Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1832 | 1 Capa Protect Project | 1 Capa Protect | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. | |||||
| CVE-2022-1831 | 1 Wplite Project | 1 Wplite | 2022-06-28 | 3.5 LOW | 6.5 MEDIUM |
| The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-31295 | 1 Online Discussion Forum Site Project | 1 Online Discussion Forum Site | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | |||||
| CVE-2022-31464 | 1 Adaware | 1 Protect | 2022-06-28 | 7.2 HIGH | 7.8 HIGH |
| Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | |||||
| CVE-2022-1830 | 1 Amazon Einzeltitellinks Project | 1 Amazon Einzeltitellinks | 2022-06-28 | 3.5 LOW | 6.5 MEDIUM |
| The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1829 | 1 Inline Google Maps Project | 1 Inline Google Maps | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1828 | 1 Pdf24 Articles To Pdf Project | 1 Pdf24 Articles To Pdf | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-1827 | 1 Pdf24 Articles To Pdf Project | 1 Pdf24 Articles To Pdf | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-31372 | 1 Wiris | 1 Mathtype | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler. | |||||
| CVE-2022-23071 | 1 Tandoor | 1 Recipes | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information. | |||||
| CVE-2022-30023 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2022-06-28 | 9.0 HIGH | 8.8 HIGH |
| Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | |||||
| CVE-2022-2130 | 1 Microweber | 1 Microweber | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | |||||
| CVE-2019-12359 | 1 Zzcms | 1 Zzcms | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. | |||||
| CVE-2019-12358 | 1 Zzcms | 1 Zzcms | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. | |||||
| CVE-2022-33987 | 1 Got Project | 1 Got | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | |||||
| CVE-2019-12357 | 1 Zzcms | 1 Zzcms | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. | |||||
| CVE-2019-12355 | 1 Zzcms | 1 Zzcms | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. | |||||
| CVE-2021-46823 | 1 Python-ldap | 1 Python-ldap | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | |||||
| CVE-2022-21503 | 1 Oracle | 1 Cloud Infrastructure | 2022-06-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) | |||||
| CVE-2019-12356 | 1 Zzcms | 1 Zzcms | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. | |||||