• Home(current)
  • About us
  • Vunerability
    • CVE-AI Assist
    • CWE List
    • CVE List
  • Publications
    • Posters
    • Videos
    • Research Articles
    • Bulletin
  • Log In

Common Vulnerability and Exposures

Common Vulnerabilities and Exposures (CVE) is a critical tool for maintaining software security, providing a standardized way to track and manage vulnerabilities across systems. Organizations should regularly monitor CVE databases, assess the impact of vulnerabilities, and apply patches promptly to reduce the risk of exploitation.
CVE (Common Vulnerabilities and Exposures) is a public database that provides a standardized method for identifying, tracking, and referencing publicly disclosed security vulnerabilities in software and hardware. Each vulnerability receives a unique identifier called a CVE ID (e.g., CVE-2023-12345), making it easier to reference specific vulnerabilities across different tools and databases.

CVE Details

Show All Records

Total Search Results: 158437

 1   2   3   4   5   6   7   8   9   10   11   12   13   14   15   16   17   18   19   20   21   22   23   24   25   26   27   28   29   30   31   32   33   34   35   36   37   38   39   40 
 41   42   43   44   45   46   47   48   49   50   51   52   53   54   55   56   57   58   59   60   61   62   63   64   65   66   67   68   69   70   71   72   73   74   75   76   77   78   79   80 
 81   82   83   84   85   86   87   88   89   90   91   92   93   94   95   96   97   98   99   100   101   102   103   104   105   106   107   108   109   110   111   112   113   114   115   116   117   118   119   120 
 121   122   123   124   125   126   127   128   129   130   131   132   133   134   135   136   137   138   139   140   141   142   143   144   145   146   147   148   149   150   151   152   153   154   155   156   157   158   159   160 
 161   162   163   164   165   166   167   168   169   170   171   172   173   174   175   176   177   178   179   180   181   182   183   184   185   186   187   188   189   190   191   192   193   194   195   196   197   198   199   200 
 201   202   203   204   205   206   207   208   209   210   211   212   213   214   215   216   217   218   219   220   221   222   223   224   225   226   227   228   229   230   231   232   233   234   235   236   237   238   239   240 
 241   242   243   244   245   246   247   248   249   250   251   252   253   254   255   256   257   258   259   260   261   262   263   264   265   266   267   268   269   270   271   272   273   274   275   276   277   278   279   280 
 281   282   283   284   285   286   287   288   289   290   291   292   293   294   295   296   297   298   299   300   301   302   303   304   305   306   307   308   309   310   311   312   313   314   315   316   317   318   319   320 
 321   322   323   324   325   326   327   328   329   330   331   332   333   334   335   336   337   338   339   340   341   342   343   344   345   346   347   348   349   350   351   352   353   354   355   356   357   358   359   360 
 361   362   363   364   365   366   367   368   369   370   371   372   373   374   375   376   377   378   379   380   381   382   383   384   385   386   387   388   389   390   391   392   393   394   395   396   397   398   399   400 
 401   402   403   404   405   406   407   408   409   410   411   412   413   414   415   416   417   418   419   420   421   422   423   424   425   426   427   428   429   430   431   432   433   434   435   436   437   438   439   440 
 441   442   443   444   445   446   447   448   449   450   451   452   453   454   455   456   457   458   459   460   461   462   463   464   465   466   467   468   469   470   471   472   473   474   475   476   477   478   479   480 
 481   482   483   484   485   486   487   488   489   490   491   492   493   494   495   496   497   498   499   500   501   502   503   504   505   506   507   508   509   510   511   512   513   514   515   516   517   518   519   520 
 521   522   523   524   525   526   527   528   529   530   531   532   533   534   535   536   537   538   539   540   541   542   543   544   545   546   547   548   549   550   551   552   553   554   555   556   557   558   559   560 
 561   562   563   564   565   566   567   568   569   570   571   572   573   574   575   576   577   578   579   580   581   582   583   584   585   586   587   588   589   590   591   592   593   594   595   596   597   598   599   600 
 601   602   603   604   605   606   607   608   609   610   611   612   613   614   615   616   617   618   619   620   621   622   623   624   625   626   627   628   629   630   631   632   633   634   635   636   637   638   639   640 
 641   642   643   644   645   646   647   648   649   650   651   652   653   654   655   656   657   658   659   660   661   662   663   664   665   666   667   668   669   670   671   672   673   674   675   676   677   678   679   680 
 681   682   683   684   685   686   687   688   689   690   691   692   693   694   695   696   697   698   699   700   701   702   703   704   705   706   707   708   709   710   711   712   713   714   715   716   717   718   719   720 
 721   722   723   724   725   726   727   728   729   730   731   732   733   734   735   736   737   738   739   740   741   742   743   744   745   746   747   748   749   750   751   752   753   754   755   756   757   758   759   760 
 761   762   763   764   765   766   767   768   769   770   771   772   773   774   775   776   777   778   779   780   781   782   783   784   785   786   787   788   789   790   791   792   793   794   795   796   797   798   799   800 
 801   802   803   804   805   806   807   808   809   810   811   812   813   814   815   816   817   818   819   820   821   822   823   824   825   826   827   828   829   830   831   832   833   834   835   836   837   838   839   840 
 841   842   843   844   845   846   847   848   849   850   851   852   853   854   855   856   857   858   859   860   861   862   863   864   865   866   867   868   869   870   871   872   873   874   875   876   877   878   879   880 
 881   882   883   884   885   886   887   888   889   890   891   892   893   894   895   896   897   898   899   900   901   902   903   904   905   906   907   908   909   910   911   912   913   914   915   916   917   918   919   920 
 921   922   923   924   925   926   927   928   929   930   931   932   933   934   935   936   937   938   939   940   941   942   943   944   945   946   947   948   949   950   951   952   953   954   955   956   957   958   959   960 
 961   962   963   964   965   966   967   968   969   970   971   972   973   974   975   976   977   978   979   980   981   982   983   984   985   986   987   988   989   990   991   992   993   994   995   996   997   998   999   1000 
 1001   1002   1003   1004   1005   1006   1007   1008   1009   1010   1011   1012   1013   1014   1015   1016   1017   1018   1019   1020   1021   1022   1023   1024   1025   1026   1027   1028   1029   1030   1031   1032   1033   1034   1035   1036   1037   1038   1039   1040 
 1041   1042   1043   1044   1045   1046   1047   1048   1049   1050   1051   1052   1053   1054   1055   1056   1057   1058   1059   1060   1061   1062   1063   1064   1065   1066   1067   1068   1069   1070   1071   1072   1073   1074   1075   1076   1077   1078   1079   1080 
 1081   1082   1083   1084   1085   1086   1087   1088   1089   1090   1091   1092   1093   1094   1095   1096   1097   1098   1099   1100   1101   1102   1103   1104   1105   1106   1107   1108   1109   1110   1111   1112   1113   1114   1115   1116   1117   1118   1119   1120 
 1121   1122   1123   1124   1125   1126   1127   1128   1129   1130   1131   1132   1133   1134   1135   1136   1137   1138   1139   1140   1141   1142   1143   1144   1145   1146   1147   1148   1149   1150   1151   1152   1153   1154   1155   1156   1157   1158   1159   1160 
 1161   1162   1163   1164   1165   1166   1167   1168   1169   1170   1171   1172   1173   1174   1175   1176   1177   1178   1179   1180   1181   1182   1183   1184   1185   1186   1187   1188   1189   1190   1191   1192   1193   1194   1195   1196   1197   1198   1199   1200 
 1201   1202   1203   1204   1205   1206   1207   1208   1209   1210   1211   1212   1213   1214   1215   1216   1217   1218   1219   1220   1221   1222   1223   1224   1225   1226   1227   1228   1229   1230   1231   1232   1233   1234   1235   1236   1237   1238   1239   1240 
 1241   1242   1243   1244   1245   1246   1247   1248   1249   1250   1251   1252   1253   1254   1255   1256   1257   1258   1259   1260   1261   1262   1263   1264   1265   1266   1267   1268   1269   1270   1271   1272   1273   1274   1275   1276   1277   1278   1279   1280 
 1281   1282   1283   1284   1285   1286   1287   1288   1289   1290   1291   1292   1293   1294   1295   1296   1297   1298   1299   1300   1301   1302   1303   1304   1305   1306   1307   1308   1309   1310   1311   1312   1313   1314   1315   1316   1317   1318   1319   1320 
 1321   1322   1323   1324   1325   1326   1327   1328   1329   1330   1331   1332   1333   1334   1335   1336   1337   1338   1339   1340   1341   1342   1343   1344   1345   1346   1347   1348   1349   1350   1351   1352   1353   1354   1355   1356   1357   1358   1359   1360 
 1361   1362   1363   1364   1365   1366   1367   1368   1369   1370   1371   1372   1373   1374   1375   1376   1377   1378   1379   1380   1381   1382   1383   1384   1385   1386   1387   1388   1389   1390   1391   1392   1393   1394   1395   1396   1397   1398   1399   1400 
 1401   1402   1403   1404   1405   1406   1407   1408   1409   1410   1411   1412   1413   1414   1415   1416   1417   1418   1419   1420   1421   1422   1423   1424   1425   1426   1427   1428   1429   1430   1431   1432   1433   1434   1435   1436   1437   1438   1439   1440 
 1441   1442   1443   1444   1445   1446   1447   1448   1449   1450   1451   1452   1453   1454   1455   1456   1457   1458   1459   1460   1461   1462   1463   1464   1465   1466   1467   1468   1469   1470   1471   1472   1473   1474   1475   1476   1477   1478   1479   1480 
 1481   1482   1483   1484   1485   1486   1487   1488   1489   1490   1491   1492   1493   1494   1495   1496   1497   1498   1499   1500   1501   1502   1503   1504   1505   1506   1507   1508   1509   1510   1511   1512   1513   1514   1515   1516   1517   1518   1519   1520 
 1521   1522   1523   1524   1525   1526   1527   1528   1529   1530   1531   1532   1533   1534   1535   1536   1537   1538   1539   1540   1541   1542   1543   1544   1545   1546   1547   1548   1549   1550   1551   1552   1553   1554   1555   1556   1557   1558   1559   1560 
 1561   1562   1563   1564   1565   1566   1567   1568   1569   1570   1571   1572   1573   1574   1575   1576   1577   1578   1579   1580   1581   1582   1583   1584   1585 
CVE ID Description Severity Published Date Affected Vendor Action
CVE-2022-1501 Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Unknown N/A Google
CVE-2022-1502 Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. Unknown N/A Octopus Deploy
CVE-2022-1503 A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory. Unknown N/A GetSimple
CVE-2022-1504 XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. Unknown N/A microweber
CVE-2022-1505 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. Unknown N/A davidfcarr
CVE-2022-1506 The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks Unknown N/A Unknown
CVE-2022-1507 chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. Unknown N/A hpjansson
CVE-2022-1508 An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. Unknown N/A n/a
CVE-2022-1509 Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. Unknown N/A hestiacp
CVE-2022-1510 An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption. Unknown N/A GitLab
CVE-2022-1511 Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. Unknown N/A snipe
CVE-2022-1512 The ScrollReveal.js Effects WordPress plugin through 1.2 does not sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed Unknown N/A Unknown
CVE-2022-1513 A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. Unknown N/A Lenovo
CVE-2022-1514 Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. Unknown N/A neorazorx
CVE-2022-1515 A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS. Unknown N/A n/a
CVE-2022-1516 A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. Unknown N/A n/a
CVE-2022-1517 LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network. Unknown N/A Illumina
CVE-2022-1518 LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. Unknown N/A Illumina
CVE-2022-1519 LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit. Unknown N/A Illumina
CVE-2022-1520 When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9. Unknown N/A Mozilla
CVE-2022-1521 LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. Unknown N/A Illumina
CVE-2022-1522 The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. Unknown N/A Cognex
CVE-2022-1523 Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information. Unknown N/A Fuji Electric
CVE-2022-1524 LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. Unknown N/A Illumina
CVE-2022-1525 The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. Unknown N/A Cognex
CVE-2022-1526 A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used. Unknown N/A unspecified
CVE-2022-1527 The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting Unknown N/A Unknown
CVE-2022-1528 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting Unknown N/A Unknown
CVE-2022-1529 An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. Unknown N/A Mozilla
CVE-2022-1530 Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application. Unknown N/A livehelperchat
CVE-2022-1531 SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. Unknown N/A rtxteam
CVE-2022-1532 Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting Unknown N/A Unknown
CVE-2022-1533 Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. Unknown N/A bfabiszewski
CVE-2022-1534 Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. Unknown N/A bfabiszewski
CVE-2022-1536 A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.</td> <td>Unknown</td> <td>N/A</td> <td>unspecified</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1536"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1537</td> <td>file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.</td> <td>Unknown</td> <td>N/A</td> <td>gruntjs</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1537"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1538</td> <td>Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1538"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1539</td> <td>The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1539"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1540</td> <td>The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1540"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1541</td> <td>The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1541"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1542</td> <td>The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1542"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1543</td> <td>Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.</td> <td>Unknown</td> <td>N/A</td> <td>erudika</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1543"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1544</td> <td>Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.</td> <td>Unknown</td> <td>N/A</td> <td>luyadev</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1544"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1545</td> <td>It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.</td> <td>Unknown</td> <td>N/A</td> <td>GitLab</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1545"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1546</td> <td>The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1546"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1547</td> <td>The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1547"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1548</td> <td>Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.</td> <td>Unknown</td> <td>N/A</td> <td>Mattermost </td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1548"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1549</td> <td>The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1549"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1551</td> <td>The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1551"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1552</td> <td>A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1552"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1553</td> <td>Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.</td> <td>Unknown</td> <td>N/A</td> <td>publify</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1553"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1554</td> <td>Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.</td> <td>Unknown</td> <td>N/A</td> <td>clinical-genomics</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1554"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1555</td> <td>DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...</td> <td>Unknown</td> <td>N/A</td> <td>microweber</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1555"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1556</td> <td>The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1556"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1557</td> <td>The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1557"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1558</td> <td>The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1558"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1559</td> <td>The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1559"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1560</td> <td>The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1560"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1561</td> <td>Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable.</td> <td>Unknown</td> <td>N/A</td> <td>KrakenD</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1561"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1562</td> <td>The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1562"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1563</td> <td>The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1563"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1564</td> <td>The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1564"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1565</td> <td>The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.</td> <td>Unknown</td> <td>N/A</td> <td>wpallimport</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1565"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1566</td> <td>The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1566"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1567</td> <td>The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6.</td> <td>Unknown</td> <td>N/A</td> <td>halmat</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1567"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1568</td> <td>The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1568"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1569</td> <td>The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1569"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1570</td> <td>The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1570"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1571</td> <td>Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...</td> <td>Unknown</td> <td>N/A</td> <td>neorazorx</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1571"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1572</td> <td>The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1572"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1573</td> <td>The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1573"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1574</td> <td>The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1574"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1575</td> <td>Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary (remote) code execution in the desktop app. - Stored XSS in the web app.</td> <td>Unknown</td> <td>N/A</td> <td>jgraph</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1575"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1576</td> <td>The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1576"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1577</td> <td>The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1577"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1578</td> <td>The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1578"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1579</td> <td>The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1579"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1580</td> <td>The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1580"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1581</td> <td>The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1581"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1582</td> <td>The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1582"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1583</td> <td>The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1583"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1584</td> <td>Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim</td> <td>Unknown</td> <td>N/A</td> <td>microweber</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1584"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1585</td> <td>The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1585"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1586</td> <td>An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1586"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1587</td> <td>An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1587"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1589</td> <td>The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1589"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1590</td> <td>A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.</td> <td>Unknown</td> <td>N/A</td> <td>unspecified</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1590"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1591</td> <td>The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1591"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1592</td> <td>Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...</td> <td>Unknown</td> <td>N/A</td> <td>clinical-genomics</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1592"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1593</td> <td>The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1593"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1594</td> <td>The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1594"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1595</td> <td>The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1595"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1596</td> <td>Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node.</td> <td>Unknown</td> <td>N/A</td> <td>ABB</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1596"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1597</td> <td>The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1597"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1598</td> <td>The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1598"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1599</td> <td>The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1599"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1600</td> <td>The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1600"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1601</td> <td>The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1601"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1602</td> <td>A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.</td> <td>Unknown</td> <td>N/A</td> <td>n/a</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1602"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> <tr> <td>CVE-2022-1603</td> <td>The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list</td> <td>Unknown</td> <td>N/A</td> <td>Unknown</td> <td> <form action="Controller" method="get"> <input type="hidden" name="page" value="cve_ai4"> <input type="hidden" name="cve_id" value="CVE-2022-1603"> <button type="submit" class="btn" style="background-color: orange; color: black;">AI Action</button> </form> </td> </tr> </table> </div> </div> </div> </div> </div> </div> <!-- Bottom Code --> </div> <!-- Footer-Section --> <div class="footer-section"> <div class="container"> <div class="row"> <!-- <div class="col-lg-4 col-md-4 col-sm-6"> <div class="footer-content1"> <a href="index.html" class="text-decoration-none"><figure><img src="./assets/images/footer-logo.png" alt="" class="img-fluid"></figure></a> <p class="footer-section-text">Deleniti aeue corrupti quos dolores et quas molestias excepturi sint occaecati rupiditate non provident, similique sunt...</p> <ul class="list-unstyled"> <li class="list-item"> <a href="#"><i class="fa-brands fa-facebook-f marginLeft"></i></a> <a href="#"><i class="fa-brands fa-twitter marginLeft"></i></a> <a href="#"><i class="fa-brands fa-instagram marginLeft"></i></a> </li> </ul> </div> </div> --> <div class="col-lg-2 col-md-2 col-sm-12 d-lg-block d-none"> <h5 class="footer-link footer-next-list footer-next-list-about">About Us</h5> <ul class="useful-footer"> <li> <a href="Controller?page=home" class="text-decoration-none footer-link-p"> About Us </a> </li> <li> <a href="Controller?page=contact_us" class="text-decoration-none footer-link-p"> Contact us </a> </li> <li> <a href="Controller?page=tos" class="text-decoration-none footer-link-p"> Terms of Service </a> </li> </ul> </div> <div class="col-lg-3 col-md-4 col-sm-12 d-md-block d-none"> <h5 class="footer-link text-white footer-next-list footer-next-list-contact">Contact Info</h5> <div class="footer-list footer-link contact-list"> <div class="icon-list-box1"> <ul class="list-unstyled contact-us-ul"> <li class="list-item"> <a href="mailto:info@vulnerability-insight.com" class="text-decoration-none footer-link-auto">info@vulnerability-insight.com</a> <i class="fa fa-envelope fa-icon footer-location2"></i> </li> <li class="list-item"> </li> <li class="list-item"> <a class="text-decoration-none footer-link-auto">Kuala Lumpur, MALAYSIA</a> </li><i class="fa-solid fa-location-dot footer-location"></i> </ul> </div> </div> </div> <div class="col-lg-6 col-md-4 col-sm-6"> <div class="footer-list signupbox"> <div class="form-btn"> <form id="subscribeForm" action="Controller?page=subscribing_us" method="POST" onsubmit="return validateEmail()"> <h4 class="footer-link text-white footer-next-list footer-next-list-signup">Sign up for Newsletter</h4> <div class="icon-list-box1"> <div class="col-inner"> <input type="text" id="email" name="email" class="form-control input-fill" placeholder="Email Address:"> </div> <div class="form-btn"> <button type="submit" class="btn btn-primary" onclick="subscribe()">Subscribe</button> </div> </div> <p id="message" style="color: red;"> </p> </form> </div> </div> </div> </div> </div> <div class="footer-bar text-center"> <div class="row"> <div class="footer-bar-content w-100"> <p class="text-size-16 mb-0"><a href="Controller?page=home"> vunerability-insight.com © 2023 - 2025</a>. All Rights Reserved. <br>Vulnerability Data Repositories v </p> </div> </div> </div> </div> <script> function validateEmail() { // Get the email value from the input field var email = document.getElementById('email').value; // Email validation using a regular expression var emailPattern = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/; if (!emailPattern.test(email)) { // Display error message if the email is invalid var messageElement = document.getElementById('message'); messageElement.textContent = 'Please enter a valid email address.'; messageElement.classList.remove('success-message'); messageElement.classList.add('error-message'); hideMessageAfterDelay(); // Hide message after delay return false; // Prevent form submission } return true; // Allow form submission if email is valid } // Function to hide the message after 5 seconds function hideMessageAfterDelay() { setTimeout(function() { document.getElementById('message').style.display = 'none'; // Hide the message }, 5000); // 5000 milliseconds = 5 seconds } </script> <script src="https://code.jquery.com/jquery-1.12.1.min.js"></script> <script src="assets/js/animations.js"></script> <script src="assets/js/bootstrap.min.js"></script> <script src="assets/js/jquery-3.6.0.min.js"></script> <script src="assets/js/popper.min.js"></script> <script src="assets/js/owl.carousel.js"></script> <script src="https://unpkg.com/aos@2.3.1/dist/aos.js"></script> <script src="assets/js/text-animations.js"></script> <script src="assets/js/carousel.js"></script> <script src="assets/js/showhide.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.js"></script> <script src="https://unpkg.com/ityped@0.0.10"></script> <script src="./assets/js/type.js"></script> <script src="assets/js/custom-script.js"></script> </body> </html>