Lista CVE - 2022 / Giugno
Visualizzazione 601 - 700 di 2149 CVE per Giugno 2022 (Pagina 7 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-25037 | 2022-06-12 | Thomson TCW710 RgDdns Persistent cross site scriting |
| CVE-2018-25038 | 2022-06-12 | Thomson TCW710 RgDhcp Persistent cross site scriting |
| CVE-2018-25039 | 2022-06-12 | Thomson TCW710 RgUrlBlock.asp Persistent cross site scriting |
| CVE-2021-41749 | 2022-06-12 | In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. |
| CVE-2021-41750 | 2022-06-12 | A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter... |
| CVE-2021-41641 | 2022-06-12 | Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. |
| CVE-2022-2054 | 2022-06-12 | Code Injection in nuitka/nuitka |
| CVE-2022-2013 | 2022-06-12 | In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within... |
| CVE-2022-2062 | 2022-06-13 | Generation of Error Message Containing Sensitive Information in nocodb/nocodb |
| CVE-2022-26041 | 2022-06-13 | Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. |
| CVE-2022-26834 | 2022-06-13 | Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept... |
| CVE-2022-27174 | 2022-06-13 | Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article... |
| CVE-2022-27231 | 2022-06-13 | Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the... |
| CVE-2022-28704 | 2022-06-13 | Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product... |
| CVE-2022-29525 | 2022-06-13 | Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. |
| CVE-2022-29894 | 2022-06-13 | Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of... |
| CVE-2017-20041 | 2022-06-13 | Ucweb UC Browser HTML URL improper restriction of rendered ui layers |
| CVE-2017-20042 | 2022-06-13 | Navetti PricePoint Blind sql injection |
| CVE-2017-20043 | 2022-06-13 | Navetti PricePoint Persistent cross site scriting |
| CVE-2017-20044 | 2022-06-13 | Navetti PricePoint Reflected cross site scriting |
| CVE-2017-20045 | 2022-06-13 | Navetti PricePoint cross-site request forgery |
| CVE-2021-37404 | 2022-06-13 | Heap buffer overflow in libhdfs native library |
| CVE-2022-32739 | 2022-06-13 | OTRS version number is always in the exported ICS files |
| CVE-2022-32740 | 2022-06-13 | Information disclosure in the External Interface |
| CVE-2022-32741 | 2022-06-13 | Information disclosure in Request New Password feature |
| CVE-2022-2060 | 2022-06-13 | Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr |
| CVE-2022-2063 | 2022-06-13 | Improper Privilege Management in nocodb/nocodb |
| CVE-2022-2061 | 2022-06-13 | Heap-based Buffer Overflow in hpjansson/chafa |
| CVE-2022-2064 | 2022-06-13 | Insufficient Session Expiration in nocodb/nocodb |
| CVE-2021-46818 | 2022-06-13 | Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution |
| CVE-2022-31040 | 2022-06-13 | Open Redirect in open-forms |
| CVE-2022-2065 | 2022-06-13 | Cross-site Scripting (XSS) - Stored in neorazorx/facturascripts |
| CVE-2022-2066 | 2022-06-13 | Cross-site Scripting (XSS) - Reflected in neorazorx/facturascripts |
| CVE-2021-46817 | 2022-06-13 | Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution |
| CVE-2021-46816 | 2022-06-13 | Adobe Premiere Pro M4A file memory corruption vulnerability could lead to remote code execution |
| CVE-2021-40902 | 2022-06-13 | flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. |
| CVE-2022-2067 | 2022-06-13 | SQL Injection in francoisjacquet/rosariosis |
| CVE-2022-1822 | 2022-06-13 | The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and... |
| CVE-2022-31041 | 2022-06-13 | Insufficient content-type validation for uploaded files in open-forms |
| CVE-2021-25116 | 2022-06-13 | Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion |
| CVE-2022-0626 | 2022-06-13 | Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting |
| CVE-2022-0745 | 2022-06-13 | Like Button Rating < 2.6.45 - Arbitrary e-mail Sending |
| CVE-2022-0786 | 2022-06-13 | KiviCare < 2.3.9 - Unauthenticated SQLi |
| CVE-2022-1656 | 2022-06-13 | JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification |
| CVE-2022-0827 | 2022-06-13 | Bestbooks <= 2.6.3 - Unauthenticated SQLi |
| CVE-2022-0863 | 2022-06-13 | WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE) |
| CVE-2022-0885 | 2022-06-13 | Member Hero <= 1.0.9 - Unauthenticated RCE |
| CVE-2022-1202 | 2022-06-13 | WP-CRM <= 1.2.1 - CSV Injection |
| CVE-2022-1335 | 2022-06-13 | Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1336 | 2022-06-13 | Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1412 | 2022-06-13 | Log WP_Mail <= 0.1 - Email Logs Publicly Accessible |
| CVE-2022-1532 | 2022-06-13 | Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting |
| CVE-2022-1549 | 2022-06-13 | WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-1594 | 2022-06-13 | HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-1595 | 2022-06-13 | HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure |
| CVE-2022-1604 | 2022-06-13 | MailerLite < 1.5.4 - Reflected Cross-Site Scripting |
| CVE-2022-1605 | 2022-06-13 | Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF |
| CVE-2022-1608 | 2022-06-13 | OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1612 | 2022-06-13 | Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1624 | 2022-06-13 | Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF |
| CVE-2022-1694 | 2022-06-13 | Useful Banner Manager <= 1.6.1 - Modify banners via CSRF |
| CVE-2022-1710 | 2022-06-13 | Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1724 | 2022-06-13 | Simple Membership < 4.1.1 - Reflected Cross-Site Scripting |
| CVE-2022-1756 | 2022-06-13 | Newsletter < 7.4.5 - Reflected Cross-Site Scripting |
| CVE-2022-1758 | 2022-06-13 | Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF |
| CVE-2022-1759 | 2022-06-13 | RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1761 | 2022-06-13 | Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1762 | 2022-06-13 | iQ Block Country < 1.2.20 - Protection Bypass due to IP Spoofing |
| CVE-2022-1763 | 2022-06-13 | Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1764 | 2022-06-13 | WP-chgFontSize <= 1.8 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1765 | 2022-06-13 | Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF |
| CVE-2022-1772 | 2022-06-13 | Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1773 | 2022-06-13 | WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting |
| CVE-2022-1777 | 2022-06-13 | Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls |
| CVE-2022-1779 | 2022-06-13 | Auto Delete Posts <= 1.3.0 - Arbitrary Settings Update via CSRF |
| CVE-2022-1780 | 2022-06-13 | LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1781 | 2022-06-13 | postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1787 | 2022-06-13 | Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1788 | 2022-06-13 | Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF |
| CVE-2022-1790 | 2022-06-13 | New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1791 | 2022-06-13 | One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF |
| CVE-2022-1792 | 2022-06-13 | Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS |
| CVE-2022-1793 | 2022-06-13 | Private Files <= 0.40 - Protection Disabling via CSRF |
| CVE-2022-1800 | 2022-06-13 | Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection |
| CVE-2022-1814 | 2022-06-13 | WP Admin Style <= 0.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1208 | 2022-06-13 | The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping... |
| CVE-2022-1985 | 2022-06-13 | The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on... |
| CVE-2022-1707 | 2022-06-13 | The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of... |
| CVE-2022-1918 | 2022-06-13 | The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte... |
| CVE-2022-1900 | 2022-06-13 | The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This... |
| CVE-2022-31398 | 2022-06-13 | A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. |
| CVE-2022-31400 | 2022-06-13 | A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. |
| CVE-2022-1657 | 2022-06-13 | JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion |
| CVE-2022-1768 | 2022-06-13 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file.... |
| CVE-2022-1820 | 2022-06-13 | The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and... |
| CVE-2022-0209 | 2022-06-13 | Mitsol Social Post Feed < 1.11 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1961 | 2022-06-13 | The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers... |
| CVE-2022-1749 | 2022-06-13 | The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers... |
| CVE-2022-1658 | 2022-06-13 | Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion |
| CVE-2022-1969 | 2022-06-13 | The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation... |