-2022-2797 | 1 Student Information System Project | 1 Student Information System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in SourceCodester Student Information System. Affected by this vulnerability is an unknown functionality of the file /admin/students/view_student.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-206245 was assigned to this vulnerability. | |||||
| CVE-2022-31674 | 1 Vmware | 1 Vrealize Operations | 2022-08-15 | N/A | 4.3 MEDIUM |
| VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | |||||
| CVE-2022-31675 | 1 Vmware | 1 Vrealize Operations | 2022-08-15 | N/A | 7.5 HIGH |
| VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges. | |||||
| CVE-2022-2746 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin_ add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2748 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2022-08-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206016. | |||||
| CVE-2022-2747 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument book_isbn leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-206015. | |||||
| CVE-2022-2766 | 1 Loan Management System Project | 1 Loan Management System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2767 | 1 Online Admission System Project | 1 Online Admission System | 2022-08-15 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Online Admission System. This affects an unknown part of the file /index.php. The manipulation of the argument student_add leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206163. | |||||