Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25408 | 2022-02-28 | N/A | N/A | ||
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. | |||||
| CVE-2022-25407 | 2022-02-28 | N/A | N/A | ||
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. | |||||
| CVE-2022-25028 | 2022-02-28 | N/A | N/A | ||
| Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module. | |||||
| CVE-2022-23907 | 2022-02-28 | N/A | N/A | ||
| CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage. | |||||
| CVE-2022-23906 | 2022-02-28 | N/A | N/A | ||
| CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file. | |||||
| CVE-2022-0743 | 2022-02-28 | N/A | N/A | ||
| Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | |||||
| CVE-2021-36820 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36819 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36818 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36817 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36816 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36815 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36814 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36813 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36812 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36811 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-36810 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27000 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2022-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | |||||
| CVE-2022-0630 | 1 Mruby | 1 Mruby | 2022-02-28 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | |||||
| CVE-2021-27016 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27015 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27014 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27013 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27012 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27011 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27010 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27009 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-27008 | 2022-02-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-43545 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-30547 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-38506 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2022-23304 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2022-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | |||||
| CVE-2022-23303 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2022-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | |||||
| CVE-2022-24030 | 1 Insyde | 1 Insydeh2o | 2022-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |||||
| CVE-2021-45414 | 2022-02-28 | N/A | N/A | ||
| A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver. | |||||
| CVE-2022-0288 | 2 Ad Inserter Pro Project, Ad Inserter Project | 2 Ad Inserter Pro, Ad Inserter | 2022-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-40159 | 1 Autodesk | 1 Inventor | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files. | |||||
| CVE-2022-0279 | 1 Bologer | 1 Anycomment | 2022-02-28 | 3.5 LOW | 3.1 LOW |
| The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users | |||||
| CVE-2022-0255 | 1 Deliciousbrains | 1 Database Backup | 2022-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue | |||||
| CVE-2022-0252 | 1 Givewp | 1 Givewp | 2022-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0234 | 1 Pluginus | 1 Woocs | 2022-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-0313 | 1 Wow-estore | 1 Float Menu | 2022-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2021-26619 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2022-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users. | |||||
| CVE-2022-0228 | 1 Sygnoos | 1 Popup Builder | 2022-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection | |||||
| CVE-2022-0211 | 1 Getshieldsecurity | 1 Shield Security | 2022-02-28 | 3.5 LOW | 4.8 MEDIUM |
| The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2022-0199 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2022-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack | |||||
| CVE-2022-0186 | 1 Machothemes | 1 Image Photo Gallery Final Tiles Grid | 2022-02-28 | 3.5 LOW | 5.4 MEDIUM |
| The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard | |||||
| CVE-2011-2000 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." | |||||
| CVE-2011-1999 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." | |||||