Latest CVE Feed
-
9.1
CRITICALCVE-2022-0913
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2022-0912
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2022-0911
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.... Read more
Affected Products : pimcore- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-0910
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32... Read more
Affected Products : usg210_firmware usg310_firmware usg2200_firmware usg_20w_firmware usg_40_firmware usg_40w_firmware usg_60_firmware usg_60w_firmware usg_110_firmware usg_2200-vpn_firmware +54 more products- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-0909
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
7.7
HIGHCVE-2022-0908
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-0907
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2022-0906
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2022-0905
Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.... Read more
Affected Products : gitea- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-0904
A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-0903
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0902
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), ... Read more
Affected Products : rmc-100_firmware rmc-100-lite_firmware xio_firmware xfcg5_firmware xrcg5_firmware uflog5_firmware udc_firmware rmc-100 rmc-100-lite xio +4 more products- Published: Jul. 21, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-0901
The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters... Read more
Affected Products : ad_inserter- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-0900
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.... Read more
Affected Products : divvy_drive- Published: May. 23, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-0899
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.... Read more
Affected Products : header_footer_code_manager- Published: Jul. 25, 2022
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-0898
The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues... Read more
Affected Products : igniteup- Published: May. 09, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-0897
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently mod... Read more
- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-0896
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.... Read more
- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2022-0894
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.... Read more
Affected Products : pimcore- Published: Mar. 15, 2022
- Modified: Nov. 21, 2024