Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30523 | 1 Trendmicro | 1 Password Manager | 2022-05-25 | 7.2 HIGH | 7.8 HIGH |
| Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. | |||||
| CVE-2017-12858 | 1 Libzip | 1 Libzip | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2021-33021 | 1 Xarrow | 1 Xarrow | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. | |||||
| CVE-2021-33025 | 1 Xarrow | 1 Xarrow | 2022-05-25 | 4.6 MEDIUM | 7.8 HIGH |
| xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. | |||||
| CVE-2021-30361 | 1 Checkpoint | 4 Gaia Os, Gaia Portal, Quantum Security Gateway and 1 more | 2022-05-25 | 6.9 MEDIUM | 6.7 MEDIUM |
| The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | |||||
| CVE-2021-33318 | 2 Ipmatcher Project, Watsonwebserver Project | 2 Ipmatcher, Watsonwebserver | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets. | |||||
| CVE-2022-29121 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2022-05-25 | 3.3 LOW | 6.5 MEDIUM |
| Windows WLAN AutoConfig Service Denial of Service Vulnerability. | |||||
| CVE-2022-30777 | 1 Parallels | 1 H-sphere | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | |||||
| CVE-2021-33001 | 1 Xarrow | 1 Xarrow | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. | |||||
| CVE-2021-25119 | 1 Wpsocket | 1 Automatic Grid Image Listing | 2022-05-25 | 6.5 MEDIUM | 7.2 HIGH |
| The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE | |||||
| CVE-2022-30961 | 1 Jenkins | 1 Autocomplete Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30960 | 1 Jenkins | 1 Application Detector | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30962 | 1 Jenkins | 1 Global Variable String Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-1062 | 1 Th23 | 1 Th23 Social | 2022-05-25 | 3.5 LOW | 4.8 MEDIUM |
| The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-23267 | 1 Craftercms | 1 Crafter Cms | 2022-05-24 | 9.0 HIGH | 8.8 HIGH |
| Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods. | |||||
| CVE-2022-1731 | 1 Allgeier | 1 Metasonic Doc Webclient | 2022-05-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. | |||||
| CVE-2022-1728 | 1 Trudesk Project | 1 Trudesk | 2022-05-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||||
| CVE-2022-1726 | 1 Bootstrap-table | 1 Bootstrap Table | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties. | |||||
| CVE-2022-1559 | 1 Clipr | 1 Clipr | 2022-05-24 | 3.5 LOW | 4.8 MEDIUM |
| The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed | |||||