• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-21151
Intel, Pentium Silver N5030 Firmware
Core_i7-6970hq_firmware, Core_i7-6970hq, Core_i7-6920hq_firmware, Core_i7-6920hq, Core_i7-6870hq_firmware, Core_i7-6870hq, Core_i7-6822eq_firmware, Core_i7-6822eq, Core_i7-6820hq_firmware, Core_i7-6820hq
2022-09-09
N/A
5.5 MEDIUM
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-2115
2022-07-29
N/A
6.1 MEDIUM
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
CVE-2022-21149
2022-05-11
N/A
3.5 LOW
The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie.
CVE-2022-21148
2022-08-19
N/A
7.8 HIGH
Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-21147
2022-05-23
N/A
5.5 MEDIUM
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-21146
2022-03-15
N/A
6.1 MEDIUM
Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history.
CVE-2022-21145
2022-04-21
N/A
4.8 MEDIUM
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-21144
2022-07-18
N/A
7.5 HIGH
This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.
CVE-2022-21143
2022-02-26
N/A
9.8 CRITICAL
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands.
CVE-2022-21142
2022-03-02
N/A
9.8 CRITICAL
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.
« Previous 1 … 10,800 10,801 10,802 10,803 10,804 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE