Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0862 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user. | |||||
| CVE-2022-0861 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-03-28 | 5.5 MEDIUM | 3.8 LOW |
| A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data. | |||||
| CVE-2022-23242 | 1 Teamviewer | 1 Teamviewer | 2022-03-28 | 1.9 LOW | 4.2 MEDIUM |
| TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password. | |||||
| CVE-2021-43738 | 1 Xiaohuanxiong Cms Project | 1 Xiaohuanxiong Cms | 2022-03-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account. | |||||
| CVE-2021-43735 | 1 Cmswing | 1 Cmswing | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | |||||
| CVE-2021-44139 | 1 Hashicorp | 1 Sentinel | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). | |||||
| CVE-2021-43737 | 1 Xiaohuanxiong Project | 1 Xiaohuanxiong Cms | 2022-03-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password. | |||||
| CVE-2021-43736 | 1 Cmswing | 1 Cmswing | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | |||||
| CVE-2022-0750 | 1 Thriveweb | 1 Photoswipe Masonry Gallery | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14. | |||||
| CVE-2021-46064 | 1 Irfanview | 1 Irfanview | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image. | |||||
| CVE-2022-0834 | 1 Wpamelia | 1 Amelia | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46. | |||||
| CVE-2022-25221 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. | |||||
| CVE-2022-25222 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id' parameter. | |||||
| CVE-2022-25608 | 1 Yooslider | 1 Yoo Slider | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | |||||
| CVE-2022-25223 | 1 Money Transfer Management System Project | 1 Money Transfer Management System | 2022-03-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. | |||||
| CVE-2022-25609 | 1 Yooslider | 1 Yoo Slider | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. | |||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2022-03-28 | 6.5 MEDIUM | 7.2 HIGH |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-1036 | 1 Microweber | 1 Microweber | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. | |||||
| CVE-2021-43650 | 1 Softwell | 1 Webrun | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. | |||||