Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30964 1 Jenkins 1 Multiselect Parameter 2022-05-25 3.5 LOW 5.4 MEDIUM
Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-23666 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 9.0 HIGH 9.1 CRITICAL
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23665 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 9.0 HIGH 9.1 CRITICAL
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23664 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 9.0 HIGH 9.1 CRITICAL
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-30967 1 Jenkins 1 Selection Tasks 2022-05-25 3.5 LOW 5.4 MEDIUM
Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2021-27446 1 Weintek 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more 2022-05-25 10.0 HIGH 9.8 CRITICAL
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
CVE-2022-30968 1 Jenkins 1 Vboxwrapper 2022-05-25 3.5 LOW 5.4 MEDIUM
Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-23661 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 9.0 HIGH 9.1 CRITICAL
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23659 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 4.3 MEDIUM 6.1 MEDIUM
A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23660 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 10.0 HIGH 10.0 CRITICAL
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23658 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 10.0 HIGH 10.0 CRITICAL
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-23657 1 Arubanetworks 1 Clearpass Policy Manager 2022-05-25 10.0 HIGH 10.0 CRITICAL
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
CVE-2022-30966 1 Jenkins 1 Random String Parameter 2022-05-25 3.5 LOW 5.4 MEDIUM
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-26650 1 Apache 1 Shenyu 2022-05-25 5.0 MEDIUM 7.5 HIGH
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.
CVE-2022-0573 1 Jfrog 1 Artifactory 2022-05-25 6.5 MEDIUM 8.8 HIGH
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
CVE-2022-30971 1 Jenkins 1 Storable Configs 2022-05-25 6.5 MEDIUM 8.8 HIGH
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-30969 1 Jenkins 1 Autocomplete Parameter 2022-05-25 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.
CVE-2021-23266 1 Craftercms 1 Crafter Cms 2022-05-25 4.3 MEDIUM 4.3 MEDIUM
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
CVE-2022-30970 1 Jenkins 1 Autocomplete Parameter 2022-05-25 3.5 LOW 5.4 MEDIUM
Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-22484 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Protect, Linux Kernel and 1 more 2022-05-25 2.1 LOW 5.5 MEDIUM
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.