Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... Result(s) : 203741

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
N/A 2022-01-17 CVE-2022-0242 cve Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
N/A 2022-01-17 CVE-2021-42357 cve When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially cra...
N/A 2022-01-17 CVE-2022-22703 cve In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.
N/A 2022-01-17 CVE-2022-0256 cve pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
N/A 2022-01-17 CVE-2022-0257 cve pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
N/A 2022-01-17 CVE-2022-0258 cve pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
N/A 2022-01-17 CVE-2021-33040 cve managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.
N/A 2022-01-17 CVE-2021-38965 cve IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted reques...
N/A 2022-01-17 CVE-2021-3853 cve chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
N/A 2022-01-17 CVE-2021-3857 cve chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
N/A 2022-01-17 CVE-2021-24838 cve The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first...
N/A 2022-01-17 CVE-2021-24909 cve The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputin...
N/A 2022-01-17 CVE-2021-25005 cve The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when ...
N/A 2022-01-17 CVE-2021-25024 cve The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues
N/A 2022-01-17 CVE-2021-25025 cve The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as ...
N/A 2022-01-17 CVE-2021-25036 cve The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may g...
N/A 2022-01-17 CVE-2021-25037 cve The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, a...
N/A 2022-01-17 CVE-2021-25046 cve The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in t...
N/A 2022-01-17 CVE-2021-25061 cve The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page.
N/A 2022-01-17 CVE-2021-25065 cve The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... Result(s) : 203741