Latest CVE Feed
-
4.3
MEDIUMCVE-2022-21692
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat ... Read more
Affected Products : onionshare- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2011-4956
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : wordpress- Published: Jun. 27, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2022-29051
Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.... Read more
Affected Products : publish_over_ftp- Published: Apr. 12, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-21691
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming t... Read more
Affected Products : onionshare- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-21713
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data ... Read more
- Published: Feb. 08, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2012-1459
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.... Read more
Affected Products : bitdefender nod32_antivirus v3_internet_security clamav antivirus norman_antivirus_\&_antispyware panda_antivirus rising_antivirus virusbuster f-prot_antivirus +24 more products- Published: Mar. 21, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2022-26731
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.... Read more
- Published: May. 26, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-35249
A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.... Read more
Affected Products : rocket.chat- Published: Sep. 23, 2022
- Modified: May. 22, 2025
-
4.3
MEDIUMCVE-2006-4067
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these detail... Read more
- Published: Aug. 10, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2022-29612
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misus... Read more
- Published: Jun. 14, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-29489
Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.... Read more
Affected Products : security- Published: Sep. 16, 2022
- Modified: Feb. 19, 2025
-
4.3
MEDIUMCVE-2011-4910
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more
- Published: Oct. 07, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2022-23473
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for... Read more
Affected Products : tuleap- Published: Dec. 13, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUM- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-29238
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, n... Read more
Affected Products : notebook- Published: Jun. 14, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-23490
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll coll... Read more
Affected Products : bigbluebutton- Published: Dec. 16, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-23578
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer ... Read more
Affected Products : tensorflow- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-27841
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication... Read more
- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-21977
Media Foundation Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_8.1 windows_rt_8.1 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 windows_10_1809 windows_10_20h2 +10 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-22245
A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the ... Read more
Affected Products : junos- Published: Oct. 18, 2022
- Modified: Nov. 21, 2024