Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1244 | 1 Radare | 1 Radare2 | 2022-04-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | |||||
| CVE-2022-28364 | 1 Reprisesoftware | 1 Reprise License Manager | 2022-04-15 | 3.5 LOW | 5.4 MEDIUM |
| Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. | |||||
| CVE-2022-26630 | 1 Jellycms | 1 Jellycms | 2022-04-15 | 6.5 MEDIUM | 8.8 HIGH |
| Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php. | |||||
| CVE-2022-0892 | 1 Atlasgondal | 1 Export All Urls | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-22819 | 1 Nxp | 12 Lpc55s66jbd100, Lpc55s66jbd100 Firmware, Lpc55s66jbd64 and 9 more | 2022-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update. | |||||
| CVE-2021-43498 | 1 Atutor | 1 Atutor | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | |||||
| CVE-2022-0728 | 1 Pootlepress | 1 Easy Smooth Scroll Links | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-43430 | 1 Bigantsoft | 1 Bigant Office Messenger 5 | 2022-04-15 | 6.5 MEDIUM | 8.8 HIGH |
| An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | |||||
| CVE-2022-0531 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting | |||||
| CVE-2022-0471 | 1 Realfavicongenerator | 1 Favicon By Realfavicongenerator | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0447 | 1 Pickplugins | 1 Post Grid | 2022-04-15 | 3.5 LOW | 6.4 MEDIUM |
| The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0314 | 1 Presscustomizr | 1 Nimble Page Builder | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-28363 | 1 Reprisesoftware | 1 Reprise License Manager | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. | |||||
| CVE-2022-0271 | 1 Thimpress | 1 Learnpress | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0246 | 1 Webence | 1 Iq Block Country | 2022-04-15 | 4.0 MEDIUM | 4.9 MEDIUM |
| The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability. | |||||
| CVE-2021-25090 | 1 Wpsofts | 1 Portfolio Gallery\, Product Catalog - Grid Kit Portfolio | 2022-04-15 | 3.5 LOW | 5.4 MEDIUM |
| The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed | |||||
| CVE-2022-29035 | 1 Jetbrains | 1 Ktor | 2022-04-15 | 4.0 MEDIUM | 2.7 LOW |
| In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations | |||||
| CVE-2021-24987 | 1 Heateor | 1 Super Socializer | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue. | |||||
| CVE-2021-46416 | 1 Sma | 2 Sunny Tripower, Sunny Tripower Firmware | 2022-04-15 | 5.5 MEDIUM | 8.1 HIGH |
| Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. | |||||
| CVE-2022-25339 | 1 Owncloud | 1 Owncloud | 2022-04-15 | 2.1 LOW | 5.5 MEDIUM |
| ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | |||||