Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33097 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. | |||||
| CVE-2022-31095 | 1 Discourse | 1 Discourse-chat | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin. | |||||
| CVE-2022-33096 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. | |||||
| CVE-2022-33095 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | |||||
| CVE-2022-33094 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. | |||||
| CVE-2022-33093 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. | |||||
| CVE-2022-33092 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. | |||||
| CVE-2022-33034 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. | |||||
| CVE-2022-33033 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. | |||||
| CVE-2022-33032 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. | |||||
| CVE-2022-33028 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. | |||||
| CVE-2022-33027 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. | |||||
| CVE-2022-33026 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | |||||
| CVE-2022-33025 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. | |||||
| CVE-2022-1596 | 1 Abb | 6 Rex640 Pcl1, Rex640 Pcl1 Firmware, Rex640 Pcl2 and 3 more | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. | |||||
| CVE-2022-26147 | 1 Quectel | 2 Rg502q-ea, Rg502q-ea Firmware | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
| The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. | |||||
| CVE-2022-34005 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | |||||
| CVE-2022-1833 | 1 Redhat | 1 Amq Broker | 2022-06-29 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack. | |||||
| CVE-2022-31083 | 1 Parseplatform | 1 Parse-server | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no known workarounds for this issue. | |||||
| CVE-2018-25044 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2018-25043 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2018-25042 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1665 | 1 Redhat | 1 Enterprise Linux | 2022-06-29 | 4.6 MEDIUM | 8.8 HIGH |
| A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | |||||
| CVE-2022-23342 | 1 Hyland | 1 Onbase | 2022-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems. | |||||
| CVE-2022-30874 | 1 Nukeviet | 1 Nukeviet | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. | |||||
| CVE-2022-33139 | 1 Siemens | 1 Wincc Open Architecture | 2022-06-29 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. | |||||
| CVE-2022-33119 | 1 Nuuo | 2 Nvrsolo, Nvrsolo Firmware | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. | |||||
| CVE-2022-32125 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. | |||||
| CVE-2022-32124 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. | |||||
| CVE-2022-32128 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. | |||||
| CVE-2022-32127 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. | |||||
| CVE-2022-32126 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. | |||||
| CVE-2022-32131 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. | |||||
| CVE-2022-32130 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. | |||||
| CVE-2022-32129 | 1 74cms | 1 74cmsse | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. | |||||
| CVE-2022-31374 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. | |||||
| CVE-2022-31373 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. | |||||
| CVE-2022-31306 | 1 F5 | 1 Njs | 2022-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. | |||||
| CVE-2022-31303 | 1 Maccms | 1 Maccms | 2022-06-29 | 3.5 LOW | 5.4 MEDIUM |
| maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | |||||
| CVE-2021-4156 | 1 Libsndfile Project | 1 Libsndfile | 2022-06-28 | 5.8 MEDIUM | 8.1 HIGH |
| An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | |||||
| CVE-2017-12562 | 1 Libsndfile Project | 1 Libsndfile | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2022-2246 | 2022-06-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-2174 | 1 Microweber | 1 Microweber | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. | |||||
| CVE-2022-23081 | 1 Openlibrary | 1 Openlibrary | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. | |||||
| CVE-2022-32159 | 1 Infogami | 1 Infogami | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS. | |||||
| CVE-2022-32973 | 1 Tenable | 1 Nessus | 2022-06-28 | 9.0 HIGH | 8.8 HIGH |
| An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | |||||
| CVE-2022-1614 | 1 Wp-email Project | 1 Wp-email | 2022-06-28 | 4.3 MEDIUM | 7.5 HIGH |
| The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. | |||||
| CVE-2022-1610 | 1 Seamless Donations Project | 1 Seamless Donations | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-31786 | 1 Ideaco | 1 Idealms | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO. | |||||
| CVE-2022-33995 | 1 Devolutions | 1 Remote Desktop Manager | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | |||||