Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43429 | 1 Seagate | 1 Cortx-s3 Server | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. | |||||
| CVE-2021-37293 | 1 Kevinlab | 1 4st L-bems | 2022-04-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. | |||||
| CVE-2021-38929 | 1 Ibm | 2 System Storage Ds8000 Management Console, System Storage Ds8000 Management Console Firmware | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. | |||||
| CVE-2022-1288 | 1 School Club Application System Project | 1 School Club Application System | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-22571 | 1 Ivanti | 1 Incapptic Connect | 2022-04-15 | 3.5 LOW | 4.8 MEDIUM |
| An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. | |||||
| CVE-2021-37291 | 1 Kevinlab | 1 4st L-bems | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. | |||||
| CVE-2021-40219 | 1 Bolt | 1 Bolt Cms | 2022-04-15 | 6.5 MEDIUM | 8.8 HIGH |
| Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. | |||||
| CVE-2022-27115 | 2 Microsoft, Std42 | 2 Windows, Elfinder | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. | |||||
| CVE-2022-0919 | 1 Salonbookingsystem | 1 Salon Booking System | 2022-04-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. | |||||
| CVE-2022-1295 | 1 Fullpage Project | 1 Fullpage | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. | |||||
| CVE-2022-27125 | 1 Zbzcms | 1 Zbzcms | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. | |||||
| CVE-2022-27126 | 1 Zbzcms | 1 Zbzcms | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. | |||||
| CVE-2022-27127 | 1 Zbzcms | 1 Zbzcms | 2022-04-15 | 6.4 MEDIUM | 6.5 MEDIUM |
| zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. | |||||
| CVE-2022-20063 | 2 Google, Mediatek | 8 Android, Mt6765, Mt8385 and 5 more | 2022-04-14 | 6.9 MEDIUM | 6.5 MEDIUM |
| In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715. | |||||
| CVE-2022-20062 | 2 Google, Mediatek | 37 Android, Mt6765, Mt6785 and 34 more | 2022-04-14 | 7.2 HIGH | 6.7 MEDIUM |
| In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418. | |||||
| CVE-2022-20052 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6735 and 43 more | 2022-04-14 | 6.9 MEDIUM | 6.5 MEDIUM |
| In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642. | |||||
| CVE-2021-36846 | 1 Premio | 1 Chaty | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | |||||
| CVE-2021-39068 | 1 Ibm | 1 Curam Social Program Management | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. | |||||
| CVE-2022-27156 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. | |||||
| CVE-2022-27111 | 1 Jflyfox | 1 Jfinal Cms | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. | |||||