CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfiltered_html capability is disallowed
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.
500f, 500f_firmware, 7-mode_transition_tool, 8300, 8300_firmware, 8700, 8700_firmware, A220, A220_firmware, A250
2022-10-05
N/A
7.8 HIGH
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.