Total
5267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48452 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-11-21 | 4.4 Medium |
| In Ifaa service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed | ||||
| CVE-2022-46850 | 1 Easy Media Replace Project | 1 Easy Media Replace | 2024-11-21 | 8.7 High |
| Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | ||||
| CVE-2022-45851 | 2024-11-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | ||||
| CVE-2022-45832 | 1 Hennessey | 1 Attorney | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | ||||
| CVE-2022-45803 | 1 Gutenbergforms | 1 Gutenberg Forms | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3. | ||||
| CVE-2022-45070 | 2024-11-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3. | ||||
| CVE-2022-44633 | 2024-11-21 | 6.5 Medium | ||
| Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | ||||
| CVE-2022-43712 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 6.5 Medium |
| POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965. | ||||
| CVE-2022-43453 | 1 Billminozzi | 1 Wp Tools | 2024-11-21 | 8.8 High |
| Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41. | ||||
| CVE-2022-41786 | 1 Wpjobportal | 1 Wp Job Portal | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1. | ||||
| CVE-2022-41698 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3. | ||||
| CVE-2022-41619 | 1 Sedlex | 1 Image Zoom | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8. | ||||
| CVE-2022-40975 | 2024-11-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | ||||
| CVE-2022-40702 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | ||||
| CVE-2022-40673 | 2 Fedoraproject, Kdiskmark Project | 2 Fedora, Kdiskmark | 2024-11-21 | 7.8 High |
| KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | ||||
| CVE-2022-40218 | 2024-11-21 | 6.5 Medium | ||
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | ||||
| CVE-2022-3622 | 1 Adenion | 1 Blog2social | 2024-11-21 | 4.7 Medium |
| The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only. | ||||
| CVE-2022-3124 | 1 Najeebmedia | 1 Frontend File Manager | 2024-11-21 | 5.3 Medium |
| The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server | ||||
| CVE-2022-3007 | 1 Syska | 2 Sw100 Smartwatch, Sw100 Smartwatch Firmware | 2024-11-21 | 8.1 High |
| The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device. | ||||
| CVE-2022-39960 | 1 Netic | 1 Group Export | 2024-11-21 | 5.3 Medium |
| The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI. | ||||