Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1759 | 1 Rb Internal Links Project | 1 Rb Internal Links | 2022-06-22 | 3.5 LOW | 5.4 MEDIUM |
| The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping | |||||
| CVE-2022-1758 | 1 Genki Pre-publish Reminder Project | 1 Genki Pre-publish Reminder | 2022-06-22 | 6.8 MEDIUM | 8.8 HIGH |
| The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. | |||||
| CVE-2022-1756 | 1 Thenewsletterplugin | 1 Newsletter | 2022-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. | |||||
| CVE-2022-32285 | 1 Mendix | 1 Saml | 2022-06-22 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances. | |||||
| CVE-2021-35095 | 1 Qualcomm | 20 Ar8035, Ar8035 Firmware, Qca8081 and 17 more | 2022-06-22 | 6.9 MEDIUM | 7.0 HIGH |
| Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2021-35094 | 1 Qualcomm | 162 Aqt1000, Aqt1000 Firmware, Qca6390 and 159 more | 2022-06-22 | 7.2 HIGH | 7.8 HIGH |
| Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35092 | 1 Qualcomm | 166 Apq8053, Apq8053 Firmware, Apq8096au and 163 more | 2022-06-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2022-32258 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | |||||
| CVE-2022-32259 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. | |||||
| CVE-2021-35091 | 1 Qualcomm | 12 Sd 8 Gen1 5g, Sd 8 Gen1 5g Firmware, Wcd9380 and 9 more | 2022-06-22 | 7.2 HIGH | 7.8 HIGH |
| Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2021-42675 | 1 Kreado | 1 Kreasfero | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. | |||||
| CVE-2022-32352 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. | |||||
| CVE-2022-32336 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. | |||||
| CVE-2022-30930 | 1 Tourism Management System Project | 1 Tourism Management System | 2022-06-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-31309 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
| CVE-2022-31308 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
| CVE-2021-40678 | 1 Piwigo | 1 Piwigo | 2022-06-22 | 3.5 LOW | 5.4 MEDIUM |
| In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | |||||
| CVE-2022-31465 | 1 Siemens | 1 Xpedition Designer | 2022-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2022-30937 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition. | |||||
| CVE-2021-35081 | 1 Qualcomm | 146 Aqt1000, Aqt1000 Firmware, Ar8035 and 143 more | 2022-06-22 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||