Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40637 | 1 Os4ed | 1 Opensis | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. | |||||
| CVE-2022-23899 | 1 Mingsoft | 1 Mcms | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. | |||||
| CVE-2022-23898 | 1 Mingsoft | 1 Mcms | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | |||||
| CVE-2022-25125 | 1 Mingsoft | 1 Mcms | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. | |||||
| CVE-2022-0753 | 1 Hestiacp | 1 Control Panel | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | |||||
| CVE-2022-24573 | 1 Element-it | 1 Http Commander | 2022-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | |||||
| CVE-2022-0528 | 1 Transloadit | 1 Uppy | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository transloadit/uppy prior to 3.3.1. | |||||
| CVE-2022-25471 | 1 Open-emr | 1 Openemr | 2022-03-09 | 5.5 MEDIUM | 8.1 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. | |||||
| CVE-2021-4076 | 1 Tang Project | 1 Tang | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | |||||
| CVE-2021-3716 | 2 Nbdkit Project, Redhat | 2 Nbdkit, Enterprise Linux | 2022-03-09 | 3.5 LOW | 3.1 LOW |
| A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-22909 | 1 Digitaldruid | 1 Hoteldruid | 2022-03-09 | 6.5 MEDIUM | 8.8 HIGH |
| HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. | |||||
| CVE-2022-24563 | 1 Metalgenix | 1 Genixcms | 2022-03-09 | 3.5 LOW | 5.4 MEDIUM |
| In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | |||||
| CVE-2022-25634 | 1 Qt | 1 Qt | 2022-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. | |||||
| CVE-2022-24030 | 1 Insyde | 1 Insydeh2o | 2022-03-09 | 6.9 MEDIUM | 7.5 HIGH |
| An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2022-03-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | |||||
| CVE-2022-24306 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. | |||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | |||||
| CVE-2022-23779 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. | |||||
| CVE-2022-25050 | 1 Rtl 433 Project | 1 Rlt 433 | 2022-03-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2021-45863 | 1 Tsmuxer Project | 1 Tsmuxer | 2022-03-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. | |||||