Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2022-11-09 | N/A | 6.1 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | |||||
| CVE-2022-30545 | 1 5-anker | 1 5 Anker Connect | 2022-11-09 | N/A | 4.8 MEDIUM |
| Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress. | |||||
| CVE-2022-40206 | 1 Gvectors | 1 Wpforo Forum | 2022-11-09 | N/A | 4.3 MEDIUM |
| Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. | |||||
| CVE-2022-40205 | 1 Gvectors | 1 Wpforo Forum | 2022-11-09 | N/A | 4.3 MEDIUM |
| Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. | |||||
| CVE-2022-40632 | 1 Gvectors | 1 Wpforo Forum | 2022-11-09 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion. | |||||
| CVE-2022-40223 | 1 Searchwp | 1 Searchwp | 2022-11-09 | N/A | 4.3 MEDIUM |
| Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | |||||
| CVE-2022-43491 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2022-11-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. | |||||
| CVE-2022-43481 | 1 Rymera | 1 Advanced Coupons | 2022-11-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. | |||||
| CVE-2022-42494 | 1 Aioseo | 1 All In One Seo | 2022-11-09 | N/A | 6.5 MEDIUM |
| Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress. | |||||
| CVE-2022-41980 | 1 Webartesanal | 1 Mantenimiento Web | 2022-11-09 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimiento web plugin <= 0.13 on WordPress. | |||||
| CVE-2022-20448 | 1 Google | 1 Android | 2022-11-09 | N/A | 5.5 MEDIUM |
| In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-237540408 | |||||
| CVE-2022-41136 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2022-11-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | |||||
| CVE-2022-44741 | 1 Slidervilla | 1 Testimonial Slider | 2022-11-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | |||||
| CVE-2022-20447 | 1 Google | 1 Android | 2022-11-09 | N/A | 6.5 MEDIUM |
| In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233604485 | |||||
| CVE-2022-3537 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2022-11-08 | N/A | 8.8 HIGH |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP | |||||
| CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2022-11-08 | N/A | 5.5 MEDIUM |
| Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. | |||||
| CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2022-11-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | |||||
| CVE-2021-23239 | 4 Debian, Fedoraproject, Netapp and 1 more | 6 Debian Linux, Fedora, Cloud Backup and 3 more | 2022-11-08 | 1.9 LOW | 2.5 LOW |
| The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | |||||
| CVE-2022-38037 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-11-08 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38038, CVE-2022-38039. | |||||
| CVE-2022-37896 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2022-11-08 | N/A | 6.1 MEDIUM |
| A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | |||||