Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44261 | 1 Netgear | 10 R6220, R6220 Firmware, R6900 and 7 more | 2022-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | |||||
| CVE-2022-24073 | 1 Navercorp | 1 Whale | 2022-03-23 | 5.8 MEDIUM | 7.1 HIGH |
| The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. | |||||
| CVE-2021-23556 | 1 Guake-project | 1 Guake | 2022-03-23 | 6.0 MEDIUM | 8.0 HIGH |
| The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands. | |||||
| CVE-2022-25760 | 1 Accesslog Project | 1 Accesslog | 2022-03-23 | 10.0 HIGH | 9.8 CRITICAL |
| All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on. | |||||
| CVE-2022-26131 | 1 Hegemonelectronics | 2 Plc4trucks, Plc4trucks Firmware | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals. | |||||
| CVE-2022-25495 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-25498 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | |||||
| CVE-2022-25497 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | |||||
| CVE-2021-45792 | 1 Slims | 1 Senayan Library Management System | 2022-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | |||||
| CVE-2022-25494 | 1 Online Banking System Project | 1 Online Banking System | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php. | |||||
| CVE-2022-25489 | 1 Thedigitalcraft | 1 Atomcms | 2022-03-23 | 3.5 LOW | 5.4 MEDIUM |
| Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php. | |||||
| CVE-2022-25488 | 1 Thedigitalcraft | 1 Atomcms | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. | |||||
| CVE-2022-24072 | 1 Navercorp | 1 Whale | 2022-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. | |||||
| CVE-2022-25485 | 1 Cuppacms | 1 Cuppacms | 2022-03-23 | 6.8 MEDIUM | 7.8 HIGH |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | |||||
| CVE-2021-39711 | 1 Google | 1 Android | 2022-03-23 | 2.1 LOW | 4.4 MEDIUM |
| In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel | |||||
| CVE-2021-39710 | 1 Google | 1 Android | 2022-03-23 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A | |||||
| CVE-2021-39709 | 1 Google | 1 Android | 2022-03-23 | 7.2 HIGH | 7.8 HIGH |
| In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618 | |||||
| CVE-2021-39708 | 1 Google | 1 Android | 2022-03-23 | 10.0 HIGH | 9.8 CRITICAL |
| In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341 | |||||
| CVE-2022-27198 | 1 Jenkins | 1 Cloudbees Aws Credentials | 2022-03-23 | 6.0 MEDIUM | 8.0 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | |||||
| CVE-2021-39707 | 1 Google | 1 Android | 2022-03-23 | 7.2 HIGH | 7.8 HIGH |
| In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991 | |||||