Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7351 | 1 Netfortris | 1 Trixbox | 2022-04-18 | 9.0 HIGH | 8.8 HIGH |
| An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected. | |||||
| CVE-2014-5112 | 1 Netfortris | 1 Trixbox | 2022-04-18 | 7.5 HIGH | N/A |
| maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | |||||
| CVE-2014-5111 | 1 Netfortris | 1 Trixbox | 2022-04-18 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. | |||||
| CVE-2007-6424 | 1 Netfortris | 1 Trixbox | 2022-04-18 | 4.3 MEDIUM | N/A |
| registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack. | |||||
| CVE-2022-1291 | 1 Tableexport.jquery.plugin Project | 1 Tableexport.jquery.plugin | 2022-04-15 | 3.5 LOW | 5.4 MEDIUM |
| XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers | |||||
| CVE-2022-0920 | 1 Salonbookingsystem | 1 Salon Booking System | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | |||||
| CVE-2022-0989 | 1 Nsthemes | 1 Ns Watermark For Woocommerce | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | |||||
| CVE-2021-28428 | 1 Horizontcms Project | 1 Horizontcms | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE. | |||||
| CVE-2021-46740 | 1 Huawei | 2 Emui, Harmonyos | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-1276 | 1 Mruby | 1 Mruby | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | |||||
| CVE-2021-40065 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-24821 | 1 Xwiki | 1 Xwiki | 2022-04-15 | 5.5 MEDIUM | 8.1 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki. | |||||
| CVE-2021-36893 | 1 Wpdarko | 1 Responsive Tabs | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 | |||||
| CVE-2021-36848 | 1 Sharethis | 1 Social Media Feather | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | |||||
| CVE-2022-0914 | 1 Atlasgondal | 1 Export All Urls | 2022-04-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example | |||||
| CVE-2022-0840 | 1 Cybernetikz | 1 Easy Social Icons | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-38930 | 1 Ibm | 2 System Storage Ds8000 Management Console, System Storage Ds8000 Management Console Firmware | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. | |||||
| CVE-2021-36910 | 1 Wp-appbox Project | 1 Wp-appbox | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | |||||
| CVE-2021-36896 | 1 W3eden | 1 Pricing Table | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | |||||
| CVE-2022-0828 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | |||||