Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25484 | 1 Broadcom | 1 Tcpreplay | 2022-03-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. | |||||
| CVE-2021-41736 | 1 Grame | 1 Faust | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp. | |||||
| CVE-2022-27228 | 1 Bitrix24 | 1 Bitrix24 | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. | |||||
| CVE-2022-25517 | 1 Baomidou | 1 Mybatis-plus | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. | |||||
| CVE-2022-26260 | 1 Simple-plist Project | 1 Simple-plist | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). | |||||
| CVE-2022-1031 | 1 Radare | 1 Radare2 | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. | |||||
| CVE-2021-33961 | 1 Enhanced-github Project | 1 Enhanced-github | 2022-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. | |||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2022-03-28 | 6.5 MEDIUM | 7.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | |||||
| CVE-2022-25518 | 1 Tecnoteca | 1 Cmdbuild | 2022-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table. | |||||
| CVE-2022-0652 | 1 Sophos | 1 Unified Threat Management | 2022-03-28 | 2.1 LOW | 7.8 HIGH |
| Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. | |||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2022-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | |||||
| CVE-2022-0747 | 1 Quantumcloud | 1 Infographic Maker | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-0760 | 1 Quantumcloud | 1 Simple Link Directory | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-27226 | 1 Irz | 10 Rl01, Rl01 Firmware, Rl21 and 7 more | 2022-03-28 | 9.3 HIGH | 8.8 HIGH |
| A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. | |||||
| CVE-2022-0475 | 1 Otrs | 1 Otrs | 2022-03-28 | 3.5 LOW | 5.4 MEDIUM |
| Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions. | |||||
| CVE-2020-26008 | 1 Shopxo | 1 Shopxo | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2022-03-28 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2022-0739 | 1 Reputeinfosystems | 1 Bookingpress | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection | |||||
| CVE-2022-25462 | 1 Yafu Project | 1 Yafu | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2022-0514 | 1 Craterapp | 1 Crater | 2022-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. | |||||