CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-0434 The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and aut... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0439 The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind S... | 8.8 | HIGH | — | 0 |
| CVE-2022-0440 The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even ... | 7.2 | HIGH | — | 0 |
| CVE-2022-0441 The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0442 The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrit... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-0445 The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a log... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-0448 The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilt... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-24468 Azure Site Recovery Remote Code Execution Vulnerability | 7.2 | HIGH | — | 0 |
| CVE-2022-0533 The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-0535 The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htm... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-4198 A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an ... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-4199 Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Secu... | 7.8 | HIGH | — | 0 |
| CVE-2022-0754 SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-0755 Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-0756 Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38988 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-38989 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-22351 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted ho... | 8.6 | HIGH | — | 0 |
| CVE-2022-24738 Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must ... | 8.1 | HIGH | — | 0 |
| CVE-2022-24469 Azure Site Recovery Elevation of Privilege Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2022-24737 HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming response... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36809 A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos ... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-43944 This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center all... | 7.2 | HIGH | — | 0 |
| CVE-2021-41541 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vuln... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-41542 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulne... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-41543 A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of a... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-44478 A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-24281 A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database b... | 7.2 | HIGH | — | 0 |
| CVE-2022-24282 A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects... | 7.2 | HIGH | — | 0 |
| CVE-2022-24408 A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used... | 7.8 | HIGH | — | 0 |
| CVE-2022-24661 A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. Thi... | 7.8 | HIGH | — | 0 |
| CVE-2022-25311 A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privi... | 7.3 | HIGH | — | 0 |
| CVE-2022-26313 A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26314 A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). I... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26317 A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not c... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-0877 Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-26337 Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafte... | 7.8 | HIGH | — | 0 |
| CVE-2021-41180 Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validat... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-41181 Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an atta... | 2.4 | LOW | — | 0 |
| CVE-2021-41239 Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This al... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-41241 Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows set... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-26319 An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-24713 regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted in... | 7.5 | HIGH | — | 0 |
| CVE-2022-24714 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables i... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-24715 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended direct... | 8.5 | HIGH | — | 0 |
| CVE-2022-24716 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server use... | 7.5 | HIGH | — | 0 |
| CVE-2022-24739 alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (... | 7.3 | HIGH | — | 0 |
| CVE-2022-25943 The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | 7.8 | HIGH | — | 0 |
| CVE-2022-0881 Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-0482 Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | 9.1 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.