โผ CVE-2022-36288 โผ
๐ Read
via "National Vulnerability Database".
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34648 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3670 โผ
๐ Read
via "National Vulnerability Database".
MaxQueryDuration not honoured in Samba AD DC LDAP๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3771 โผ
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36282 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36347 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36394 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2022-36292 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38663 โผ
๐ Read
via "National Vulnerability Database".
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36379 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37113 โผ
๐ Read
via "National Vulnerability Database".
Bluecms 1.6 has SQL injection in line 132 of admin/area.php๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36405 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37428 โผ
๐ Read
via "National Vulnerability Database".
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38664 โผ
๐ Read
via "National Vulnerability Database".
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36389 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38665 โผ
๐ Read
via "National Vulnerability Database".
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36341 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS รขโฌโ Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37112 โผ
๐ Read
via "National Vulnerability Database".
BlueCMS 1.6 has SQL injection in line 55 of admin/model.php๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37111 โผ
๐ Read
via "National Vulnerability Database".
BlueCMS 1.6 has SQL injection in line 132 of admin/article.php๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38172 โผ
๐ Read
via "National Vulnerability Database".
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-1513 โผ
๐ Read
via "National Vulnerability Database".
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.๐ Read
via "National Vulnerability Database".