Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-45557 Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-4199 The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-4295 The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-4299 The Metricool WordPress plugin before 1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-4309 The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSR... | 3.1 | LOW | — | 0 |
| CVE-2022-4320 The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be ... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-4431 The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contribut... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4442 The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored ... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-36238 Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-4449 The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4451 The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as c... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4460 The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a rol... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4464 Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4465 The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4469 The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4476 The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low a... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-54928 kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | 7.2 | HIGH | — | 0 |
| CVE-2022-4477 The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a ... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4478 The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a c... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4480 The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as co... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4481 The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4482 The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow user... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4483 The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as cont... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4484 The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which c... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-34246 wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c. | 7.5 | HIGH | — | 0 |
| CVE-2022-4486 The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as con... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4487 The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as co... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4507 The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4508 The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a con... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4544 The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contrib... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4547 The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitabl... | 7.2 | HIGH | — | 0 |
| CVE-2022-4549 The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-4571 The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a rol... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4578 The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a ro... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4648 The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4655 The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cros... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-4658 The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Script... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-46648 ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product... | 8.0 | HIGH | — | 0 |
| CVE-2023-22357 Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacke... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47318 ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product... | 8.0 | HIGH | — | 0 |
| CVE-2023-22278 m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when em... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-22279 MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remot... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-22280 MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remot... | 7.2 | HIGH | — | 0 |
| CVE-2023-22286 Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer Mobile... | 8.1 | HIGH | — | 0 |
| CVE-2023-22296 Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MA... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-22298 Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-22303 TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-22304 OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS c... | 8.0 | HIGH | — | 0 |
| CVE-2023-22316 Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH service... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-22366 CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary co... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.