Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0946 1 Showdoc 1 Showdoc 2022-03-18 3.5 LOW 5.4 MEDIUM
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
CVE-2022-26847 2 Debian, Spip 2 Debian Linux, Spip 2022-03-18 5.0 MEDIUM 5.3 MEDIUM
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
CVE-2022-25830 1 Samsung 1 Galaxy Watch 3 Plugin 2022-03-18 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log
CVE-2022-0822 1 Orchardcore 1 Orchardcore 2022-03-18 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVE-2022-0820 1 Orchardcore 1 Orchardcore 2022-03-18 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVE-2022-25829 1 Samsung 1 Watch Active2 Plugin 2022-03-18 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log
CVE-2022-25828 1 Samsung 1 Watch Active Plugin 2022-03-18 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log
CVE-2022-25827 1 Samsung 1 Galaxy Watch Plugin 2022-03-18 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log
CVE-2022-25826 1 Samsung 1 Galaxy Watch 3 Plugin 2022-03-18 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log
CVE-2022-25825 1 Samasung 1 Account 2022-03-18 2.1 LOW 5.5 MEDIUM
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.
CVE-2022-25824 1 Samsung 1 Bixby Touch 2022-03-18 2.1 LOW 3.3 LOW
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.
CVE-2022-25823 1 Samsung 1 Galaxy Watch Plugin 2022-03-18 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.
CVE-2022-25561 1 Tenda 2 Ax12, Ax12 Firmware 2022-03-18 7.8 HIGH 7.5 HIGH
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2022-25560 1 Tenda 2 Ax12, Ax12 Firmware 2022-03-18 7.8 HIGH 7.5 HIGH
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2022-25556 1 Tenda 2 Ax12, Ax12 Firmware 2022-03-18 7.8 HIGH 7.5 HIGH
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2022-25294 2 Microsoft, Proofpoint 2 Windows, Insider Threat Management 2022-03-18 7.2 HIGH 7.8 HIGH
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal.
CVE-2022-25244 1 Hashicorp 1 Vault 2022-03-18 4.0 MEDIUM 6.5 MEDIUM
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
CVE-2022-0821 1 Orchardcore 1 Orchardcore 2022-03-18 4.0 MEDIUM 6.5 MEDIUM
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVE-2022-0932 1 Saleor 1 Saleor 2022-03-18 4.0 MEDIUM 6.5 MEDIUM
Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.
CVE-2022-26846 2 Debian, Spip 2 Debian Linux, Spip 2022-03-18 6.5 MEDIUM 8.8 HIGH
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.