| Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... | Result(s) : 203741 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2022-01-17 | CVE-2022-0242 | cve | Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0. |
| N/A | 2022-01-17 | CVE-2021-42357 | cve | When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially cra... |
| N/A | 2022-01-17 | CVE-2022-22703 | cve | In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. |
| N/A | 2022-01-17 | CVE-2022-0256 | cve | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| N/A | 2022-01-17 | CVE-2022-0257 | cve | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| N/A | 2022-01-17 | CVE-2022-0258 | cve | pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command |
| N/A | 2022-01-17 | CVE-2021-33040 | cve | managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS. |
| N/A | 2022-01-17 | CVE-2021-38965 | cve | IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted reques... |
| N/A | 2022-01-17 | CVE-2021-3853 | cve | chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| N/A | 2022-01-17 | CVE-2021-3857 | cve | chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| N/A | 2022-01-17 | CVE-2021-24838 | cve | The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first... |
| N/A | 2022-01-17 | CVE-2021-24909 | cve | The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputin... |
| N/A | 2022-01-17 | CVE-2021-25005 | cve | The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when ... |
| N/A | 2022-01-17 | CVE-2021-25024 | cve | The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues |
| N/A | 2022-01-17 | CVE-2021-25025 | cve | The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as ... |
| N/A | 2022-01-17 | CVE-2021-25036 | cve | The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may g... |
| N/A | 2022-01-17 | CVE-2021-25037 | cve | The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, a... |
| N/A | 2022-01-17 | CVE-2021-25046 | cve | The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in t... |
| N/A | 2022-01-17 | CVE-2021-25061 | cve | The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page. |
| N/A | 2022-01-17 | CVE-2021-25065 | cve | The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. |
| Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... | Result(s) : 203741 |
