Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4720 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-45414 | 1 Mozilla | 1 Thunderbird | 2023-01-05 | N/A | 8.1 HIGH |
| If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1. | |||||
| CVE-2021-24942 | 1 Menu Item Visibility Control Project | 1 Menu Item Visibility Control | 2023-01-05 | N/A | 7.2 HIGH |
| The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. | |||||
| CVE-2022-3835 | 1 Kwayyinfotech | 1 Kwayy Html Sitemap | 2023-01-05 | N/A | 4.8 MEDIUM |
| The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3840 | 1 Wp-glogin | 1 Login For Google Apps | 2023-01-05 | N/A | 4.8 MEDIUM |
| The Login for Google Apps WordPress plugin before 3.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4695 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4694 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4691 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-45412 | 4 Apple, Google, Linux and 1 more | 6 Macos, Android, Linux Kernel and 3 more | 2023-01-05 | N/A | 8.8 HIGH |
| When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-4110 | 1 Eventify Project | 1 Eventify | 2023-01-05 | N/A | 4.8 MEDIUM |
| The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-2226 | 1 Mozilla | 1 Thunderbird | 2023-01-05 | N/A | 6.5 MEDIUM |
| An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11. | |||||
| CVE-2022-45197 | 1 Slixmpp Project | 1 Slixmpp | 2023-01-05 | N/A | 7.5 HIGH |
| Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. | |||||
| CVE-2022-46584 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-05 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_deny (sub_415D7C) function. | |||||
| CVE-2022-47926 | 1 Ayacms Project | 1 Ayacms | 2023-01-05 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php | |||||
| CVE-2022-46102 | 1 Ayacms Project | 1 Ayacms | 2023-01-05 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | |||||
| CVE-2022-46101 | 1 Ayacms Project | 1 Ayacms | 2023-01-05 | N/A | 8.8 HIGH |
| AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. | |||||
| CVE-2022-46336 | 2023-01-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | |||||
| CVE-2022-46335 | 2023-01-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | |||||
| CVE-2021-25223 | 2023-01-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | |||||
| CVE-2021-25222 | 2023-01-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | |||||