Medium
CVE-2021-4235
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Read moreUncategorized 2022
Page 1/27.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2022-12-27
Critical
CVE-2022-4719
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.
Read more2022-12-26
Medium
CVE-2018-16135
The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site.
Read moreMedium
CVE-2019-13988
Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing).
Read moreHigh
CVE-2022-4268
The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Read moreMedium
CVE-2022-4267
The Bulk Delete Users by Email WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Read moreMedium
CVE-2022-4266
The Bulk Delete Users by Email WordPress plugin through 1.2 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete non admin users by knowing their…
Read moreMedium
CVE-2022-4243
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev…
Read moreMedium
CVE-2022-4239
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_ser…
Read moreMedium
CVE-2022-4227
The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some U…
Read moreMedium
CVE-2022-4226
The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scr…
Read moreMedium
CVE-2022-4197
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…
Read moreMedium
CVE-2022-4166
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_acti…
Read moreMedium
CVE-2022-4165
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-c…
Read moreMedium
CVE-2022-4164
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an SQ…
Read moreMedium
CVE-2022-4163
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to a…
Read moreMedium
CVE-2022-4162
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-ord…
Read moreMedium
CVE-2022-4160
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-c…
Read moreMedium
CVE-2022-4159
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-g…
Read moreHigh
CVE-2022-4158
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-…
Read moreMedium
CVE-2022-4157
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in exp…
Read moreHigh
CVE-2022-4156
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-fun…
Read moreMedium
CVE-2022-4155
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in manage…
Read moreMedium
CVE-2022-4154
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users…
Read moreMedium
CVE-2022-4153
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-dat…
Read moreMedium
CVE-2022-4152
The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-optio…
Read moreMedium
CVE-2022-4150
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-…
Read moreCritical
CVE-2022-4120
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challe…
Read moreCritical
CVE-2022-4117
The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL i…
Read moreMedium
CVE-2022-4110
The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Read moreCritical
CVE-2022-4047
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow…
Read moreMedium
CVE-2022-4042
The Paytium: Mollie payment forms & donations WordPress plugin before 4.3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored C…
Read moreMedium
CVE-2022-3840
The Login for Google Apps WordPress plugin before 3.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
Read moreMedium
CVE-2022-3835
The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…
Read moreHigh
CVE-2021-24942
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execut…
Read moreHigh
CVE-2021-35954
fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (S…
Read moreHigh
CVE-2021-35953
fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value.
Read moreMedium
CVE-2021-35952
fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017.
Read moreHigh
CVE-2021-35951
fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device.
Read more2022-12-23
Medium
CVE-2022-43381
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.
Read moreMedium
CVE-2022-43380
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.
Read moreMedium
CVE-2022-4698
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output es…
Read moreMedium
CVE-2022-4697
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient inpu…
Read moreMedium
CVE-2022-47524
F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack.
Read more2022-12-22
High
CVE-2022-3805
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users…
Read moreMedium
CVE-2022-3794
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonc…
Read moreMedium
CVE-2022-36317
When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox fo…
Read moreMedium
CVE-2022-22750
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged proc…
Read moreMedium
CVE-2022-22743
When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ES…
Read moreHigh
CVE-2022-22741
When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 9…
Read moreMedium
CVE-2022-22739
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Read moreCritical
CVE-2021-4127
An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.
Read moreMedium
CVE-2021-4126
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the…
Read more2022-12-21
High
CVE-2022-4287
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application.
Read moreHigh
CVE-2022-47581
Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request.
Read more2022-12-20
High
CVE-2022-46321
The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.
Read moreMedium
CVE-2022-46318
The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.
Read moreMedium
CVE-2022-43382
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.
Read moreHigh
CVE-2022-41599
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.
Read moreHigh
CVE-2022-38733
OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.
Read moreHigh
CVE-2022-46914
An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted…
Read moreHigh
CVE-2022-46912
An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted f…
Read moreHigh
CVE-2022-46910
An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via upload…
Read moreHigh
CVE-2022-46435
An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploa…
Read moreHigh
CVE-2022-46434
An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware ima…
Read moreHigh
CVE-2022-46432
An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and by…
Read moreHigh
CVE-2022-46424
An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-…
Read moreMedium
CVE-2022-4619
The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input…
Read moreHigh
CVE-2022-47577
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory car…
Read more2022-12-19
Low
CVE-2022-4610
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. T…
Read moreMedium
CVE-2022-4112
The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w…
Read moreMedium
CVE-2022-4108
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file fr…
Read moreMedium
CVE-2022-4107
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated…
Read moreHigh
CVE-2022-4061
The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.
Read moreMedium
CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XS…
Read moreCritical
CVE-2022-4050
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
Read moreMedium
CVE-2022-3986
The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as l…
Read moreMedium
CVE-2022-3985
The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo…
Read moreMedium
CVE-2022-3984
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as…
Read moreMedium
CVE-2022-3983
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo…
Read moreMedium
CVE-2022-3937
The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Read moreMedium
CVE-2022-3832
The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack…
Read moreLow
CVE-2021-4258
A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext tra…
Read more2022-12-16
Medium
CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP…
Read moreMedium
CVE-2022-20531
In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure wi…
Read moreMedium
CVE-2022-4555
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This…
Read more2022-12-15
Medium
CVE-2022-4519
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escap…
Read moreHigh
CVE-2022-3427
The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings…
Read moreHigh
CVE-2022-2536
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient…
Read more2022-12-14
High
CVE-2022-4501
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it poss…
Read moreHigh
CVE-2022-31700
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range wi…
Read moreCritical
CVE-2022-46609
Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulne…
Read more2022-12-13
Medium
CVE-2022-4207
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficien…
Read moreMedium
CVE-2022-4171
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characte…
Read moreHigh
CVE-2022-47213
Microsoft Office Graphics Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-47212
Microsoft Office Graphics Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-47211
Microsoft Office Graphics Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-44710
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-44708
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-44707
Windows Kernel Denial of Service Vulnerability
Read moreHigh
CVE-2022-44704
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-44702
Windows Terminal Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-44699
Azure Network Watcher Agent Security Feature Bypass Vulnerability
Read moreMedium
CVE-2022-44698
Windows SmartScreen Security Feature Bypass Vulnerability
Read moreHigh
CVE-2022-44697
Windows Graphics Component Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-44696
Microsoft Office Visio Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-44695
Microsoft Office Visio Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-44694
Microsoft Office Visio Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-44693
Microsoft SharePoint Server Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-44692
Microsoft Office Graphics Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-44691
Microsoft Office OneNote Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-44690
Microsoft SharePoint Server Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-44688
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Read moreHigh
CVE-2022-44687
Raw Image Extension Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-44682
Windows Hyper-V Denial of Service Vulnerability
Read moreHigh
CVE-2022-44681
Windows Print Spooler Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-44680
Windows Graphics Component Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-44679
Windows Graphics Component Information Disclosure Vulnerability
Read moreHigh
CVE-2022-44678
Windows Print Spooler Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-44677
Windows Projected File System Elevation of Privilege Vulnerability
Read more