This article is contributed. See the original author and article here.

artifex — ghostscript
  Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 2022-04-25 not yet calculated CVE-2019-25059
MISC
MLIST wordpress — dw_question_&_answer_pro_wordpress_plugin
  The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 2022-04-25 not yet calculated CVE-2021-24800
MISC wordpress — dw_question_&_answer_pro_wordpress_plugin
  The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 2022-04-25 not yet calculated CVE-2021-24805
MISC wordpress — advanced_page_visit_counter_wordpress_plugin
  The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 2022-04-25 not yet calculated CVE-2021-24957
MISC wordpress — tatsu_wordpress_plugin
  The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 2022-04-25 not yet calculated CVE-2021-25094
MISC
MISC wordpress– english_wordpress_admin_wordpress_plugin
  The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue 2022-04-25 not yet calculated CVE-2021-25111
MISC sophos — authenticator_for_android
  An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 2022-04-27 not yet calculated CVE-2021-25266
CONFIRM maxboard — maxboard
  Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 2022-04-26 not yet calculated CVE-2021-26628
MISC tobesoft — xplatform A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’. 2022-04-26 not yet calculated CVE-2021-26629
MISC ibm — qradar_siem
  IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 2022-04-27 not yet calculated CVE-2021-29776
CONFIRM
XF nomachine — nomachine_for_windows
  NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITYSYSTEM. 2022-04-28 not yet calculated CVE-2021-33436
MISC
MISC
MISC
MISC bender/ebee — charge_controllers
  In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. 2022-04-27 not yet calculated CVE-2021-34587
CONFIRM bender/ebee — charge_controllers
  In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . 2022-04-27 not yet calculated CVE-2021-34588
CONFIRM bender/ebee — charge_controllers
  In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 2022-04-27 not yet calculated CVE-2021-34589
CONFIRM bender/ebee — charge_controllers
  In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 2022-04-27 not yet calculated CVE-2021-34590
CONFIRM bender/ebee — charge_controllers
  In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. 2022-04-27 not yet calculated CVE-2021-34591
CONFIRM bender/ebee — charge_controllers
  In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 2022-04-27 not yet calculated CVE-2021-34592
CONFIRM bender/ebee — cc612
  In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. 2022-04-27 not yet calculated CVE-2021-34601
CONFIRM bender/ebee — charge_controllers
  In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. 2022-04-27 not yet calculated CVE-2021-34602
CONFIRM 3scale — apicast
  A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 2022-04-27 not yet calculated CVE-2021-3523
MISC solarwinds — serv-u
  A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 2022-04-25 not yet calculated CVE-2021-35250
MISC
MISC metasys — ads/adx/oas
  Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. 2022-04-29 not yet calculated CVE-2021-36207
CERT
CONFIRM veryfixpro — veryfixpro
  VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 2022-04-25 not yet calculated CVE-2021-36460
MISC
MISC
MISC wordpress –alexander_ustimenko’s_psychological_tests_&_quizzes_plugin
  Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 2022-04-26 not yet calculated CVE-2021-36867
CONFIRM
CONFIRM tripetto — tripetto_plugin
  Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. 2022-04-26 not yet calculated CVE-2021-36895
CONFIRM
CONFIRM lenovo — pcmanager
  A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 2022-04-22 not yet calculated CVE-2021-3721
MISC lenovo — pcmanager
  A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 2022-04-22 not yet calculated CVE-2021-3722
MISC lenovo — multiple_products
  An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3849
CONFIRM ibm — qradar_siem
  IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. 2022-04-27 not yet calculated CVE-2021-38869
CONFIRM
XF ibm — qradar_siem
  IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 2022-04-27 not yet calculated CVE-2021-38874
XF
CONFIRM ibm — qradar
  IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 2022-04-27 not yet calculated CVE-2021-38878
CONFIRM
XF ibm — qradar_siem
  IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 2022-04-27 not yet calculated CVE-2021-38919
CONFIRM
XF ibm — qradar_siem
  IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 2022-04-27 not yet calculated CVE-2021-38939
XF
CONFIRM ibm — infosphere_information_server
  IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 2022-04-28 not yet calculated CVE-2021-38952
CONFIRM
XF lenovo — multiple_products
  An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 2022-04-22 not yet calculated CVE-2021-3897
CONFIRM motorola — multiple_products
  Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 2022-04-22 not yet calculated CVE-2021-3898
MISC ibm — planning_analytics_workspace IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. 2022-04-25 not yet calculated CVE-2021-39040
XF
CONFIRM ibm — urbancode_deploy
  IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2022-04-29 not yet calculated CVE-2021-39082
CONFIRM
XF lenovo — lenovovariable_smi_handler
  A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-3970
MISC lenovo — notebook
  A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3971
MISC lenovo — notebook
  A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 2022-04-22 not yet calculated CVE-2021-3972
MISC red_hat — gnome-shell
  Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. 2022-04-29 not yet calculated CVE-2021-3982
MISC
MISC artica — proxy
  There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 2022-04-25 not yet calculated CVE-2021-40680
FULLDISC eclipse — openj9
  In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 2022-04-27 not yet calculated CVE-2021-41041
CONFIRM
CONFIRM novelplus — novel-plus
  novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. 2022-04-28 not yet calculated CVE-2021-41921
MISC magic_cms_msvod — magic_cms_msvod
  The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. 2022-04-29 not yet calculated CVE-2021-41942
MISC encode– oss_httpx
  Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. 2022-04-28 not yet calculated CVE-2021-41945
MISC
MISC
MISC
MISC
MISC subrion_cms — subrion_cms
  A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 2022-04-29 not yet calculated CVE-2021-41948
MISC pingidentity — pingid_windows_login
  A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC pingidentity — pingid_adnroid
  A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC pingidentity — pingid_ios
  A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC pingidentity — pingid_desktop
  PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC aemu — aemu
  A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4206
MISC
MISC aemu — aemu
  A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 2022-04-29 not yet calculated CVE-2021-4207
MISC
MISC lenovo — nvme_driver
  A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4210
MISC lenovo — smbios_event_log_driver
  A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4211
MISC lenovo — nlegacy_bios_mode_driver A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2021-4212
MISC wordpress — sp_project_&_document_manager_wordpress_plugin
  The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. 2022-04-25 not yet calculated CVE-2021-4225
MISC
MISC elcomplus — smartptt
  Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 2022-04-28 not yet calculated CVE-2021-43930
CONFIRM elcomplus — smartptt Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. 2022-04-28 not yet calculated CVE-2021-43932
CONFIRM elcomplus — smartptt Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. 2022-04-28 not yet calculated CVE-2021-43934
CONFIRM elcomplus — smartptt_scada_server
  Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. 2022-04-29 not yet calculated CVE-2021-43937
CONFIRM elcomplus — smartptt_scada_server Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. 2022-04-29 not yet calculated CVE-2021-43938
CONFIRM elcomplus — smartptt_scada
  Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 2022-04-28 not yet calculated CVE-2021-43939
CONFIRM wondershare — dr._fone
  Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. 2022-04-29 not yet calculated CVE-2021-44595
MISC
MISC
MISC wondershare — dr._fone Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the “InstallAssistService.exe” service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges 2022-04-29 not yet calculated CVE-2021-44596
MISC
MISC
MISC terramaster — terramaster
  An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. 2022-04-25 not yet calculated CVE-2021-45836
MISC terramaster — terramaster
  It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. 2022-04-25 not yet calculated CVE-2021-45837
MISC terramaster — terramaster
  It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45839
MISC terramaster — terramaster
  It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop. 2022-04-25 not yet calculated CVE-2021-45840
MISC terramaster — terramaster
  In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. 2022-04-25 not yet calculated CVE-2021-45841
MISC terramaster — terramaster
  It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. 2022-04-25 not yet calculated CVE-2021-45842
MISC franklin_fueling_systems — ts-550_evo
  Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46420
MISC franklin_fueling_systems — t5_series
  Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 2022-04-27 not yet calculated CVE-2021-46421
MISC telesquare — sdt-cw3b1 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. 2022-04-27 not yet calculated CVE-2021-46422
MISC telesquare — tlr-2005ksh
  Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. 2022-04-27 not yet calculated CVE-2021-46423
MISC telesquare — tlr-2005ksh
  Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. 2022-04-27 not yet calculated CVE-2021-46424
MISC d-link — dir-825_g1
  In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. 2022-04-27 not yet calculated CVE-2021-46441
MISC
MISC D-Link DIR-825 G1
  In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating firmware without authorization. 2022-04-27 not yet calculated CVE-2021-46442
MISC
MISC wordpress — easy_google_maps_wordpress_plugin
  The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46780
MISC wordpress — supsystic_wordpress_plugin
  The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46781
MISC wordpress — supsystic_wordpress_plugin
  The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2021-46782
MISC lenovo — pcmanager
  A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. 2022-04-22 not yet calculated CVE-2022-0192
MISC wordpress — mycred_wordpress_plugin
  The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog 2022-04-25 not yet calculated CVE-2022-0287
MISC lenovo — system_update
  A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. 2022-04-22 not yet calculated CVE-2022-0354
MISC
MISC wordpress — mycred_wordpress_lugin
  The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. 2022-04-25 not yet calculated CVE-2022-0363
MISC wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
  The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website 2022-04-25 not yet calculated CVE-2022-0398
MISC gitlab — gitlab
  An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. 2022-04-25 not yet calculated CVE-2022-0477
MISC
CONFIRM wordpress — flo-launch_wordpress_plugin
  The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. 2022-04-25 not yet calculated CVE-2022-0541
MISC wordpress — thirstyaffiliates_affiliate_link_manager_wordpress_plugin
  The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. 2022-04-25 not yet calculated CVE-2022-0634
MISC lenovo — thin_installer
  A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. 2022-04-22 not yet calculated CVE-2022-0636
MISC wordpress — web_to_print_shop_udraw_wordpress_plugin
  The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) 2022-04-25 not yet calculated CVE-2022-0656
MISC wordpress — 5_stars_rating_funnel_wordpress_plugin
  The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using sanitize_text_field(), however such function is not intended to prevent SQL injections. 2022-04-25 not yet calculated CVE-2022-0657
MISC wordpress — master_elements_wordpress_plugin
  The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0693
MISC wordpress — users_ultra_wordpress_plugin
  The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. 2022-04-25 not yet calculated CVE-2022-0769
MISC wordpress — donations_wordpress_plugin
  The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection 2022-04-25 not yet calculated CVE-2022-0782
MISC wordpress — wpdevart_wordpress_plugin
  The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-0876
MISC wordpress– anti-malware_secruity_and_brute-force_firewall_wordpress_lugin
  The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters 2022-04-25 not yet calculated CVE-2022-0953
MISC linux — linux
  Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. 2022-04-29 not yet calculated CVE-2022-0984
MISC linux — linux
  Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. 2022-04-29 not yet calculated CVE-2022-0985
MISC linux — linux_kernel
  A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. 2022-04-29 not yet calculated CVE-2022-1015
MISC
MISC
MISC wordpress — page_restriction_wordpress_plugin
  The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users. 2022-04-25 not yet calculated CVE-2022-1027
MISC linux — linux_kernel
  A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC wordpress — mycred_plugin
  The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog 2022-04-25 not yet calculated CVE-2022-1092
MISC wordpress — wordpress
  The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1094
MISC lenovo — thinkpad
  During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. 2022-04-22 not yet calculated CVE-2022-1107
MISC lenovo — thinkpad
  A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. 2022-04-22 not yet calculated CVE-2022-1108
MISC imagemagicks — relinquishdcminfo
  A heap-use-after-free flaw was found in ImageMagick’s RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. 2022-04-29 not yet calculated CVE-2022-1114
MISC wordpress — menubar_plugin
  The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting 2022-04-25 not yet calculated CVE-2022-1152
MISC wordpress — layerslider_plugin
  The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 2022-04-25 not yet calculated CVE-2022-1153
MISC wordpress — books_and_papers_plugin
  The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1156
MISC getgrav — grav
  stored xss in GitHub repository getgrav/grav prior to 1.7.33. 2022-04-26 not yet calculated CVE-2022-1173
MISC
CONFIRM linux — linux_kernel
  A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC podman — podman
  A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. 2022-04-29 not yet calculated CVE-2022-1227
MISC
MISC wordpress — opensea_plugin
  The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2022-04-25 not yet calculated CVE-2022-1228
MISC linux — linux
  A NULL pointer dereference flaw was found in pesign’s cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign. 2022-04-29 not yet calculated CVE-2022-1249
MISC linux — linux_kernel
  A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC wordpress — admin_word_count_column
  The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique 2022-04-25 not yet calculated CVE-2022-1390
MISC
MISC wordpress — cab_fare_calculator_plugin
  The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. 2022-04-25 not yet calculated CVE-2022-1391
MISC
MISC wordpress — videos_sync_pdf_plugin
  The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues 2022-04-25 not yet calculated CVE-2022-1392
MISC
MISC wordpress — donorbox_plugin
  The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 2022-04-25 not yet calculated CVE-2022-1396
MISC
MISC delta_electronics — asda-soft
  ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-04-29 not yet calculated CVE-2022-1402
MISC delta_electronics — asda-soft
  ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. 2022-04-29 not yet calculated CVE-2022-1403
MISC mruby — mruby
  Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. 2022-04-23 not yet calculated CVE-2022-1427
CONFIRM
MISC yarkeev — yarkeev
  Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. 2022-04-22 not yet calculated CVE-2022-1440
MISC
CONFIRM gpac — gpac
  MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. 2022-04-25 not yet calculated CVE-2022-1441
MISC
MISC radareorg — radare2
  heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. 2022-04-23 not yet calculated CVE-2022-1444
CONFIRM
MISC snipe — snipe-it
  Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. 2022-04-24 not yet calculated CVE-2022-1445
MISC
CONFIRM radareorg — radare2
  Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1451
CONFIRM
MISC radareorg — radare2
  Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). 2022-04-24 not yet calculated CVE-2022-1452
CONFIRM
MISC facturascripts — facturascripts
  Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-25 not yet calculated CVE-2022-1457
CONFIRM
MISC openemr — openemr
  Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1458
MISC
CONFIRM openemr — openemr
  Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1459
MISC
CONFIRM openemr — openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. 2022-04-25 not yet calculated CVE-2022-1461
MISC
CONFIRM getsimple — content_management_system
  Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. 2022-04-26 not yet calculated CVE-2022-1466
MISC
MISC
MISC getsimple — content_management_system A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. 2022-04-27 not yet calculated CVE-2022-1503
MISC
MISC microweber — microweber
  XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. 2022-04-27 not yet calculated CVE-2022-1504
CONFIRM
MISC chafa — chafa
  chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. 2022-04-27 not yet calculated CVE-2022-1507
MISC
CONFIRM hestiacp — hestiacp
  Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. 2022-04-28 not yet calculated CVE-2022-1509
CONFIRM
MISC snipe — snipe-it
  Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. 2022-04-28 not yet calculated CVE-2022-1511
CONFIRM
MISC facturascripts — facturascripts
  Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 2022-04-28 not yet calculated CVE-2022-1514
MISC
CONFIRM emlog — emlog_pro
  A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input <script>alert(1);</script> leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1526
MISC
MISC livehelperchat — livehelperchat
  Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application :) 2022-04-29 not yet calculated CVE-2022-1530
MISC
CONFIRM rtx — rtx
  SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. 2022-04-29 not yet calculated CVE-2022-1531
MISC
CONFIRM libmobi — libmobi
  Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. 2022-04-29 not yet calculated CVE-2022-1533
CONFIRM
MISC libmobi — libmobi
  Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. 2022-04-29 not yet calculated CVE-2022-1534
MISC
CONFIRM automad — automad
  A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert(“home”)</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. 2022-04-29 not yet calculated CVE-2022-1536
N/A
N/A scoold — scoold
  Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. 2022-04-29 not yet calculated CVE-2022-1543
CONFIRM
MISC sonicwall — sonicos
  Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. 2022-04-27 not yet calculated CVE-2022-22275
CONFIRM sonicwall — sonicos
  A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. 2022-04-27 not yet calculated CVE-2022-22276
CONFIRM sonicwall — sonicos
  A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. 2022-04-27 not yet calculated CVE-2022-22277
CONFIRM sonicwall — sonicos_cfs
  A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack 2022-04-27 not yet calculated CVE-2022-22278
CONFIRM ibm — security_identity_manager
  IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. 2022-04-27 not yet calculated CVE-2022-22312
CONFIRM
XF ibm — urbancode_deploy
  IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. 2022-04-27 not yet calculated CVE-2022-22315
CONFIRM
XF ibm — infosphere_information_server
  IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. 2022-04-28 not yet calculated CVE-2022-22322
CONFIRM
XF ibm — security_identity_manager
  IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. 2022-04-27 not yet calculated CVE-2022-22323
XF
CONFIRM ibm — qradar
  IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. 2022-04-27 not yet calculated CVE-2022-22345
XF
CONFIRM ibm — planning_analytics_local
  IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. 2022-04-25 not yet calculated CVE-2022-22392
XF
CONFIRM ibm — infosphere_information_server
  IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. 2022-04-28 not yet calculated CVE-2022-22427
XF
CONFIRM ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. 2022-04-28 not yet calculated CVE-2022-22441
XF
CONFIRM ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. 2022-04-28 not yet calculated CVE-2022-22443
XF
CONFIRM miele — benchmark_programming_tool
  In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. 2022-04-27 not yet calculated CVE-2022-22521
MISC
FULLDISC
MISC zoom — client_for_meetings
  The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. 2022-04-28 not yet calculated CVE-2022-22781
MISC zoom — client_for_meetings
  The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. 2022-04-28 not yet calculated CVE-2022-22782
MISC zoom — on-premise_meeting_connector_controller
  A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. 2022-04-28 not yet calculated CVE-2022-22783
MISC esapi — esapi
  ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the ‘input’ path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one’s own implementation of the Validator interface. However, maintainers do not recommend this. 2022-04-25 not yet calculated CVE-2022-23457
MISC
MISC
CONFIRM xilinx — xilinx
  In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. 2022-04-27 not yet calculated CVE-2022-23822
MISC
MISC apache — doris
  Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. 2022-04-26 not yet calculated CVE-2022-23942
CONFIRM
MLIST
MLIST linysys — linksys
  Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. 2022-04-27 not yet calculated CVE-2022-24372
MISC
MISC
MISC solar — appscreener
  Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document. 2022-04-28 not yet calculated CVE-2022-24449
MISC
MISC apache — couchdb
  In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. 2022-04-26 not yet calculated CVE-2022-24706
MISC
MISC
MLIST redis — redis
  Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24735
MISC
CONFIRM
MISC
MISC redis — redis
  Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 2022-04-27 not yet calculated CVE-2022-24736
MISC
CONFIRM
MISC
MISC pjsip — pjsip
  PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. 2022-04-25 not yet calculated CVE-2022-24792
MISC
CONFIRM discourse — discourse-assign
  Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24866
MISC
CONFIRM shopware — shopware
  Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24873
MISC
MISC
CONFIRM shopware — shopware Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 2022-04-28 not yet calculated CVE-2022-24879
CONFIRM
MISC
MISC tethik — tethik
  flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. 2022-04-25 not yet calculated CVE-2022-24880
MISC
MISC
MISC
CONFIRM ballcat — ballcat
  Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2. 2022-04-26 not yet calculated CVE-2022-24881
MISC
CONFIRM
MISC freerdp — freerdp
  FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 2022-04-26 not yet calculated CVE-2022-24882
MISC
MISC
CONFIRM
MISC freerdp — freerdp
  FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. 2022-04-26 not yet calculated CVE-2022-24883
MISC
CONFIRM
MISC
MISC nextcloud — android
  Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24885
MISC
MISC
CONFIRM nextcloud — android
  Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24886
MISC
MISC
CONFIRM nextcloud — talk
  Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24887
MISC
MISC
CONFIRM nextcloud — server
  Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing n, r, t, and v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. 2022-04-27 not yet calculated CVE-2022-24888
MISC
MISC
CONFIRM nextcloud — server
  Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. 2022-04-27 not yet calculated CVE-2022-24889
CONFIRM
MISC
MISC esapi — esapi
  ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for “onsiteURL” in the **antisamy-esapi.xml** configuration file that can cause “javascript:” URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the “onsiteURL” regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers’ release notes and security bulletin. 2022-04-27 not yet calculated CVE-2022-24891
MISC
CONFIRM
MISC shopware — shopware
  Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim’s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. 2022-04-28 not yet calculated CVE-2022-24892
MISC
MISC
CONFIRM xwiki — xwiki
  org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 2022-04-28 not yet calculated CVE-2022-24898
MISC
MISC
CONFIRM piano_led — piano_led
  Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the “malicious” parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. 2022-04-29 not yet calculated CVE-2022-24900
MISC
CONFIRM
MISC
MISC
MISC lexmark — multiple_products
  Lexmark products through 2022-02-10 have Incorrect Access Control. 2022-04-28 not yet calculated CVE-2022-24935
MISC
MISC tagify — tagify
  This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. 2022-04-29 not yet calculated CVE-2022-25854
CONFIRM
CONFIRM
CONFIRM
CONFIRM czproject — czproject
  The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. 2022-04-25 not yet calculated CVE-2022-25866
CONFIRM
CONFIRM
CONFIRM nextcloud — android
  The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. 2022-04-25 not yet calculated CVE-2022-26111
MISC
MISC hoteldruid — hotel_management_software
  HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. 2022-04-26 not yet calculated CVE-2022-26564
MISC
MISC liferay — liferay
  Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. 2022-04-25 not yet calculated CVE-2022-26596
MISC liferay — liferay
  Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. 2022-04-25 not yet calculated CVE-2022-26597
MISC element-plus — element-plus
  element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. 2022-04-25 not yet calculated CVE-2022-27103
MISC
MISC
MISC adobe — xpdf
  xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. 2022-04-25 not yet calculated CVE-2022-27135
MISC
MISC
MISC cifa-utils — cifa-utils
  In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. 2022-04-27 not yet calculated CVE-2022-27239
MISC
MISC
MISC
MISC
MISC hms — hms
  Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. 2022-04-26 not yet calculated CVE-2022-27299
MISC amro — amro
  Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. 2022-04-25 not yet calculated CVE-2022-27311
MISC zammad — zammad
  An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. 2022-04-27 not yet calculated CVE-2022-27331
MISC zammad — zammad
  An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-27332
MISC seacms — seacms
  Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. 2022-04-27 not yet calculated CVE-2022-27336
MISC mcms — mcms
  MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. 2022-04-22 not yet calculated CVE-2022-27340
MISC
MISC tenda — tenda
  Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. 2022-04-25 not yet calculated CVE-2022-27374
MISC tenda — tenda Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. 2022-04-25 not yet calculated CVE-2022-27375
MISC gallerycms — gallerycms
  A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. 2022-04-25 not yet calculated CVE-2022-27428
MISC jizhicms — jizhicms
  Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. 2022-04-25 not yet calculated CVE-2022-27429
MISC monstaftp — monstaftp
  Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. 2022-04-26 not yet calculated CVE-2022-27468
MISC
MISC monstaftp — monstaftp
  Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). 2022-04-26 not yet calculated CVE-2022-27469
MISC
MISC wordpress — wordpress
  Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 2022-04-26 not yet calculated CVE-2022-27854
CONFIRM
CONFIRM wordpress — shea_bunge_footer_text 
  Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress. 2022-04-28 not yet calculated CVE-2022-27860
CONFIRM
CONFIRM palantir — palantir
  Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. 2022-04-26 not yet calculated CVE-2022-27888
MISC controlup — real-time_agent
  In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:) to exploit this. 2022-04-27 not yet calculated CVE-2022-27905
MISC cuppacms — cuppacms
  CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. 2022-04-26 not yet calculated CVE-2022-27984
MISC
MISC cuppacms — cuppacms CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. 2022-04-26 not yet calculated CVE-2022-27985
MISC
MISC typemill — typemill
  Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28053
MISC verydows — verydows
  Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backendfile_controller.php. 2022-04-26 not yet calculated CVE-2022-28058
MISC
MISC verydows — verydows
  Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via backenddatabase_controller.php. 2022-04-26 not yet calculated CVE-2022-28059
MISC
MISC victor_cms — victor_cms
  SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. 2022-04-28 not yet calculated CVE-2022-28060
MISC
MISC
MISC htmldoc — htmldoc
  A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). 2022-04-27 not yet calculated CVE-2022-28085
MISC
MISC scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. 2022-04-25 not yet calculated CVE-2022-28093
MISC
MISC
MISC scbs — online_sports_venue_reservation_system SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. 2022-04-25 not yet calculated CVE-2022-28094
MISC
MISC
MISC turtlapp — turtle_note
  Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection. 2022-04-28 not yet calculated CVE-2022-28101
MISC
MISC php — mysql_admin_panel_generator
  A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. 2022-04-28 not yet calculated CVE-2022-28102
MISC
MISC dscms — dscms
  DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. 2022-04-28 not yet calculated CVE-2022-28114
MISC navigate_cms — navigate_cms
  A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. 2022-04-28 not yet calculated CVE-2022-28117
MISC
MISC nvidia — jetson_linux_driver
  NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28193
MISC nvidia — jetson_linux_driver
  NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. 2022-04-27 not yet calculated CVE-2022-28194
MISC nvidia — jetson_linux_driver
  NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28195
MISC nvidia — jetson_linux_driver
  NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. 2022-04-27 not yet calculated CVE-2022-28196
MISC nvidia — jetson_linux_driver
  NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 2022-04-27 not yet calculated CVE-2022-28197
MISC nvidia — omniverse_nucleus_and_cache
  NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. 2022-04-29 not yet calculated CVE-2022-28198
MISC ciphermail — webmail_messenger
  An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). 2022-04-26 not yet calculated CVE-2022-28218
MISC
MISC
MISC wordpress — country_selector_plugin
  Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request 2022-04-25 not yet calculated CVE-2022-28290
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 2022-04-30 not yet calculated CVE-2022-28323
MISC
MISC
MISC nopsolutions — nopcommerce nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. 2022-04-26 not yet calculated CVE-2022-28448
MISC nopsolutions — nopcommerce
  nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. 2022-04-26 not yet calculated CVE-2022-28449
MISC nopsolutions — nopcommerce
  nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the “Text” parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. 2022-04-26 not yet calculated CVE-2022-28450
MISC lms_red_planet_laundry_management_system — lms_red_planet_laundry_management_system
  Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. 2022-04-29 not yet calculated CVE-2022-28452
MISC
MISC
MISC
MISC limbas — limbas
  Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28454
MISC
MISC
MISC apifox — apifox
  Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. 2022-04-27 not yet calculated CVE-2022-28464
MISC wbce — wbce
  WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). 2022-04-28 not yet calculated CVE-2022-28477
MISC
MISC allmediaserver — allmediaserver
  ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. 2022-04-29 not yet calculated CVE-2022-28480
MISC giflib — giflb
  There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. 2022-04-25 not yet calculated CVE-2022-28506
MISC
MISC
MISC zcms — zcms ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. 2022-04-26 not yet calculated CVE-2022-28521
MISC
MISC zcms — zcms ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. 2022-04-26 not yet calculated CVE-2022-28522
MISC
MISC hongcms — hongcms
  HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. 2022-04-26 not yet calculated CVE-2022-28523
MISC ed01-cms — ed01-cms
  ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. 2022-04-26 not yet calculated CVE-2022-28524
MISC ed01-cms — ed01-cms
  ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. 2022-04-26 not yet calculated CVE-2022-28525
MISC dhcms — dhcms
  dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. 2022-04-26 not yet calculated CVE-2022-28527
MISC bloofox — bloofoxcms
  bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. 2022-04-26 not yet calculated CVE-2022-28528
MISC hoosk — hoosk
  XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. 2022-04-25 not yet calculated CVE-2022-28586
MISC qualys — assetview
  Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. 2022-04-28 not yet calculated CVE-2022-28719
MISC
MISC f-secure — atlant
  A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 2022-04-25 not yet calculated CVE-2022-28871
MISC mahara — mahara
  Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. 2022-04-28 not yet calculated CVE-2022-28892
MISC greencms — greencms
  GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. 2022-04-26 not yet calculated CVE-2022-28918
MISC smallsrv — smallsrv
  Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. 2022-04-29 not yet calculated CVE-2022-28994
MISC rippled — rippled A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat. 2022-04-25 not yet calculated CVE-2022-29077
MISC
MISC
MISC ejs — ejs_for_node.js
  The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). 2022-04-25 not yet calculated CVE-2022-29078
MISC
MISC zoho — manageengine_access_manager_plus
  Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. 2022-04-28 not yet calculated CVE-2022-29081
MISC
MISC ericom — powerterm_webconnect
  The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. 2022-04-28 not yet calculated CVE-2022-29152
MISC
MISC coreboot — coreboot
  An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. 2022-04-25 not yet calculated CVE-2022-29264
MISC
MISC apache — nifi
  Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 2022-04-30 not yet calculated CVE-2022-29265
CONFIRM
MISC wordpress — hermit_plugin
  Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 2022-04-28 not yet calculated CVE-2022-29410
CONFIRM
CONFIRM wordpress — hermit_plugin
  SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). 2022-04-28 not yet calculated CVE-2022-29411
CONFIRM
CONFIRM wordpress — hermit_plugin
  Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. 2022-04-28 not yet calculated CVE-2022-29412
CONFIRM
CONFIRM wordpress — hermit_plugin
  Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. 2022-04-28 not yet calculated CVE-2022-29413
CONFIRM
CONFIRM wpkube — subscribe_to_comments_reloaded_plugin
  Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. 2022-04-29 not yet calculated CVE-2022-29414
CONFIRM
CONFIRM wordpress — ravpage_plugin
  Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress. 2022-04-28 not yet calculated CVE-2022-29415
CONFIRM
CONFIRM wordpress — shortpixel_adaptive_images_plugin
  Plugin Settings Update vulnerability in ShortPixel’s ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. 2022-04-25 not yet calculated CVE-2022-29417
CONFIRM
CONFIRM wordpress — night_mode_plugin
  Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. 2022-04-25 not yet calculated CVE-2022-29418
CONFIRM
CONFIRM wordpress — 3xsocializer_plugin
  SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. 2022-04-25 not yet calculated CVE-2022-29419
CONFIRM
CONFIRM wordpress — rara_one_click_demo_import_plugin
  Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. 2022-04-29 not yet calculated CVE-2022-29451
CONFIRM
CONFIRM mitel — mivoice_connect
  The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. 2022-04-26 not yet calculated CVE-2022-29499
CONFIRM line_corporation — line_for_windows
  Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. 2022-04-27 not yet calculated CVE-2022-29505
MISC htmlunit — nekohtml_parser HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. 2022-04-25 not yet calculated CVE-2022-29546
CONFIRM northern.tech –mender_enterprise The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. 2022-04-28 not yet calculated CVE-2022-29555
MISC
MISC northern.tech — mender_enterprise The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints. 2022-04-28 not yet calculated CVE-2022-29556
MISC
MISC mahara — mahara
  Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. 2022-04-28 not yet calculated CVE-2022-29584
MISC
MISC mahara — mahara
  In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). 2022-04-28 not yet calculated CVE-2022-29585
MISC
MISC universis — universis-api
  A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. 2022-04-25 not yet calculated CVE-2022-29603
MISC
MISC zammad — zammad
  A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. 2022-04-27 not yet calculated CVE-2022-29700
MISC zammad — zammad
  A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. 2022-04-27 not yet calculated CVE-2022-29701
MISC zoneminder — zoneminder
  ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. 2022-04-26 not yet calculated CVE-2022-29806
MISC
MISC
MISC
MISC hashicorp — go-getter
  The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. 2022-04-27 not yet calculated CVE-2022-29810
MISC
MISC
MISC jetbrains — hub
  In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. 2022-04-28 not yet calculated CVE-2022-29811
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient 2022-04-28 not yet calculated CVE-2022-29812
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible 2022-04-28 not yet calculated CVE-2022-29813
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 2022-04-28 not yet calculated CVE-2022-29814
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible 2022-04-28 not yet calculated CVE-2022-29815
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible 2022-04-28 not yet calculated CVE-2022-29816
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible 2022-04-28 not yet calculated CVE-2022-29817
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed 2022-04-28 not yet calculated CVE-2022-29818
MISC jetbrains — intellij_idea
  In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29819
MISC jetbrains — pycharm
  In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible 2022-04-28 not yet calculated CVE-2022-29820
MISC jetbrains — rider
  In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible 2022-04-28 not yet calculated CVE-2022-29821
MISC automation_anywhere — automation360_22
  A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. 2022-04-29 not yet calculated CVE-2022-29856
MISC
MISC ambiot — amb1_sdk
  component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. 2022-04-27 not yet calculated CVE-2022-29859
MISC cif-utils — cifs_utils
  cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. 2022-04-28 not yet calculated CVE-2022-29869
MISC
MISC mdeiawiki — private_domains The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains. 2022-04-29 not yet calculated CVE-2022-29903
MISC
MISC mediawiki — semanticdrilldown
  The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain ‘-‘ and ‘_’ constraints. 2022-04-29 not yet calculated CVE-2022-29904
MISC
MISC mediawiki — fanboxes
  The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. 2022-04-29 not yet calculated CVE-2022-29905
MISC
MISC mediawiki — quizgame
  The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. 2022-04-29 not yet calculated CVE-2022-29906
MISC
MISC mediawiki_nimbus_skin
  The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. 2022-04-29 not yet calculated CVE-2022-29907
MISC
MISC oracle — usu_oracle_optimization
  USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29934
MISC oracle — usu_oracle_optimization
  USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29935
MISC oracle — usu_oracle_optimization
  USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29936
MISC oracle — usu_oracle_optimization
  USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. 2022-04-29 not yet calculated CVE-2022-29937
MISC dji — aeroscope
  DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator’s physical location via the AeroScope protocol. 2022-04-29 not yet calculated CVE-2022-29945
MISC
MISC
MISC woodpecker — woodpecker
  Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. 2022-04-29 not yet calculated CVE-2022-29947
MISC
MISC glewlwyd — glewlwyd
  static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. 2022-04-29 not yet calculated CVE-2022-29967
MISC

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.