Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1934 | 1 Mruby | 1 Mruby | 2022-06-08 | 4.6 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository mruby/mruby prior to 3.2. | |||||
| CVE-2022-1926 | 1 Trudesk Project | 1 Trudesk | 2022-06-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2022-29337 | 1 Cdatatec | 2 Fd702xw-x-r430, Fd702xw-x-r430 Firmware | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2022-1646 | 1 Simple Real Estate Pack Project | 1 Simple Real Estate Pack | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1645 | 1 Amazon Link Project | 1 Amazon Link | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-30701 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-06-08 | 7.2 HIGH | 7.8 HIGH |
| An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-30700 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-06-08 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-1644 | 1 Call\&book Mobile Bar Project | 1 Call\&book Mobile Bar | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-28394 | 1 Trendmicro | 1 Password Manager | 2022-06-08 | 6.9 MEDIUM | 7.8 HIGH |
| EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). | |||||
| CVE-2022-30687 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2022-06-08 | 6.6 MEDIUM | 7.1 HIGH |
| Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. | |||||
| CVE-2013-10003 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-27781 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | |||||
| CVE-2021-27780 | 1 Hcltech | 2 Bigfix Mobile, Modern Client Management | 2022-06-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | |||||
| CVE-2022-1528 | 1 Vikwp | 1 Vik Booking | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-31648 | 1 Talend | 1 Administration Center | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | |||||
| CVE-2022-29637 | 1 Iminho | 1 Mindoc | 2022-06-08 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. | |||||
| CVE-2022-1542 | 1 Justsystems | 1 Hpb Dashboard | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-30585 | 1 Rsa | 1 Archer | 2022-06-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. | |||||
| CVE-2022-1556 | 1 Era404 | 1 Stafflist | 2022-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection | |||||
| CVE-2022-30428 | 1 Ginadmin Project | 1 Ginadmin | 2022-06-08 | 5.0 MEDIUM | 7.5 HIGH |
| In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | |||||