Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28060 | 1 Victor Cms Project | 1 Victor Cms | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. | |||||
| CVE-2022-24886 | 1 Nextcloud | 1 Nextcloud | 2022-05-06 | 2.1 LOW | 3.8 LOW |
| Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. | |||||
| CVE-2022-24885 | 1 Nextcloud | 1 Nextcloud | 2022-05-06 | 2.1 LOW | 2.4 LOW |
| Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. | |||||
| CVE-2021-3972 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2022-05-06 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | |||||
| CVE-2021-3970 | 1 Lenovo | 210 Ideapad 3-14ada05, Ideapad 3-14ada05 Firmware, Ideapad 3-14ada6 and 207 more | 2022-05-06 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
| CVE-2021-3721 | 1 Lenovo | 1 Pcmanager | 2022-05-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | |||||
| CVE-2022-27340 | 1 Mingsoft | 1 Mcms | 2022-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. | |||||
| CVE-2021-41921 | 1 Novel-plus Project | 1 Novel-plus | 2022-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | |||||
| CVE-2022-1509 | 1 Hestiacp | 1 Control Panel | 2022-05-06 | 9.0 HIGH | 8.8 HIGH |
| Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. | |||||
| CVE-2022-24873 | 1 Shopware | 1 Shopware | 2022-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. | |||||
| CVE-2022-29152 | 1 Ericom | 1 Powerterm Webconnect | 2022-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. | |||||
| CVE-2022-1511 | 1 Snipeitapp | 1 Snipe-it | 2022-05-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. | |||||
| CVE-2021-3523 | 1 Redhat | 1 Apicast | 2022-05-06 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. | |||||
| CVE-2022-29584 | 1 Mahara | 1 Mahara | 2022-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. | |||||
| CVE-2022-28477 | 1 Wbce | 1 Wbce Cms | 2022-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-28454 | 1 Limbas | 1 Limbas | 2022-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2021-38952 | 1 Ibm | 1 Infosphere Information Server | 2022-05-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. | |||||
| CVE-2022-22441 | 1 Ibm | 1 Infosphere Information Server | 2022-05-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. | |||||
| CVE-2022-22427 | 1 Ibm | 1 Infosphere Information Server | 2022-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. | |||||
| CVE-2022-22322 | 1 Ibm | 1 Infosphere Information Server | 2022-05-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. | |||||