| Page(s) : 1 ... 598 599 600 601 602 603 604 605 606 607 [608] 609 610 611 612 613 614 615 616 617 618 ... | Result(s) : 43431 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2022-04-26 | CVE-2022-24706 | cve | In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation h... |
| 9.8 | 2022-04-26 | CVE-2022-29499 | cve | The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, S... |
| 9.8 | 2022-04-25 | CVE-2021-45837 | cve | It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. |
| 9.8 | 2022-04-25 | CVE-2022-25866 | cve | The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) functio... |
| 9.8 | 2022-04-25 | CVE-2022-1391 | cve | The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion ... |
| 9.8 | 2022-04-25 | CVE-2022-1390 | cve | The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary ... |
| 9.8 | 2022-04-25 | CVE-2022-0782 | cve | The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_v... |
| 9.8 | 2022-04-25 | CVE-2022-0769 | cve | The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then execu... |
| 9.8 | 2022-04-25 | CVE-2022-0693 | cve | The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthentic... |
| 9.8 | 2022-04-25 | CVE-2022-0657 | cve | The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statemen... |
| 9.8 | 2022-04-25 | CVE-2022-0541 | cve | The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo... |
| 9.8 | 2022-04-25 | CVE-2022-29078 | cve | The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an i... |
| 9.8 | 2022-04-25 | CVE-2022-28093 | cve | SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP... |
| 9.8 | 2022-04-25 | CVE-2022-23457 | cve | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.ge... |
| 9.8 | 2022-04-25 | CVE-2022-27311 | cve | Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. |
| 9.8 | 2022-04-25 | CVE-2021-45840 | cve | It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_... |
| 9.8 | 2022-04-25 | CVE-2022-29077 | cve | A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead t... |
| 9.8 | 2022-04-25 | CVE-2022-27429 | cve | Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. |
| 9.8 | 2022-04-25 | CVE-2022-29264 | cve | An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. |
| 9.8 | 2022-04-22 | CVE-2021-3897 | cve | An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during... |
| Page(s) : 1 ... 598 599 600 601 602 603 604 605 606 607 [608] 609 610 611 612 613 614 615 616 617 618 ... | Result(s) : 43431 |
