‼ CVE-2022-35726 ‼
📖 Read
via "National Vulnerability Database".
Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29476 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36285 ‼
📖 Read
via "National Vulnerability Database".
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3701 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3724 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36288 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34648 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3670 ‼
📖 Read
via "National Vulnerability Database".
MaxQueryDuration not honoured in Samba AD DC LDAP📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3771 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36282 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36347 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36394 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-36292 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38663 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36379 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37113 ‼
📖 Read
via "National Vulnerability Database".
Bluecms 1.6 has SQL injection in line 132 of admin/area.php📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36405 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37428 ‼
📖 Read
via "National Vulnerability Database".
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38664 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36389 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38665 ‼
📖 Read
via "National Vulnerability Database".
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".