Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2022-08-04 | N/A | 9.8 CRITICAL |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | |||||
| CVE-2022-1950 | 1 Kainelabs | 1 Youzify | 2022-08-04 | N/A | 9.8 CRITICAL |
| The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | |||||
| CVE-2022-1906 | 1 Digiprove | 1 Copyright Proof | 2022-08-04 | N/A | 6.1 MEDIUM |
| The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. | |||||
| CVE-2022-1585 | 1 Project-source-code-download Project | 1 Project-source-code-download | 2022-08-04 | N/A | 7.5 HIGH |
| The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | |||||
| CVE-2022-1324 | 1 Rich-web | 1 Event Timeline | 2022-08-04 | N/A | 4.8 MEDIUM |
| The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-31776 | 1 Ibm | 1 Datapower Gateway | 2022-08-04 | N/A | 8.8 HIGH |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433. | |||||
| CVE-2022-31775 | 1 Ibm | 1 Datapower Gateway | 2022-08-04 | N/A | 9.1 CRITICAL |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359. | |||||
| CVE-2022-31774 | 1 Ibm | 1 Datapower Gateway | 2022-08-04 | N/A | 5.4 MEDIUM |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358. | |||||
| CVE-2022-34558 | 4 Global-workqueue Project, Reqmgr2 Project, Reqmon Project and 1 more | 4 Global-workqueue, Reqmgr2, Reqmon and 1 more | 2022-08-04 | N/A | 9.8 CRITICAL |
| WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package. | |||||
| CVE-2016-4427 | 1 Zulip | 1 Zulip | 2022-08-04 | N/A | 7.5 HIGH |
| In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. | |||||
| CVE-2022-30616 | 1 Ibm | 1 Robotic Process Automation | 2022-08-04 | N/A | 7.2 HIGH |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. | |||||
| CVE-2022-22505 | 1 Ibm | 1 Robotic Process Automation | 2022-08-04 | N/A | 7.5 HIGH |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. | |||||
| CVE-2022-22334 | 1 Ibm | 1 Robotic Process Automation | 2022-08-04 | N/A | 4.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. | |||||
| CVE-2022-22326 | 1 Ibm | 5 Datapower Gateway, Mq Appliance M2001, Mq Appliance M2001 Firmware and 2 more | 2022-08-04 | N/A | 3.3 LOW |
| IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. | |||||
| CVE-2016-4426 | 1 Zulip | 1 Zulip | 2022-08-04 | N/A | 4.3 MEDIUM |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. | |||||
| CVE-2022-29558 | 1 Realtek | 1 Rtl819x Software Development Kit | 2022-08-04 | N/A | 8.8 HIGH |
| Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. | |||||
| CVE-2022-1600 | 1 Yop-poll | 1 Yop Poll | 2022-08-04 | N/A | 5.3 MEDIUM |
| The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. | |||||
| CVE-2022-34954 | 1 Phptpoint | 1 Pharmacy Management System | 2022-08-04 | N/A | 9.8 CRITICAL |
| Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. | |||||
| CVE-2022-34580 | 1 Advanced School Management System Project | 1 Advanced School Management System | 2022-08-04 | N/A | 4.8 MEDIUM |
| Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. | |||||
| CVE-2016-2139 | 1 Kippo-graph Project | 1 Kippo-graph | 2022-08-04 | N/A | 6.4 MEDIUM |
| In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php. | |||||