Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22791 | 1 Synel | 1 Eharmony | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system. | |||||
| CVE-2022-22790 | 1 Synel | 1 Eharmony | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the "Name" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload | |||||
| CVE-2021-41609 | 1 Classapps | 1 Selectsurvey.net | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection. | |||||
| CVE-2021-46511 | 1 Cesanta | 1 Mjs | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. | |||||
| CVE-2021-46517 | 1 Cesanta | 1 Mjs | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | |||||
| CVE-2021-46508 | 1 Cesanta | 1 Mjs | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. | |||||
| CVE-2021-46515 | 1 Cesanta | 1 Mjs | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | |||||
| CVE-2021-46514 | 1 Cesanta | 1 Mjs | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. | |||||
| CVE-2021-46504 | 1 Jsish | 1 Jsish | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0. | |||||
| CVE-2021-37531 | 1 Sap | 1 Netweaver Knowledge Management Xml Forms | 2022-02-02 | 9.0 HIGH | 8.8 HIGH |
| SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system. | |||||
| CVE-2021-33705 | 1 Sap | 1 Netweaver Portal | 2022-02-02 | 5.8 MEDIUM | 8.1 HIGH |
| The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability. | |||||
| CVE-2021-22809 | 1 Schneider-electric | 1 Guicon | 2022-02-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | |||||
| CVE-2021-22808 | 1 Schneider-electric | 1 Guicon | 2022-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | |||||
| CVE-2021-22807 | 1 Schneider-electric | 1 Guicon | 2022-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | |||||
| CVE-2022-23888 | 1 Yzmcms | 1 Yzmcms | 2022-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. | |||||
| CVE-2022-23979 | 1 Etoilewebdesign | 1 Ultimate Reviews | 2022-02-02 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). | |||||
| CVE-2022-23887 | 1 Yzmcms | 1 Yzmcms | 2022-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. | |||||
| CVE-2022-22868 | 1 Gibbonedu | 1 Gibbon | 2022-02-02 | 3.5 LOW | 4.8 MEDIUM |
| Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. | |||||
| CVE-2022-0329 | 2022-02-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-46383 | 1 Mingsoft | 1 Mcms | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ΒΆΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | |||||