Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1931 | 1 Trudesk Project | 1 Trudesk | 2022-06-08 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2022-26688 | 1 Apple | 2 Mac Os X, Macos | 2022-06-08 | 4.9 MEDIUM | 4.4 MEDIUM |
| An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. | |||||
| CVE-2022-27305 | 1 Gibbonedu | 1 Gibbon | 2022-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | |||||
| CVE-2022-22676 | 1 Apple | 1 Macos | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. | |||||
| CVE-2022-1643 | 1 Birthdays Widget Project | 1 Birthdays Widget | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1611 | 1 Bulk Page Creator Project | 1 Bulk Page Creator | 2022-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF. | |||||
| CVE-2022-22672 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2022-06-08 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22663 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2021-27779 | 1 Hcltech | 1 Versionvault Express | 2022-06-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. | |||||
| CVE-2013-10004 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2022-06-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-25878 | 1 Protobufjs Project | 1 Protobufjs | 2022-06-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files | |||||
| CVE-2022-1009 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file | |||||
| CVE-2022-31261 | 1 Morpheusdata | 1 Morpheus | 2022-06-08 | 4.3 MEDIUM | 7.5 HIGH |
| An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. | |||||
| CVE-2022-1275 | 1 Stillbreathing | 1 Bannerman | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) | |||||
| CVE-2022-1294 | 1 99webtools | 1 Imdb Info Box | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1387 | 1 No Future Posts Project | 1 No Future Posts | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1299 | 1 Slideshow Project | 1 Slideshow | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1456 | 1 Ays-pro | 1 Poll Maker | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed | |||||
| CVE-2022-1395 | 1 Easy Faq With Expanding Text Project | 1 Easy Faq With Expanding Text | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||
| CVE-2022-1527 | 1 Wpwhitesecurity | 1 Wp 2fa | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||