Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0647 | 1 Bulk Creator Project | 1 Bulk Creator | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2021-31215 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2022-03-31 | 6.5 MEDIUM | 8.8 HIGH |
| SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. | |||||
| CVE-2021-22207 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2022-03-31 | 5.0 MEDIUM | 6.5 MEDIUM |
| Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2022-0643 | 1 Bank Mellat Project | 1 Bank Mellat | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0641 | 1 Ays-pro | 1 Popup Like Box | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-24934 | 1 Wps | 1 Wps Office | 2022-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | |||||
| CVE-2021-28918 | 1 Netmask Project | 1 Netmask | 2022-03-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. | |||||
| CVE-2022-0621 | 1 Dtabs Project | 1 Dtabs | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0620 | 1 Deleteoldorders Project | 1 Delete Old Orders | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0600 | 1 Myceliumdesign | 1 Conference Scheduler | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-26273 | 1 Eyoucms | 1 Eyoucms | 2022-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | |||||
| CVE-2022-0599 | 1 Mapping Multiple Urls Redirect Same Page Project | 1 Mapping Multiple Urls Redirect Same Page | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2022-0595 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2022-03-31 | 3.5 LOW | 5.4 MEDIUM |
| The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue | |||||
| CVE-2021-43721 | 1 Leanote | 1 Leanote | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> | |||||
| CVE-2021-43725 | 1 Spotweb Project | 1 Spotweb | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | |||||
| CVE-2022-23882 | 1 Tuzicms | 1 Tuzicms | 2022-03-31 | 7.5 HIGH | 9.8 CRITICAL |
| TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. | |||||
| CVE-2021-44213 | 1 Open-xchange | 1 Ox App Suite | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. | |||||
| CVE-2021-44212 | 1 Open-xchange | 1 Ox App Suite | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. | |||||
| CVE-2021-40857 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2022-03-31 | 6.5 MEDIUM | 8.8 HIGH |
| Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring. | |||||
| CVE-2022-26271 | 1 74cms | 1 74cms | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. | |||||