Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26654 | 1 Pexip | 1 Pexip Infinity | 2022-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. | |||||
| CVE-2022-25357 | 1 Pexip | 1 Pexip Infinity | 2022-07-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN. | |||||
| CVE-2022-2099 | 1 Woocommerce | 1 Woocommerce | 2022-07-18 | 3.5 LOW | 4.8 MEDIUM |
| The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | |||||
| CVE-2022-26655 | 1 Pexip | 1 Pexip Infinity | 2022-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams. | |||||
| CVE-2022-26657 | 1 Pexip | 1 Pexip Infinity | 2022-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | |||||
| CVE-2022-26656 | 1 Pexip | 1 Pexip Infinity | 2022-07-18 | 6.4 MEDIUM | 8.2 HIGH |
| Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join. | |||||
| CVE-2021-24655 | 1 Wpusermanager | 1 Wp User Manager | 2022-07-18 | 6.0 MEDIUM | 7.5 HIGH |
| The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account. | |||||
| CVE-2022-27928 | 1 Pexip | 1 Pexip Infinity | 2022-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. | |||||
| CVE-2022-31084 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2022-07-18 | 6.8 MEDIUM | 8.1 HIGH |
| LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0. | |||||
| CVE-2022-2090 | 1 Flycart | 1 Discount Rules For Woocommerce | 2022-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-2092 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2022-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | |||||
| CVE-2022-1933 | 1 Collect And Deliver Interface For Woocommerce Project | 1 Collect And Deliver Interface For Woocommerce | 2022-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1672 | 1 Insights From Google Pagespeed Project | 1 Insights From Google Pagespeed | 2022-07-18 | 6.8 MEDIUM | 8.8 HIGH |
| The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | |||||
| CVE-2022-32417 | 1 Pbootcms | 1 Pbootcms | 2022-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | |||||
| CVE-2020-4138 | 1 Ibm | 1 Security Siteprotector System | 2022-07-18 | 2.1 LOW | 5.5 MEDIUM |
| IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049. | |||||
| CVE-2022-32416 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-07-18 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. | |||||
| CVE-2022-32415 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-07-18 | 6.5 MEDIUM | 8.8 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. | |||||
| CVE-2022-32406 | 1 Gtkradiant Project | 1 Gtkradiant | 2022-07-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. | |||||
| CVE-2022-2091 | 1 Cache Images Project | 1 Cache Images | 2022-07-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. | |||||
| CVE-2022-32318 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-07-18 | 3.5 LOW | 5.4 MEDIUM |
| Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category. | |||||