Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-26468 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with... | 6.6 | MEDIUM | β | 0 |
| CVE-2022-26469 In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... | 7.8 | HIGH | β | 0 |
| CVE-2022-26470 In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-27491 A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4... | 6.8 | MEDIUM | β | 0 |
| CVE-2022-2402 The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-28884 A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the sc... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-28885 A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-29053 A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession o... | 2.3 | LOW | β | 0 |
| CVE-2022-29058 An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP... | 7.8 | HIGH | β | 0 |
| CVE-2022-29062 Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted H... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-2429 The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possibl... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-2430 The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sani... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-2432 The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on th... | 8.8 | HIGH | β | 0 |
| CVE-2013-4509 The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allow... | N/A | NONE | β | 0 |
| CVE-2022-2934 The Beaver Builder β WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image URL' value found in the Media block in versions up to, and including, 2.5.5.2 due ... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-2516 The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-2517 The Beaver Builder β WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5... | 6.4 | MEDIUM | β | 0 |
| CVE-2013-6869 SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2022-2633 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in version... | 7.5 | HIGH | β | 0 |
| CVE-2013-4041 Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2022-2695 The Beaver Builder β WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and includi... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-2716 The Beaver Builder β WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-6132 A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation ... | 7.3 | HIGH | β | 0 |
| CVE-2022-2735 A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen b... | 7.8 | HIGH | β | 0 |
| CVE-2025-6133 A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manip... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-2935 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-2936 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-2939 The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation o... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-30298 An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetica... | 7.0 | HIGH | β | 0 |
| CVE-2022-31790 WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. ... | 7.5 | HIGH | β | 0 |
| CVE-2022-33177 Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-34656 Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-34867 Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.... | 7.3 | HIGH | β | 0 |
| CVE-2022-38176 An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation b... | 7.8 | HIGH | β | 0 |
| CVE-2022-35847 An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote a... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-35931 Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in ver... | 2.7 | LOW | β | 0 |
| CVE-2022-36425 Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-38131 RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-21516 There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31789 An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious reques... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31791 WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 1... | 7.8 | HIGH | β | 0 |
| CVE-2022-31792 A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code i... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-36032 ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incomi... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-36038 CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution (RCE) vulnerability in CircuitVerse allows authenticated attackers to exe... | 8.8 | HIGH | β | 0 |
| CVE-2022-32491 Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM... | 4.1 | MEDIUM | β | 0 |
| CVE-2022-36039 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file ... | 7.8 | HIGH | β | 0 |
| CVE-2022-36042 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a... | 7.8 | HIGH | β | 0 |
| CVE-2022-36670 PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escal... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-37771 IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privile... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-32277 Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: thi... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.