110867 matches found
ROOT-OS-UBUNTU-2404-CVE-2022-50090 CVE-2022-50090 in rootio-linux - Patched by Root
Root has patched CVE-2022-50090 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2022-50551 CVE-2022-50551 in rootio-linux - Patched by Root
Root has patched CVE-2022-50551 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2022-50232 CVE-2022-50232 in rootio-linux - Patched by Root
Root has patched CVE-2022-50232 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2022-50380 CVE-2022-50380 in rootio-linux - Patched by Root
Root has patched CVE-2022-50380 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2022-2961 CVE-2022-2961 in rootio-linux - Patched by Root
Root has patched CVE-2022-2961 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2022-50240 CVE-2022-50240 in rootio-linux - Patched by Root
Root has patched CVE-2022-50240 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2022-4543 CVE-2022-4543 in rootio-linux - Patched by Root
Root has patched CVE-2022-4543 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
Mingsoft MCMS - SQL Injection
SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...
Zimbra Collaboration Suite < 8.8.15 - Improper Encoding
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...
UpdraftPlus < 1.22.9 - Cross-Site Scripting
The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...
WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...
WordPress WPB Show Core - Cross-Site Scripting
WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...
Shirne CMS 1.2.0 - Local File Inclusion
Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...
External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery
WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...
OpenCATS 0.9.6 - Cross-Site Scripting
OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch othe...
Microweber <1.2.12 - Stored Cross-Site Scripting
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...
WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...
HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. id: CVE-2022-26564 info: name: HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting author: alexrydzak severity: medium description: | HotelDru...