Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28145 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. | |||||
| CVE-2022-1077 | 1 Tem | 4 Flex-1080, Flex-1080 Firmware, Flex-1085 and 1 more | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. | |||||
| CVE-2022-28141 | 1 Jenkins | 1 Proxmox | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-1181 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. | |||||
| CVE-2022-1180 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 3.5 LOW |
| Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-1179 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-1178 | 1 Open-emr | 1 Openemr | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. | |||||
| CVE-2022-23869 | 1 Ruoyi | 1 Ruoyi | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. | |||||
| CVE-2022-1074 | 1 Tem | 2 Flex-1085, Flex-1085 Firmware | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. | |||||
| CVE-2022-23868 | 1 Ruoyi | 1 Ruoyi | 2022-04-04 | 6.8 MEDIUM | 7.8 HIGH |
| RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | |||||
| CVE-2022-1073 | 1 Automatic Question Paper Generator System Project | 1 Automatic Question Paper Generator System | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely. | |||||
| CVE-2022-25420 | 1 Nttr | 1 Goo Blog | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. | |||||
| CVE-2022-1177 | 1 Open-emr | 1 Openemr | 2022-04-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. | |||||
| CVE-2022-0344 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project | |||||
| CVE-2022-25598 | 1 Apache | 1 Dolphinscheduler | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. | |||||
| CVE-2022-26839 | 1 Deltaww | 1 Diaenergie | 2022-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | |||||
| CVE-2022-25347 | 1 Deltaww | 1 Diaenergie | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | |||||
| CVE-2022-0735 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. | |||||
| CVE-2022-0679 | 1 Narnoo Distributor Project | 1 Narnoo Distributor | 2022-04-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration. | |||||
| CVE-2022-28136 | 1 Jenkins | 1 Jiratestresultreporter | 2022-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||