• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0842
2022-03-29
N/A
4.9 MEDIUM
A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data the attacker would require administrator privileges.
CVE-2022-0841
2022-03-09
N/A
9.8 CRITICAL
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
CVE-2022-0840
2022-04-15
N/A
4.8 MEDIUM
The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.
CVE-2022-0839
2023-02-22
N/A
9.8 CRITICAL
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
CVE-2022-0838
2022-03-10
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
CVE-2022-0837
2022-06-03
N/A
5.4 MEDIUM
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.
CVE-2022-0836
2022-10-14
N/A
9.8 CRITICAL
The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users
CVE-2022-0835
2022-04-18
N/A
5.5 MEDIUM
AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.
CVE-2022-0834
2022-03-29
N/A
5.4 MEDIUM
The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user accesses the booking calendar with the date the attacker has injected the malicious payload into. This affects versions up to and including 1.0.46.
CVE-2022-0833
2022-04-04
N/A
4.3 MEDIUM
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data
« Previous 1 … 11,014 11,015 11,016 11,017 11,018 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE