Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0145 | 1 Fork-cms | 1 Fork Cms | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | |||||
| CVE-2022-27607 | 1 Axiosys | 1 Bento4 | 2022-03-29 | 5.8 MEDIUM | 8.1 HIGH |
| Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531. | |||||
| CVE-2021-42194 | 1 Eyoucms | 1 Eyoucms | 2022-03-29 | 6.5 MEDIUM | 7.2 HIGH |
| The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. | |||||
| CVE-2022-26283 | 1 Simple Subscription Website Project | 1 Simple Subscription Website | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-26184 | 2 Microsoft, Python-poetry | 2 Windows, Poetry | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | |||||
| CVE-2022-1002 | 1 Mattermost | 1 Mattermost | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations. | |||||
| CVE-2021-4031 | 1 Syltek | 1 Syltek | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification. | |||||
| CVE-2022-25269 | 1 Passwork | 1 Passwork | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. | |||||
| CVE-2022-25268 | 1 Passwork | 1 Passwork | 2022-03-29 | 6.8 MEDIUM | 8.8 HIGH |
| Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. | |||||
| CVE-2022-25267 | 1 Passwork | 1 Passwork | 2022-03-29 | 6.5 MEDIUM | 8.8 HIGH |
| Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). | |||||
| CVE-2022-25266 | 1 Passwork | 1 Passwork | 2022-03-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). | |||||
| CVE-2022-26284 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests. | |||||
| CVE-2022-26183 | 2 Microsoft, Pnpm | 2 Windows, Pnpm | 2022-03-29 | 6.5 MEDIUM | 8.8 HIGH |
| PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | |||||
| CVE-2022-27081 | 1 Tenda | 2 M3, M3 Firmware | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | |||||
| CVE-2022-27080 | 1 Tenda | 2 M3, M3 Firmware | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. | |||||
| CVE-2022-27079 | 1 Tenda | 2 M3, M3 Firmware | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. | |||||
| CVE-2022-27078 | 1 Tenda | 2 M3, M3 Firmware | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. | |||||
| CVE-2022-27333 | 1 Idccms Project | 1 Idccms | 2022-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. | |||||
| CVE-2022-27077 | 1 Tenda | 2 M3, M3 Firmware | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. | |||||
| CVE-2022-27076 | 1 Tenda | 2 M3, M3 Firmware | 2022-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. | |||||