Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4981 | 2022-07-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4982. Reason: This candidate is a duplicate of CVE-2016-4982. Notes: All CVE users should reference CVE-2016-4982 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-24312 | 1 Automattic | 1 Wp Super Cache | 2022-07-29 | 6.5 MEDIUM | 7.2 HIGH |
| The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209. | |||||
| CVE-2022-2115 | 1 Essentialplugin | 1 Popup Anything | 2022-07-29 | N/A | 6.1 MEDIUM |
| The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2219 | 1 Brizy | 1 Unyson | 2022-07-29 | N/A | 7.2 HIGH |
| The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2017-20143 | 1 Ambit | 1 Movie Portal Script | 2022-07-29 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2189 | 1 Tipsandtricks-hq | 1 Wp Video Lightbox | 2022-07-29 | N/A | 6.1 MEDIUM |
| The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2017-20142 | 1 Ambit | 1 Movie Portal Script | 2022-07-29 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-20916 | 1 Cisco | 1 Iot Control Center | 2022-07-29 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2016-15004 | 1 Revmakx | 1 Infinitewp Client | 2022-07-29 | N/A | 9.8 CRITICAL |
| A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-44385 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-29 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-40412 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-29 | 6.5 MEDIUM | 7.2 HIGH |
| An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. | |||||
| CVE-2021-40411 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-29 | 6.5 MEDIUM | 7.2 HIGH |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. | |||||
| CVE-2021-40410 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-29 | 6.5 MEDIUM | 7.2 HIGH |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. | |||||
| CVE-2021-40409 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | |||||
| CVE-2021-40407 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-40408 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | |||||
| CVE-2017-20141 | 1 Ambit | 1 Movie Portal Script | 2022-07-29 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2239 | 1 Emarketdesign | 1 Request A Quote | 2022-07-29 | N/A | 4.8 MEDIUM |
| The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-21953 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 6.8 MEDIUM | 8.1 HIGH |
| An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges. | |||||
| CVE-2017-20140 | 1 Ambit | 1 Movie Portal Script | 2022-07-29 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerror=prompt(1)> leads to basic cross site scripting (Reflected). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||