All CVEs — 2022 (Page 6/183)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2022-12-22

High

CVE-2022-28288

Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98. Some of these bugs showed evidence of memory…

CVSS: 8.8 CWE: CWE-787

Medium

CVE-2022-28287

In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99.

CVSS: 6.5 CWE: CWE-664

Medium

CVE-2022-28286

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firef…

CVSS: 5.4 CWE: CWE-1021

Medium

CVE-2022-28285

When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds…

CVSS: 6.5 CWE: CWE-125

High

CVE-2022-28284

SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other bro…

CVSS: 8.8 CWE: CWE-116

Medium

CVE-2022-28283

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerabil…

CVSS: 6.5 CWE: CWE-552

Medium

CVE-2022-28282

By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed poi…

CVSS: 6.5 CWE: CWE-416

High

CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption…

CVSS: 8.8 CWE: CWE-787

Critical

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affec…

CVSS: 9.6 CWE: CWE-416

High

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.…

CVSS: 8.8 CWE: CWE-416

High

CVE-2022-26387

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox woul…

CVSS: 7.5 CWE: CWE-367

Medium

CVE-2022-26386

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they…

CVSS: 6.5 CWE: CWE-377

Medium

CVE-2022-26385

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability af…

CVSS: 6.5 CWE: CWE-416

Critical

CVE-2022-26384

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to Ja…

CVSS: 9.6 CWE: CWE-693

Medium

CVE-2022-26383

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVSS: 4.3 CWE: CWE-451

Medium

CVE-2022-26382

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could ha…

CVSS: 4.3 CWE: CWE-203

High

CVE-2022-26381

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and T…

CVSS: 8.8 CWE: CWE-416

High

CVE-2022-22764

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we pres…

CVSS: 8.8 CWE: CWE-787

High

CVE-2022-22763

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6,…

CVSS: 8.8 CWE: CWE-362

Medium

CVE-2022-22762

Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. *This bug only…

CVSS: 4.3 CWE: CWE-451

High

CVE-2022-22761

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This…

CVSS: 8.8 CWE: CWE-693

Medium

CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused…

CVSS: 6.5 CWE: CWE-209

Critical

CVE-2022-22759

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler…

CVSS: 9.6 CWE: CWE-693

High

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this…

CVSS: 8.8 CWE: CWE-319

Medium

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. *This bug only affected…

CVSS: 6.5 CWE: CWE-346

High

CVE-2022-22756

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after th…

CVSS: 8.8 CWE: CWE-94

High

CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was…

CVSS: 8.8 CWE: CWE-672

Medium

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. T…

CVSS: 6.5 CWE: CWE-863

High

CVE-2022-22753

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTE…

CVSS: 7.1 CWE: CWE-367

High

CVE-2022-22752

Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…

CVSS: 8.8 CWE: CWE-787

High

CVE-2022-22751

Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and…

CVSS: 8.8 CWE: CWE-787

Medium

CVE-2022-22749

When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content. *This bug only affects Firefox for Android. Other operating systems are una…

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2022-22748

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Fire…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2022-22747

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability a…

CVSS: 6.5 CWE: CWE-295

Medium

CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed. *This bug only affects Firefox for Windows. Other oper…

CVSS: 5.9 CWE: CWE-362

Medium

CVE-2022-22745

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVSS: 6.5 CWE: CWE-200

High

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt. *Thi…

CVSS: 8.8 CWE: CWE-116

Medium

CVE-2022-22742

When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox…

CVSS: 6.5 CWE: CWE-125

High

CVE-2022-22740

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affe…

CVSS: 8.8 CWE: CWE-416

High

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR <…

CVSS: 8.8 CWE: CWE-787

High

CVE-2022-22737

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulne…

CVSS: 7.5 CWE: CWE-362

High

CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not…

CVSS: 7.0 CWE: CWE-427

Medium

CVE-2022-22461

IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.

CVSS: 5.9 CWE: CWE-327

Critical

CVE-2022-1887

The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been u…

CVSS: 6.5 CWE: CWE-295

High

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged cont…

CVSS: 8.8 CWE: CWE-1321

High

CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled Ja…

CVSS: 8.8 CWE: CWE-1321

Medium

CVE-2022-1520

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After openin…

CVSS: 4.3 CWE: CWE-346

Medium

CVE-2022-1197

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as…

CVSS: 5.4 CWE: CWE-295

Medium

CVE-2022-1196

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Fi…

CVSS: 6.5 CWE: CWE-416

Medium

CVE-2022-1097

<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. Thi…

CVSS: 6.5 CWE: CWE-416

High

CVE-2022-0843

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that w…

CVSS: 8.8 CWE: CWE-787

High

CVE-2022-0566

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird…

CVSS: 8.8 CWE: CWE-787

High

CVE-2022-0517

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vul…

CVSS: 7.8 CWE: CWE-434

High

CVE-2022-0511

Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96.…

CVSS: 8.8 CWE: CWE-787

Medium

CVE-2021-4221

If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. *This bug only affects Firef…

CVSS: 4.3 CWE: CWE-1007

Critical

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVSS: 10.0 CWE: CWE-91

Critical

CVE-2021-4129

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t…

CVSS: 9.8 CWE: CWE-787

Medium

CVE-2021-4128

When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash. *This bug only affects Firefox…

CVSS: 6.5 CWE: CWE-416

High

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

CVSS: 8.8 CWE: CWE-77

High

CVE-2020-15679

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as…

CVSS: 7.6 CWE: CWE-384

High

CVE-2022-46170

CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseH…

CVSS: 8.6 CWE: CWE-287

High

CVE-2022-23556

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade…

CVSS: 7.0 CWE: CWE-345

Medium

CVE-2022-23540

In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for sign…

CVSS: 6.4 CWE: CWE-287

Critical

CVE-2022-47926

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php

CVSS: 9.8 CWE: CWE-88

Critical

CVE-2022-46102

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php

CVSS: 9.8 CWE: CWE-434

High

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.

CVSS: 8.8 CWE: CWE-94

Medium

CVE-2022-23541

jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `…

CVSS: 5.0 CWE: CWE-287

Medium

CVE-2022-44510

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL ref…

CVSS: 5.4 CWE: CWE-79

Critical

CVE-2022-45966

here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.

CVSS: 9.8 CWE: CWE-434

Medium

CVE-2022-47896

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

CVSS: 5.0 CWE: CWE-1336

Medium

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

CVSS: 4.7 CWE: CWE-319

Critical

CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute…

CVSS: 9.8 CWE: CWE-459

Medium

CVE-2022-41697

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can…

CVSS: 5.3 CWE: CWE-204

Medium

CVE-2022-41654

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attac…

CVSS: 4.3 CWE: CWE-284

Medium

CVE-2020-36625

A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request fo…

CVSS: 4.3 CWE: CWE-863

Medium

CVE-2020-36624

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation…

CVSS: 6.3 CWE: CWE-1022

Medium

CVE-2022-25948

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9…

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2022-4647

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-4646

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2022-43271

Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting (XSS) vulnerability via the User profile component.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2021-43657

A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2021-36631

Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS: 6.7 CWE: CWE-427

Medium

CVE-2022-4644

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.

CVSS: 6.1 CWE: CWE-601

2022-12-21

Medium

CVE-2022-3189

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the ho…

CVSS: 5.3 CWE: CWE-918

Medium

CVE-2022-3188

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the dev…

CVSS: 5.3 CWE: CWE-863

Medium

CVE-2022-3187

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages…

CVSS: 5.3 CWE: CWE-285

High

CVE-2022-3186

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature e…

CVSS: 8.6 CWE: CWE-284

Medium

CVE-2022-3185

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.

CVSS: 5.3 CWE: CWE-200

Critical

CVE-2022-3184

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory trav…

CVSS: 9.8 CWE: CWE-22

Critical

CVE-2022-3183

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS comma…

CVSS: 9.8 CWE: CWE-78

Medium

CVE-2022-4643

A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument p…

CVSS: 6.3 CWE: CWE-78

Low

CVE-2022-4642

A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is…

CVSS: 3.5 CWE: CWE-707

Low

CVE-2022-4641

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.jav…

CVSS: 2.5 CWE: CWE-377

Low

CVE-2022-4640

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cr…

CVSS: 3.5 CWE: CWE-707

Medium

CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the…

CVSS: 5.6 CWE: CWE-119

Low

CVE-2022-4638

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The ma…

CVSS: 3.5 CWE: CWE-707

Low

CVE-2022-4637

A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack rem…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2021-4275

A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible t…

CVSS: 4.3 CWE: CWE-863

High

CVE-2022-46334

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.

CVSS: 7.8 CWE: CWE-269

Medium

CVE-2022-23551

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates…

CVSS: 5.3 CWE: CWE-863

Medium

CVE-2022-4633

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Setti…

CVSS: 4.3 CWE: CWE-352

Low

CVE-2022-4632

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site script…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2022-4631

A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible…

CVSS: 3.5 CWE: CWE-707

Medium

CVE-2022-46096

A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2022-46095

Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the txtvaccin…

CVSS: 6.1 CWE: CWE-79

High

CVE-2022-36222

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.

CVSS: 8.4 CWE: CWE-798

Medium

CVE-2022-36221

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system.

CVSS: 6.5 CWE: CWE-22

Low

CVE-2021-4274

A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument…

CVSS: 3.5 CWE: CWE-707

Medium

CVE-2021-4273

A vulnerability classified as problematic was found in studygolang. This vulnerability affects the function Search of the file http/controller/search.go. The manipulation of the argument q leads to c…

CVSS: 4.3 CWE: CWE-707

Low

CVE-2021-4272

A vulnerability classified as problematic has been found in studygolang. This affects an unknown part of the file static/js/topics.js. The manipulation of the argument contentHtml leads to cross site…

CVSS: 3.5 CWE: CWE-707

Low

CVE-2021-4271

A vulnerability was found in panicsteve w2wiki. It has been rated as problematic. Affected by this issue is the function toHTML of the file index.php of the component Markdown Handler. The manipulati…

CVSS: 3.5 CWE: CWE-707

Low

CVE-2021-4270

A vulnerability was found in Imprint CMS. It has been classified as problematic. Affected is the function SearchForm of the file ImprintCMS/Models/ViewHelpers.cs. The manipulation of the argument que…

CVSS: 3.5 CWE: CWE-707

Low

CVE-2021-4269

A vulnerability has been found in SimpleRisk and classified as problematic. This vulnerability affects the function checkAndSetValidation of the file simplerisk/js/common.js. The manipulation of the…

CVSS: 3.5 CWE: CWE-707

Medium

CVE-2021-4268

A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to in…

CVSS: 4.3 CWE: CWE-863

Low

CVE-2021-4267

A vulnerability classified as problematic was found in tad_discuss. Affected by this vulnerability is an unknown functionality. The manipulation of the argument DiscussTitle leads to cross site scrip…

CVSS: 3.5 CWE: CWE-707

Low

CVE-2021-4266

A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPack…

CVSS: 3.5 CWE: CWE-707

Low

CVE-2021-4265

A vulnerability was found in siwapp-ror. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remo…

CVSS: 3.5 CWE: CWE-707

Medium

CVE-2021-4264

A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modificatio…

CVSS: 6.3 CWE: CWE-1321

Low

CVE-2021-4263

A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argumen…

CVSS: 3.5 CWE: CWE-79