Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28323 | 1 Mediawiki | 1 Mediawiki | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | |||||
| CVE-2022-29081 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | |||||
| CVE-2021-38448 | 1 Trane | 6 Ascend Air-cooled Chiller Acr, Intellipak 1, Intellipak 2 and 3 more | 2022-05-10 | 4.6 MEDIUM | 7.6 HIGH |
| The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | |||||
| CVE-2022-23400 | 1 Accusoft | 1 Imagegear | 2022-05-09 | 5.8 MEDIUM | 7.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-26326 | 1 Microfocus | 1 Netiq Access Manager | 2022-05-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | |||||
| CVE-2022-1515 | 1 Matio Project | 1 Matio | 2022-05-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS. | |||||
| CVE-2022-20087 | 2 Google, Mediatek | 7 Android, Mt6833, Mt6853 and 4 more | 2022-05-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. | |||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2022-05-09 | 3.5 LOW | 5.4 MEDIUM |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | |||||
| CVE-2020-23617 | 1 Totolink | 4 N100re, N100re Firmware, N200re and 1 more | 2022-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | |||||
| CVE-2021-36844 | 1 Mythemeshop | 1 Wp Subscribe | 2022-05-09 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. | |||||
| CVE-2022-28054 | 2 Microsoft, Vandyke | 2 Windows, Vshell | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. | |||||
| CVE-2022-28590 | 1 Pixelimity | 1 Pixelimity | 2022-05-09 | 6.5 MEDIUM | 7.2 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | |||||
| CVE-2022-28589 | 1 Pixelimity | 1 Pixelimity | 2022-05-09 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | |||||
| CVE-2014-0464 | 1 Oracle | 2 Jdk, Jre | 2022-05-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463. | |||||
| CVE-2014-0463 | 1 Oracle | 2 Jdk, Jre | 2022-05-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464. | |||||
| CVE-2022-28585 | 1 Phome | 1 Empirecms | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php | |||||
| CVE-2014-2410 | 1 Oracle | 2 Jdk, Jre | 2022-05-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | |||||
| CVE-2022-22368 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Scale, Linux Kernel and 1 more | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. | |||||
| CVE-2021-40822 | 1 Osgeo | 1 Geoserver | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | |||||
| CVE-2022-28561 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-05-09 | 10.0 HIGH | 9.8 CRITICAL |
| There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload | |||||