Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-37930 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2022-12-14 | N/A | 5.5 MEDIUM |
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. | |||||
CVE-2022-43780 | 1 Hp | 82 M2u75a, M2u75a Firmware, M2u76a and 79 more | 2022-12-14 | N/A | 7.5 HIGH |
Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. | |||||
CVE-2022-3933 | 1 G5theme | 1 Essential Real Estate | 2022-12-14 | N/A | 5.4 MEDIUM |
The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. | |||||
CVE-2022-38656 | 1 Hcltechsw | 1 Hcl Commerce | 2022-12-14 | N/A | 9.8 CRITICAL |
HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | |||||
CVE-2022-3935 | 1 Collne | 1 Welcart E-commerce | 2022-12-14 | N/A | 5.4 MEDIUM |
The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | |||||
CVE-2022-38661 | 1 Hcltechsw | 1 Hcl Workload Automation | 2022-12-14 | N/A | 7.1 HIGH |
HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | |||||
CVE-2021-3821 | 1 Hp | 1 Futuresmart 5 | 2022-12-14 | N/A | 9.8 CRITICAL |
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | |||||
CVE-2022-42445 | 1 Hcltechsw | 1 Hcl Launch | 2022-12-14 | N/A | 4.9 MEDIUM |
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. | |||||
CVE-2022-3862 | 1 Livemeshelementor | 1 Addons For Elementor | 2022-12-14 | N/A | 4.8 MEDIUM |
The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
CVE-2022-3609 | 1 Getyourguide Ticketing Project | 1 Getyourguide Ticketing | 2022-12-14 | N/A | 4.8 MEDIUM |
The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
CVE-2022-45043 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-12-14 | N/A | 8.8 HIGH |
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | |||||
CVE-2022-44532 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2022-12-14 | N/A | 6.5 MEDIUM |
An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
CVE-2022-3853 | 1 Supra-csv-parser Project | 1 Supra-csv-parser | 2022-12-14 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. | |||||
CVE-2022-44533 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2022-12-14 | N/A | 7.2 HIGH |
A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
CVE-2022-3919 | 1 Automattic | 1 Jetpack Crm | 2022-12-14 | N/A | 4.8 MEDIUM |
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
CVE-2022-37904 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2022-12-14 | N/A | 8.8 HIGH |
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | |||||
CVE-2022-3881 | 1 Wptools Project | 1 Wptools | 2022-12-14 | N/A | 5.7 MEDIUM |
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
CVE-2022-3880 | 1 Antihacker Project | 1 Antihacker | 2022-12-14 | N/A | 6.5 MEDIUM |
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
CVE-2022-3908 | 1 Helloprint | 1 Helloprint | 2022-12-14 | N/A | 6.1 MEDIUM |
The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
CVE-2022-3906 | 1 Whitestudio | 1 Easy Form Builder | 2022-12-14 | N/A | 4.8 MEDIUM |
The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |