Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43166 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". | |||||
| CVE-2022-43165 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". | |||||
| CVE-2022-43164 | 1 Rukovoditel | 1 Rukovoditel | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". | |||||
| CVE-2022-3400 | 1 Bricksbuilder | 1 Bricks | 2022-10-28 | N/A | 6.5 MEDIUM |
| The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. | |||||
| CVE-2021-38733 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. | |||||
| CVE-2021-38732 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. | |||||
| CVE-2021-38731 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. | |||||
| CVE-2021-38730 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. | |||||
| CVE-2021-38729 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. | |||||
| CVE-2021-38728 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 6.1 MEDIUM |
| SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. | |||||
| CVE-2021-38217 | 1 Sem-cms | 1 Semcms | 2022-10-28 | N/A | 9.8 CRITICAL |
| SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | |||||
| CVE-2021-36863 | 1 Expresstech | 1 Quiz And Survey Master | 2022-10-28 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2021-36858 | 1 Themepoints | 1 Testimonials | 2022-10-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. | |||||
| CVE-2022-3018 | 1 Gitlab | 1 Gitlab | 2022-10-28 | N/A | 4.9 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | |||||
| CVE-2022-2882 | 1 Gitlab | 1 Gitlab | 2022-10-28 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | |||||
| CVE-2022-40875 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2022-10-28 | N/A | 7.5 HIGH |
| Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. | |||||
| CVE-2022-40874 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2022-10-28 | N/A | 7.5 HIGH |
| Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. | |||||
| CVE-2022-40965 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. | |||||
| CVE-2022-41555 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 5.4 MEDIUM |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. | |||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2022-10-28 | N/A | 8.8 HIGH |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | |||||