Lucene search
K

110867 matches found

OSV
OSV
added yesterday3 views

ROOT-OS-UBUNTU-2404-CVE-2022-50090 CVE-2022-50090 in rootio-linux - Patched by Root

Root has patched CVE-2022-50090 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7.8CVSS5.4AI score0.00164EPSS
Exploits0
OSV
OSV
added yesterday4 views

ROOT-OS-UBUNTU-2404-CVE-2022-50551 CVE-2022-50551 in rootio-linux - Patched by Root

Root has patched CVE-2022-50551 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7.1CVSS7.9AI score0.00201EPSS
Exploits0
OSV
OSV
added yesterday3 views

ROOT-OS-UBUNTU-2404-CVE-2022-50232 CVE-2022-50232 in rootio-linux - Patched by Root

Root has patched CVE-2022-50232 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00169EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-OS-UBUNTU-2404-CVE-2022-50380 CVE-2022-50380 in rootio-linux - Patched by Root

Root has patched CVE-2022-50380 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00146EPSS
Exploits0
OSV
OSV
added yesterday3 views

ROOT-OS-UBUNTU-2404-CVE-2022-2961 CVE-2022-2961 in rootio-linux - Patched by Root

Root has patched CVE-2022-2961 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7CVSS8.1AI score0.00299EPSS
Exploits0
OSV
OSV
added yesterday2 views

ROOT-OS-UBUNTU-2404-CVE-2022-50240 CVE-2022-50240 in rootio-linux - Patched by Root

Root has patched CVE-2022-50240 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7.8CVSS5.4AI score0.00153EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-OS-UBUNTU-2404-CVE-2022-4543 CVE-2022-4543 in rootio-linux - Patched by Root

Root has patched CVE-2022-4543 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00954EPSS
Exploits1
Nuclei
Nuclei
added yesterday46 views

Mingsoft MCMS - SQL Injection

SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...

9.8CVSS7.3AI score0.0289EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday10 views

Zimbra Collaboration Suite < 8.8.15 - Improper Encoding

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

6.1CVSS7.1AI score0.3106EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday43 views

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

6.1CVSS6.4AI score0.07355EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday15 views

WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting

WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...

6.1CVSS6.2AI score0.01388EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday29 views

WordPress WPB Show Core - Cross-Site Scripting

WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

6.1CVSS6.4AI score0.00902EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday30 views

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7.3AI score0.37606EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday56 views

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

9.8CVSS7.4AI score0.04427EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday25 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02829EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday25 views

External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

6.5CVSS6.6AI score0.02878EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday30 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch othe...

6.1CVSS6.4AI score0.01333EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday34 views

Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

5.7CVSS6AI score0.01877EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday9 views

WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...

4.8CVSS5.8AI score0.00854EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday45 views

HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting

HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. id: CVE-2022-26564 info: name: HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting author: alexrydzak severity: medium description: | HotelDru...

6.1CVSS6.2AI score0.02708EPSS
Exploits1References5
Rows per page
Query Builder