Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31588 | 1 Testplatform Project | 1 Testplatform | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31567 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31544 | 1 Xtomo | 1 Robo-tom | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-34151 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2022-07-15 | 6.8 MEDIUM | 8.1 HIGH |
| Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. | |||||
| CVE-2022-1599 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2022-07-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more. | |||||
| CVE-2022-33971 | 1 Omron | 104 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 101 more | 2022-07-15 | 5.4 MEDIUM | 7.5 HIGH |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. | |||||
| CVE-2022-1245 | 1 Redhat | 1 Keycloak | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services. | |||||
| CVE-2022-33208 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2022-07-15 | 6.8 MEDIUM | 8.1 HIGH |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. | |||||
| CVE-2022-31587 | 1 Kg-fashion-chatbot Project | 1 Kg-fashion-chatbot | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31586 | 1 Changepop-back Project | 1 Changepop-back | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31585 | 1 Home Internet Project | 1 Home Internet | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31583 | 1 Automatedquizeval Project | 1 Automatedquizeval | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31584 | 1 S3label Project | 1 S3label | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31582 | 1 Videoserver Project | 1 Videoserver | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-1910 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2022-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-31581 | 1 Scorelab | 1 Openmf | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31579 | 1 Iasset Project | 1 Iasset | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31578 | 1 Bt Lnmp Project | 1 Bt Lnmp | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31577 | 1 Audio Aligner App Project | 1 Audio Aligner App | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31580 | 1 Caretakerr-api Project | 1 Caretakerr-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||