Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36664 | 1 Adiscon | 1 Password Manager For Iis | 2023-01-05 | N/A | 6.1 MEDIUM |
| Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter. | |||||
| CVE-2020-12069 | 1 Pilz | 1 Pmc | 2023-01-05 | N/A | 9.8 CRITICAL |
| In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), the password-hashing feature requires insufficient computational effort. | |||||
| CVE-2020-12067 | 1 Pilz | 1 Pmc | 2023-01-05 | N/A | 7.5 HIGH |
| In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password. | |||||
| CVE-2021-4281 | 1 Forthebadge | 1 For The Badge | 2023-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4733 | 1 Open-emr | 1 Openemr | 2023-01-05 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
| CVE-2019-9011 | 1 Pilz | 1 Pmc | 2023-01-05 | N/A | 5.3 MEDIUM |
| In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames. | |||||
| CVE-2022-24118 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-01-05 | N/A | 9.1 CRITICAL |
| Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6. | |||||
| CVE-2022-24119 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-01-05 | N/A | 9.8 CRITICAL |
| Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-24120 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-01-05 | N/A | 4.6 MEDIUM |
| Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2018-16135 | 1 Opera | 1 Opera Mini | 2023-01-05 | N/A | 6.5 MEDIUM |
| The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site. | |||||
| CVE-2022-4155 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-05 | N/A | 4.9 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database. | |||||
| CVE-2022-4154 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-05 | N/A | 4.9 MEDIUM |
| The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database. | |||||
| CVE-2022-4153 | 1 Contest-gallery | 1 Contest Gallery | 2023-01-05 | N/A | 6.5 MEDIUM |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | |||||
| CVE-2022-43931 | 1 Synology | 2 Router Manager, Vpn Plus Server | 2023-01-05 | N/A | 10.0 CRITICAL |
| Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2020-36627 | 1 Go-macaron | 1 I18n | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability. | |||||
| CVE-2020-36628 | 1 Android Processing Development Environment Project | 1 Android Processing Development Environment | 2023-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747. | |||||
| CVE-2022-4721 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 5.4 MEDIUM |
| Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-4719 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 9.8 CRITICAL |
| Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-4722 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 7.2 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-4723 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 6.5 MEDIUM |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||