Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1023 | 1 Secondlinethemes | 1 Podcast Importer Secondline | 2022-04-14 | 6.5 MEDIUM | 7.2 HIGH |
| The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | |||||
| CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2022-04-14 | 6.5 MEDIUM | 7.2 HIGH |
| The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | |||||
| CVE-2022-0969 | 1 Vertistudio | 1 Image Optimization \& Lazy Load By Optimole | 2022-04-14 | 3.5 LOW | 4.8 MEDIUM |
| The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0949 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-27089 | 1 Fujitsu | 1 Plugfree Network | 2022-04-14 | 7.2 HIGH | 7.8 HIGH |
| In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. | |||||
| CVE-2022-27088 | 1 Ivanti | 1 Dsm Remote | 2022-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | |||||
| CVE-2022-27041 | 1 Os4ed | 1 Opensis | 2022-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. | |||||
| CVE-2022-26414 | 1 Zyxel | 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more | 2022-04-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service. | |||||
| CVE-2022-26413 | 1 Zyxel | 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more | 2022-04-14 | 7.7 HIGH | 8.0 HIGH |
| A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | |||||
| CVE-2022-1297 | 1 Radare | 1 Radare2 | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | |||||
| CVE-2022-1296 | 1 Radare | 1 Radare2 | 2022-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | |||||
| CVE-2022-0556 | 1 Zyxel | 1 Zyxel Ap Configurator | 2022-04-14 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | |||||
| CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2022-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | |||||
| CVE-2021-32162 | 1 Webmin | 1 Webmin | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. | |||||
| CVE-2021-32161 | 1 Webmin | 1 Webmin | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | |||||
| CVE-2021-32160 | 1 Webmin | 1 Webmin | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | |||||
| CVE-2021-32159 | 1 Webmin | 1 Webmin | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | |||||
| CVE-2021-32158 | 1 Webmin | 1 Webmin | 2022-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | |||||
| CVE-2021-32156 | 1 Webmin | 1 Webmin | 2022-04-14 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | |||||
| CVE-2022-27960 | 1 Ofcms Project | 1 Ofcms | 2022-04-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. | |||||