Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32967 | 1 Realtek | 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more | 2022-11-29 | N/A | 2.1 LOW |
| RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | |||||
| CVE-2022-45329 | 1 Aerocms Project | 1 Aerocms | 2022-11-29 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-42109 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2022-11-29 | N/A | 9.8 CRITICAL |
| Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. | |||||
| CVE-2022-36137 | 1 Churchcrm | 1 Churchcrm | 2022-11-29 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. | |||||
| CVE-2022-36136 | 1 Churchcrm | 1 Churchcrm | 2022-11-29 | N/A | 4.8 MEDIUM |
| ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. | |||||
| CVE-2022-45224 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-29 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | |||||
| CVE-2022-45223 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-29 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | |||||
| CVE-2022-31877 | 1 Msi | 1 Center | 2022-11-29 | N/A | 8.8 HIGH |
| An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. | |||||
| CVE-2022-3850 | 1 Find And Replace All Project | 1 Find And Replace All | 2022-11-29 | N/A | 4.3 MEDIUM |
| The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack | |||||
| CVE-2022-3839 | 1 Analytics For Wp Project | 1 Analytics For Wp | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3834 | 1 Google Forms Project | 1 Google Forms | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3833 | 1 Thematosoup | 1 Fancier Author Box | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3831 | 1 Recaptcha Project | 1 Recaptcha | 2022-11-29 | N/A | 4.8 MEDIUM |
| The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3828 | 1 Video Thumbnails Project | 1 Video Thumbnails | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3824 | 1 Wp Admin Ui Customize Project | 1 Wp Admin Ui Customize | 2022-11-29 | N/A | 4.8 MEDIUM |
| The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3823 | 1 Beautiful-cookie-banner | 1 Beautiful Cookie Consent Banner | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3822 | 1 Tipsandtricks-hq | 1 Donations Via Paypal | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3689 | 1 Ibericode | 1 Html Forms | 2022-11-29 | N/A | 7.2 HIGH |
| The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | |||||
| CVE-2022-3610 | 1 Jeeng Push Notifications Project | 1 Jeeng Push Notifications | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3601 | 1 Image Hover Effects Css3 Project | 1 Image Hover Effects Css3 | 2022-11-29 | N/A | 4.8 MEDIUM |
| The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||