โผ CVE-2022-42494 โผ
๐ Read
via "National Vulnerability Database".
Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40223 โผ
๐ Read
via "National Vulnerability Database".
Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-43491 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-30545 โผ
๐ Read
via "National Vulnerability Database".
Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-39377 โผ
๐ Read
via "National Vulnerability Database".
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40206 โผ
๐ Read
via "National Vulnerability Database".
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27855 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-33321 โผ
๐ Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38137 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27914 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-43481 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-32776 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads รขโฌโ Ad Manager & AdSense plugin <= 1.31.1 on WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-41136 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-33322 โผ
๐ Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40632 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27858 โผ
๐ Read
via "National Vulnerability Database".
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-40128 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-41208 โผ
๐ Read
via "National Vulnerability Database".
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-20446 โผ
๐ Read
via "National Vulnerability Database".
In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-229793943๐ Read
via "National Vulnerability Database".
โผ CVE-2022-41207 โผ
๐ Read
via "National Vulnerability Database".
SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-41258 โผ
๐ Read
via "National Vulnerability Database".
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application.๐ Read
via "National Vulnerability Database".