Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30045 | 1 Ezxml Project | 1 Ezxml | 2022-05-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. | |||||
| CVE-2022-29436 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code). | |||||
| CVE-2022-29435 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2022-05-25 | 5.8 MEDIUM | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. | |||||
| CVE-2022-23675 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 3.5 LOW | 4.8 MEDIUM |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-26400 | 1 Amd | 1 Cpu | 2022-05-25 | 2.1 LOW | 4.0 MEDIUM |
| AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | |||||
| CVE-2022-1753 | 1 Wowonder | 1 Wowonder | 2022-05-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public. | |||||
| CVE-2021-26364 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | |||||
| CVE-2021-26372 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||||
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2022-05-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | |||||
| CVE-2021-26352 | 1 Amd | 60 Ryzen 3 5300g, Ryzen 3 5300g Firmware, Ryzen 3 5300ge and 57 more | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | |||||
| CVE-2021-26390 | 1 Amd | 74 Athlon 300u, Athlon 300u Firmware, Ryzen 3 3200u and 71 more | 2022-05-25 | 4.9 MEDIUM | 6.2 MEDIUM |
| A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | |||||
| CVE-2022-23668 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manage that address this security vulnerability. | |||||
| CVE-2022-23670 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-30959 | 1 Jenkins | 1 Ssh | 2022-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-27442 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code. | |||||
| CVE-2022-30965 | 1 Jenkins | 1 Promoted Builds | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30967 | 1 Jenkins | 1 Selection Tasks | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-23659 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-30966 | 1 Jenkins | 1 Random String Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-0419 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-05-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | |||||
| CVE-2021-23266 | 1 Craftercms | 1 Crafter Cms | 2022-05-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. | |||||
| CVE-2022-30970 | 1 Jenkins | 1 Autocomplete Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-22484 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect, Linux Kernel and 1 more | 2022-05-25 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322. | |||||
| CVE-2021-33021 | 1 Xarrow | 1 Xarrow | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code. | |||||
| CVE-2021-30361 | 1 Checkpoint | 4 Gaia Os, Gaia Portal, Quantum Security Gateway and 1 more | 2022-05-25 | 6.9 MEDIUM | 6.7 MEDIUM |
| The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | |||||
| CVE-2022-30777 | 1 Parallels | 1 H-sphere | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | |||||
| CVE-2021-33001 | 1 Xarrow | 1 Xarrow | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. | |||||
| CVE-2022-30961 | 1 Jenkins | 1 Autocomplete Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30960 | 1 Jenkins | 1 Application Detector | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30962 | 1 Jenkins | 1 Global Variable String Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-1702 | 1 Sonicwall | 10 6200, 6200 Firmware, 6210 and 7 more | 2022-05-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | |||||
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-1062 | 1 Th23 | 1 Th23 Social | 2022-05-25 | 3.5 LOW | 4.8 MEDIUM |
| The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-23265 | 1 Craftercms | 1 Crafter Cms | 2022-05-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A logged-in and authenticated user with a Reviewer Role may lock a content item. | |||||
| CVE-2022-1728 | 1 Trudesk Project | 1 Trudesk | 2022-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||||
| CVE-2022-1726 | 1 Bootstrap-table | 1 Bootstrap Table | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties. | |||||
| CVE-2022-1559 | 1 Clipr | 1 Clipr | 2022-05-25 | 3.5 LOW | 4.8 MEDIUM |
| The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1557 | 1 Uleak-security-dashboard Project | 1 Uleak-security-dashboard | 2022-05-25 | 3.5 LOW | 5.4 MEDIUM |
| The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings | |||||
| CVE-2022-1512 | 1 Scrollrevealjs-effects Project | 1 Scrollrevealjs-effects | 2022-05-25 | 3.5 LOW | 4.8 MEDIUM |
| The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-26291 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-05-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. | |||||
| CVE-2018-5786 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-05-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | |||||
| CVE-2022-30050 | 1 Sir | 1 Gnuboard | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. | |||||
| CVE-2022-1216 | 1 Advanced Image Sitemap Project | 1 Advanced Image Sitemap | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2022-1217 | 1 Custom Tinymce Shortcode Button Project | 1 Custom Tinymce Shortcode Button | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2022-1265 | 1 Ait-pro | 1 Bulletproof Security | 2022-05-24 | 3.5 LOW | 4.8 MEDIUM |
| The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1267 | 1 Bmi Bmr Calculator Project | 1 Bmi Bmr Calculator | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1334 | 1 Wp Youtube Live Project | 1 Wp Youtube Live | 2022-05-24 | 3.5 LOW | 4.8 MEDIUM |
| The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1349 | 1 2code | 1 Wpqa Builder | 2022-05-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user. | |||||