Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38868 | 1 Ehoney Project | 1 Ehoney | 2023-02-22 | N/A | 7.2 HIGH |
| SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code. | |||||
| CVE-2021-38239 | 1 Dataease | 1 Dataease | 2023-02-22 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10. | |||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2023-02-22 | N/A | 4.3 MEDIUM |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-38867 | 1 Rttys Project | 1 Rttys | 2023-02-22 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code. | |||||
| CVE-2021-33925 | 1 Cms-corephp Project | 1 Cms-corephp | 2023-02-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. | |||||
| CVE-2021-33396 | 1 Baijiacms Project | 1 Baijiacms | 2023-02-22 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php. | |||||
| CVE-2020-21120 | 1 Uqcms | 1 Uqcms | 2023-02-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num. | |||||
| CVE-2021-34117 | 1 Seopanel | 1 Seo Panel | 2023-02-22 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | |||||
| CVE-2020-19825 | 1 Kimai | 1 Kimai | 2023-02-22 | N/A | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges. | |||||
| CVE-2022-45546 | 1 Screencheck | 1 Badgemaker | 2023-02-22 | N/A | 7.5 HIGH |
| Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. | |||||
| CVE-2022-45543 | 1 Discuz | 1 Discuzx | 2023-02-22 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | |||||
| CVE-2021-33304 | 1 Altran | 2 Picotcp, Picotcp-ng | 2023-02-22 | N/A | 9.8 CRITICAL |
| Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code. | |||||
| CVE-2020-21119 | 1 Kliqqi | 1 Kliqqi Cms | 2023-02-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code. | |||||
| CVE-2023-0840 | 1 Phpcrazy Project | 1 Phpcrazy | 2023-02-22 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0061 | 1 Judge | 1 Product Reviews For Woocommerce | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0841 | 1 Gpac | 1 Gpac | 2023-02-22 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087. | |||||
| CVE-2022-4473 | 1 Widget Shortcode Project | 1 Widget Shortcode | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4471 | 1 Yarpp | 1 Yet Another Related Posts Plugin | 2023-02-22 | N/A | 5.4 MEDIUM |
| The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-0075 | 1 Amazonjs Project | 1 Amazonjs | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4830 | 1 Paidmembershipspro | 1 Paid Memberships Pro | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||