Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27848 | 1 Webnus | 1 Modern Events Calendar Lite | 2022-04-22 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | |||||
| CVE-2021-25158 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-04-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-25160 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2022-04-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2010-0128 | 3 Adobe, Apple, Microsoft | 4 Director, Shockwave Player, Macos and 1 more | 2022-04-21 | 9.3 HIGH | N/A |
| Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. | |||||
| CVE-2022-24482 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-04-21 | 4.4 MEDIUM | 7.0 HIGH |
| Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540. | |||||
| CVE-2022-24473 | 1 Microsoft | 2 365 Apps, Office | 2022-04-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901. | |||||
| CVE-2022-24472 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2022-04-21 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability. | |||||
| CVE-2021-40392 | 1 Moxa | 1 Mxview | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. | |||||
| CVE-2022-27851 | 1 Dineshkarki | 1 Use Any Font | 2022-04-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | |||||
| CVE-2022-27850 | 1 Plugin-planet | 1 Simple Ajax Chat | 2022-04-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | |||||
| CVE-2022-29280 | 2022-04-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28366. Reason: This candidate is a reservation duplicate of CVE-2022-28366. Notes: All CVE users should reference CVE-2022-28366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-24528 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809. | |||||
| CVE-2022-24527 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability. | |||||
| CVE-2021-36828 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2022-04-21 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs. | |||||
| CVE-2022-27258 | 1 Hubzilla | 1 Hubzilla | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. | |||||
| CVE-2022-27849 | 1 Plugin-planet | 1 Simple Ajax Chat | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115 | |||||
| CVE-2022-21983 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-04-21 | 5.1 MEDIUM | 7.5 HIGH |
| Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. | |||||
| CVE-2021-43286 | 1 Thoughtworks | 1 Gocd | 2022-04-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code. | |||||
| CVE-2021-43287 | 1 Thoughtworks | 1 Gocd | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. | |||||
| CVE-2020-16238 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. | |||||