Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1916 | 1 Pluginus | 1 Active Products Tables For Woocommerce | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting | |||||
| CVE-2022-1914 | 1 Clean-contact Project | 1 Clean-contact | 2022-07-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well | |||||
| CVE-2022-32530 | 1 Schneider-electric | 1 Geo Scada Mobile | 2022-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior) | |||||
| CVE-2022-34298 | 1 Openidentityplatform | 1 Openam | 2022-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack." | |||||
| CVE-2022-34296 | 1 Zalando | 1 Skipper | 2022-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. | |||||
| CVE-2022-33910 | 1 Mantisbt | 1 Mantisbt | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. | |||||
| CVE-2022-21231 | 1 Deep-get-set Project | 1 Deep-get-set | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7715](https://security.snyk.io/vuln/SNYK-JS-DEEPGETSET-598666) | |||||
| CVE-2022-29578 | 1 Meridian | 1 Meridian | 2022-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. | |||||
| CVE-2022-29097 | 1 Dell | 1 Wyse Management Suite | 2022-07-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | |||||
| CVE-2022-29096 | 1 Dell | 1 Wyse Management Suite | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2021-42056 | 3 Linux, Microsoft, Thalesgroup | 3 Linux Kernel, Windows, Safenet Authentication Client | 2022-07-06 | 7.2 HIGH | 6.7 MEDIUM |
| Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | |||||
| CVE-2021-40893 | 1 Validate Data Project | 1 Validate Data | 2022-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | |||||
| CVE-2022-1977 | 1 Smackcoders | 1 Download Import All Xml\, Csv \& Txt Into Wordpress | 2022-07-06 | 6.0 MEDIUM | 7.2 HIGH |
| The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | |||||
| CVE-2022-1971 | 1 Wpgetready | 1 Nextcellent Gallery | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-1964 | 1 Easy Svg Support Project | 1 Easy Svg Support | 2022-07-06 | 3.5 LOW | 5.4 MEDIUM |
| The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | |||||
| CVE-2022-1995 | 1 Miniorange | 1 Malware Scanner | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | |||||
| CVE-2022-1994 | 1 Miniorange | 1 Login With Otp Over Sms\, Email\, Whatsapp And Google Authenticator | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2022-1990 | 1 Nested Pages Project | 1 Nested Pages | 2022-07-06 | 3.5 LOW | 4.8 MEDIUM |
| The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed | |||||
| CVE-2022-2102 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed. | |||||
| CVE-2022-28619 | 1 Hpe | 1 Control Repository Manager | 2022-07-06 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. | |||||