Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25008 | 1 Codesnippets | 1 Code Snippets | 2022-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24936 | 1 Wp Extra File Types Project | 1 Wp Extra File Types | 2022-01-27 | 6.0 MEDIUM | 8.0 HIGH |
| The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks | |||||
| CVE-2021-24865 | 1 Acf-extended | 1 Advanced Custom Fields\ | 2022-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue | |||||
| CVE-2021-24858 | 1 Accesspressthemes | 1 Wp Cookie User Info | 2022-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection | |||||
| CVE-2021-24696 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2022-01-27 | 6.8 MEDIUM | 8.8 HIGH |
| The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log disclosure vulnerability (fixed in 3.9.6), 2) delete logs (fixed in 3.9.9), 3) remove thumbnail image from downloads | |||||
| CVE-2021-24694 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2022-01-27 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) "color" or "css_class" argument of sdm_download shortcode, 2) "class" or "placeholder" argument of sdm_search_form shortcode. | |||||
| CVE-2020-19860 | 1 Nlnetlabs | 1 Ldns | 2022-01-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload. | |||||
| CVE-2021-24423 | 1 Updraftplus | 1 Updraftplus | 2022-01-27 | 3.5 LOW | 4.8 MEDIUM |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-21933 | 1 Asus | 26 Pa90, Pa90 Firmware, Pb50 and 23 more | 2022-01-27 | 7.2 HIGH | 7.8 HIGH |
| ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. | |||||
| CVE-2022-23857 | 1 Navidrome | 1 Navidrome | 2022-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords). | |||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | |||||
| CVE-2021-45380 | 1 Appcms | 1 Appcms | 2022-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php | |||||
| CVE-2022-23119 | 2 Linux, Trendmicro | 2 Linux Kernel, Deep Security Agent | 2022-01-27 | 4.3 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability. | |||||
| CVE-2022-23120 | 2 Linux, Trendmicro | 2 Linux Kernel, Deep Security Agent | 2022-01-27 | 6.9 MEDIUM | 7.8 HIGH |
| A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability. | |||||
| CVE-2021-4103 | 1 B3log | 1 Vditor | 2022-01-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. | |||||
| CVE-2021-4172 | 1 Showdoc | 1 Showdoc | 2022-01-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. | |||||
| CVE-2021-41550 | 1 Leostream | 1 Connection Broker | 2022-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. | |||||
| CVE-2021-46482 | 1 Jsish | 1 Jsish | 2022-01-27 | 6.8 MEDIUM | 7.8 HIGH |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c. | |||||
| CVE-2021-46483 | 1 Jsish | 1 Jsish | 2022-01-27 | 6.8 MEDIUM | 7.8 HIGH |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c. | |||||
| CVE-2021-46481 | 1 Jsish | 1 Jsish | 2022-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c. | |||||