Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44607 | 1 Thedaylightstudio | 1 Fuel Cms | 2022-03-03 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | |||||
| CVE-2021-44567 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | |||||
| CVE-2022-25329 | 2 Microsoft, Trendmicro | 4 Windows, Serverprotect, Serverprotect For Network Appliance Filer and 1 more | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. | |||||
| CVE-2022-24678 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2022-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. | |||||
| CVE-2022-24671 | 1 Trendmicro | 1 Antivirus | 2022-03-02 | 7.2 HIGH | 7.8 HIGH |
| A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-44566 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | |||||
| CVE-2021-44565 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. | |||||
| CVE-2022-0651 | 1 Veronalabs | 1 Wp Statistics | 2022-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | |||||
| CVE-2022-25418 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-03-02 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. | |||||
| CVE-2021-44663 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. | |||||
| CVE-2021-44662 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2022-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php. | |||||
| CVE-2022-22349 | 1 Ibm | 1 Sterling External Authentication Server | 2022-03-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. | |||||
| CVE-2022-25098 | 1 Ectouch | 1 Ectouch | 2022-03-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. | |||||
| CVE-2022-25330 | 2 Microsoft, Trendmicro | 4 Windows, Serverprotect, Serverprotect For Network Appliance Filer and 1 more | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. | |||||
| CVE-2022-25331 | 2 Microsoft, Trendmicro | 4 Windows, Serverprotect, Serverprotect For Network Appliance Filer and 1 more | 2022-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. | |||||
| CVE-2022-24633 | 1 Filecloud | 1 Filecloud | 2022-03-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths. | |||||
| CVE-2020-27467 | 1 Processwire | 1 Processwire | 2022-03-02 | 7.8 HIGH | 7.5 HIGH |
| A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | |||||
| CVE-2021-43724 | 1 Intelliants | 1 Subrion Cms | 2022-03-02 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | |||||
| CVE-2021-29656 | 1 Pexip | 1 Infinity Connect | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked. | |||||
| CVE-2022-25075 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||