Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0434 | 1 A3rev | 1 Page View Count | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks | |||||
| CVE-2021-44748 | 1 F-secure | 1 Safe | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. | |||||
| CVE-2022-0429 | 1 Cerber | 1 Wp Cerber Security\, Anti-spam \& Malware Scan | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. | |||||
| CVE-2022-0426 | 1 Adtribes | 1 Product Feed Pro For Woocommerce | 2022-03-11 | 3.5 LOW | 5.4 MEDIUM |
| The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2015-3269 | 2 Adobe, Hp | 2 Livecycle Data Services, Business Service Management | 2022-03-11 | 5.0 MEDIUM | N/A |
| Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2022-0766 | 1 Calibre-web Project | 1 Calibre-web | 2022-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17. | |||||
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. | |||||
| CVE-2022-0422 | 1 Videousermanuals | 1 White Label Cms | 2022-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-0420 | 1 Metagauss | 1 Registrationmagic | 2022-03-11 | 6.5 MEDIUM | 7.2 HIGH |
| The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks | |||||
| CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. | |||||
| CVE-2022-23954 | 1 Hp | 4 Probook 440 G8, Probook 440 G8 Firmware, Prodesk 405 G6 Small Form Factor and 1 more | 2022-03-11 | 2.1 LOW | 5.5 MEDIUM |
| Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | |||||
| CVE-2022-23955 | 1 Hp | 4 Probook 440 G8, Probook 440 G8 Firmware, Prodesk 405 G6 Small Form Factor and 1 more | 2022-03-11 | 2.1 LOW | 5.5 MEDIUM |
| Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | |||||
| CVE-2022-23957 | 1 Hp | 4 Probook 440 G8, Probook 440 G8 Firmware, Prodesk 405 G6 Small Form Factor and 1 more | 2022-03-11 | 2.1 LOW | 5.5 MEDIUM |
| Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | |||||
| CVE-2022-23958 | 1 Hp | 4 Probook 440 G8, Probook 440 G8 Firmware, Prodesk 405 G6 Small Form Factor and 1 more | 2022-03-11 | 2.1 LOW | 5.5 MEDIUM |
| Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | |||||
| CVE-2022-25044 | 1 Espruino | 1 Espruino | 2022-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. | |||||
| CVE-2022-25465 | 1 Espruino | 1 Espruino | 2022-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. | |||||
| CVE-2022-23232 | 1 Netapp | 1 Storagegrid | 2022-03-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale). | |||||
| CVE-2022-0869 | 1 Spirit-project | 1 Spirit | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. | |||||
| CVE-2021-3428 | 1 Linux | 1 Linux Kernel | 2022-03-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. | |||||
| CVE-2021-20319 | 1 Redhat | 1 Coreos-installer | 2022-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. | |||||