CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-32987 Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted p... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-2147 Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.1... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-32391 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32392 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32393 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32394 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3 | 8.8 | HIGH | — | 0 |
| CVE-2022-21231 All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7715](https://security.snyk... | 7.5 | HIGH | — | 0 |
| CVE-2022-32395 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32396 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32397 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32398 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32399 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32400 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4. | 7.2 | HIGH | — | 0 |
| CVE-2022-1573 The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them | 4.3 | MEDIUM | — | 0 |
| CVE-2022-32401 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32402 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32403 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2022-32404 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3 | 8.8 | HIGH | — | 0 |
| CVE-2022-32405 Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4 | 8.8 | HIGH | — | 0 |
| CVE-2017-20092 A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site s... | 3.5 | LOW | — | 0 |
| CVE-2022-1321 The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javas... | 4.8 | MEDIUM | — | 0 |
| CVE-2017-20094 A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Per... | 3.5 | LOW | — | 0 |
| CVE-2017-20095 A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | 6.3 | MEDIUM | — | 0 |
| CVE-2017-20096 A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to ... | 3.5 | LOW | — | 0 |
| CVE-2017-20097 A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross si... | 3.5 | LOW | — | 0 |
| CVE-2022-1965 Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file r... | 8.1 | HIGH | — | 0 |
| CVE-2022-31802 In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1326 The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks ev... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-31803 In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users o... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-31804 The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash o... | 7.5 | HIGH | — | 0 |
| CVE-2022-31805 In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | 7.5 | HIGH | — | 0 |
| CVE-2022-31806 In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32136 In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not requi... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-32137 In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User i... | 8.8 | HIGH | — | 0 |
| CVE-2022-32138 In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | 8.8 | HIGH | — | 0 |
| CVE-2022-32139 In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-32140 Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-32141 Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a den... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-32142 Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write ac... | 8.1 | HIGH | — | 0 |
| CVE-2021-42056 Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrar... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-32143 In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller on... | 8.8 | HIGH | — | 0 |
| CVE-2021-41634 A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41635 When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire... | 8.8 | HIGH | — | 0 |
| CVE-2021-41636 MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-41637 Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all... | 7.1 | HIGH | — | 0 |
| CVE-2021-41638 The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | 7.5 | HIGH | — | 0 |
| CVE-2021-41639 MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-30885 The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32530 A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a m... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-40892 A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.