Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26986 | 1 Impresscms | 1 Impresscms | 2022-04-12 | 8.5 HIGH | 7.2 HIGH |
| SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system. | |||||
| CVE-2021-27117 | 1 Beego | 1 Beego | 2022-04-12 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. | |||||
| CVE-2021-27116 | 1 Beego | 1 Beego | 2022-04-12 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. | |||||
| CVE-2021-30080 | 1 Beego | 1 Beego | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control. | |||||
| CVE-2022-27463 | 1 Wwbn | 1 Avideo | 2022-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. | |||||
| CVE-2020-28847 | 1 Valine.js | 1 Valine | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. | |||||
| CVE-2022-27462 | 1 Wwbn | 1 Avideo | 2022-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. | |||||
| CVE-2022-0602 | 1 Tastyigniter | 1 Tastyigniter | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. | |||||
| CVE-2022-26953 | 1 Digi | 2 Passport, Passport Firmware | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. | |||||
| CVE-2022-26952 | 1 Digi | 2 Passport, Passport Firmware | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | |||||
| CVE-2021-40374 | 1 Apperta | 1 Openeye | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack. | |||||
| CVE-2022-25356 | 1 Altn | 1 Securitygateway | 2022-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. | |||||
| CVE-2022-26615 | 1 College Website Content Management System Project | 1 College Website Content Management System | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields. | |||||
| CVE-2022-21664 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2022-21662 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2022-04-12 | 3.5 LOW | 5.4 MEDIUM |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2022-28468 | 1 Payroll Management System Project | 1 Payroll Management System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. | |||||
| CVE-2022-28116 | 1 Online Banking System Project | 1 Online Banking System | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-28115 | 1 Online Sports Complex Booking Project | 1 Online Sports Complex Booking | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. | |||||
| CVE-2022-21661 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-28467 | 1 Online Student Admission Project | 1 Online Student Admission | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter. | |||||