Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23391 | 1 Pybbs Project | 1 Pybbs | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box. | |||||
| CVE-2021-45005 | 1 Artifex | 1 Mujs | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. | |||||
| CVE-2021-46362 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | |||||
| CVE-2022-24924 | 1 Samsung | 1 Livewallpaperservice | 2022-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. | |||||
| CVE-2021-46361 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | |||||
| CVE-2022-24975 | 1 Git-scm | 1 Git | 2022-02-22 | 4.3 MEDIUM | 7.5 HIGH |
| The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. | |||||
| CVE-2021-23555 | 1 Vm2 Project | 1 Vm2 | 2022-02-22 | 10.0 HIGH | 9.8 CRITICAL |
| The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2021-20001 | 2 Debian, Skolelinux | 2 Debian Linux, Debian-edu-config | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | |||||
| CVE-2022-0214 | 1 Popup \| Custom Popup Builder Project | 1 Popup \| Custom Popup Builder | 2022-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog | |||||
| CVE-2022-24923 | 1 Samsung | 1 Searchwidget | 2022-02-22 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | |||||
| CVE-2000-0672 | 1 Apache | 1 Tomcat | 2022-02-22 | 5.0 MEDIUM | N/A |
| The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. | |||||
| CVE-2022-0208 | 1 Mappresspro | 1 Mappress | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0193 | 1 Really-simple-plugins | 1 Complianz | 2022-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-24587 | 1 Pluxml | 1 Pluxml | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2022-24585 | 1 Pluxml | 1 Pluxml | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. | |||||
| CVE-2022-24590 | 1 Backdropcms | 1 Backdrop | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | |||||
| CVE-2021-39079 | 1 Ibm | 1 Cognos Analytics Mobile | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215592. | |||||
| CVE-2022-22295 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter. | |||||
| CVE-2022-23335 | 1 Metinfo | 1 Metinfo | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter. | |||||