Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43588 | 1 Dell | 1 Emc Data Protection Central | 2022-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2021-36349 | 1 Dell | 1 Emc Data Protection Central | 2022-01-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts. | |||||
| CVE-2022-22554 | 1 Dell | 1 Emc System Update | 2022-01-28 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. | |||||
| CVE-2021-40908 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2021-40907 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | |||||
| CVE-2021-40596 | 1 Online Learning System Project | 1 Online Learning System | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. | |||||
| CVE-2022-22296 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed. | |||||
| CVE-2022-0269 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-01-28 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. | |||||
| CVE-2021-45225 | 1 Coins-global | 1 Construction Cloud | 2022-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window). | |||||
| CVE-2021-25080 | 1 Crmperks | 1 Contact Form Entries | 2022-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry | |||||
| CVE-2021-25079 | 1 Crmperks | 1 Contact Form Entries | 2022-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page | |||||
| CVE-2021-45224 | 1 Coins-global | 1 Construction Cloud | 2022-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs. | |||||
| CVE-2021-45223 | 1 Coins-global | 1 Construction Cloud | 2022-01-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes. | |||||
| CVE-2021-25078 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2022-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. | |||||
| CVE-2021-45222 | 1 Coins-global | 1 Construction Cloud | 2022-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel. | |||||
| CVE-2021-23664 | 1 Isomorphic-git | 1 Cors-proxy | 2022-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. | |||||
| CVE-2021-25074 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2022-01-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | |||||
| CVE-2021-25045 | 1 Asgaros | 1 Asgaros Forum | 2022-01-28 | 6.5 MEDIUM | 7.2 HIGH |
| The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue | |||||
| CVE-2021-23236 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2022-01-28 | 7.8 HIGH | 7.5 HIGH |
| Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system. | |||||
| CVE-2021-25035 | 1 Revmakx | 1 Backup And Staging By Wp Time Capsule | 2022-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||