Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14213 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. | |||||
| CVE-2020-13757 | 3 Canonical, Fedoraproject, Python-rsa Project | 3 Ubuntu Linux, Fedora, Python-rsa | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). | |||||
| CVE-2020-12770 | 5 Canonical, Debian, Fedoraproject and 2 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2023-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||||
| CVE-2020-10951 | 1 Westerndigital | 2 Ibi, My Cloud Home | 2023-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
| Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | |||||
| CVE-2020-6007 | 1 Philips | 2 Hue Bridge V2, Hue Bridge V2 Firmware | 2023-02-28 | 4.3 MEDIUM | 7.9 HIGH |
| Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | |||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||||
| CVE-2016-10867 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | |||||
| CVE-2015-9302 | 1 Simple Fields Project | 1 Simple Fields | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-fields plugin before 1.4.11 for WordPress has XSS. | |||||
| CVE-2015-9298 | 1 Wp-events-plugin | 1 Events Manager | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The events-manager plugin before 5.6 for WordPress has code injection. | |||||
| CVE-2022-4564 | 1 Ucf | 1 Materia | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | |||||
| CVE-2017-18559 | 1 Cformsii Project | 1 Cformsii | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9297 | 1 Wp-events-plugin | 1 Events Manager | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.6 for WordPress has XSS. | |||||
| CVE-2022-4560 | 1 Joget | 1 Joget Dx | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963. | |||||
| CVE-2022-4525 | 1 Sleepdata | 1 Sleepdata | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability. | |||||
| CVE-2022-4524 | 1 Roots | 1 Soil | 2023-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904. | |||||
| CVE-2014-10377 | 1 Cformsii Project | 1 Cformsii | 2023-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | |||||
| CVE-2016-10884 | 1 Simple-membership-plugin | 1 Simple Membership | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | |||||
| CVE-2015-9309 | 1 Flippercode | 1 Google Map | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | |||||
| CVE-2015-9308 | 1 Flippercode | 1 Google Map | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | |||||
| CVE-2015-9307 | 1 Flippercode | 1 Google Map | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | |||||