• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-21940
2023-02-17
N/A
6.1 MEDIUM
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
CVE-2022-2194
Accept Stripe, Tipsandtricks-hq
Accept_stripe, All_in_one_wp_security_&_firewall, Category_specific_rss_feed_subscription, Compact_wp_audio_player, Donations_via_paypal, Easy_accept_payments_for_paypal, Far_future_expiry_header, Simple_download_monitor, Software_license_manager, Wordpress_simple_paypal_shopping_cart
2022-07-18
N/A
4.8 MEDIUM
The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-21939
2023-02-17
N/A
6.1 MEDIUM
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.
CVE-2022-21938
2022-06-24
N/A
5.4 MEDIUM
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
CVE-2022-21937
2022-06-24
N/A
5.4 MEDIUM
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.
CVE-2022-21936
2022-10-13
N/A
6.5 MEDIUM
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.
CVE-2022-21935
2022-06-24
N/A
7.5 HIGH
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.
CVE-2022-21934
2022-05-16
N/A
8.8 HIGH
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.
CVE-2022-21933
2022-01-27
N/A
7.8 HIGH
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
CVE-2022-21932
2022-01-20
N/A
5.4 MEDIUM
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability.
« Previous 1 … 10,718 10,719 10,720 10,721 10,722 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE