โผ CVE-2022-40853 โผ
๐ Read
via "National Vulnerability Database".
Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38703 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36791 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40860 โผ
๐ Read
via "National Vulnerability Database".
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3144 โผ
๐ Read
via "National Vulnerability Database".
The Wordfence Security รขโฌโ Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40193 โผ
๐ Read
via "National Vulnerability Database".
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40865 โผ
๐ Read
via "National Vulnerability Database".
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38085 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40869 โผ
๐ Read
via "National Vulnerability Database".
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40867 โผ
๐ Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37328 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37338 โผ
๐ Read
via "National Vulnerability Database".
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40866 โผ
๐ Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40868 โผ
๐ Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40851 โผ
๐ Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40864 โผ
๐ Read
via "National Vulnerability Database".
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23144 โผ
๐ Read
via "National Vulnerability Database".
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-35252 โผ
๐ Read
via "National Vulnerability Database".
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36798 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38061 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-35257 โผ
๐ Read
via "National Vulnerability Database".
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.๐ Read
via "National Vulnerability Database".