1641
|
8.8 |
HIGH
Network
|
algan
|
prens_student_information_system
|
Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Informati…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2022-2808
|
2024-09-17 05:15 |
2022-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1642
|
7.5 |
HIGH
Network
etictelecom
|
remote_access_server_firmware
|
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could a…
|
CWE-22
Path Traversal
|
CVE-2022-41607
|
2024-09-17 05:15 |
2022-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1643
|
9.8 |
CRITICAL
Network
activity_log_project
|
activity_log
|
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2022-27858
|
2024-09-17 05:15 |
2022-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1644
|
9.8 |
CRITICAL
Network
miniorange
|
oauth_2.0_client_for_sso
|
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2022-34858
|
2024-09-17 05:15 |
2022-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1645
|
9.8 |
CRITICAL
Network
miniorange
|
wp_oauth_server
|
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2022-34149
|
2024-09-17 05:15 |
2022-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1646
|
4.8 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label".
|
CWE-79
Cross-site Scripting
|
CVE-2021-36827
|
2024-09-17 05:15 |
2022-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1647
|
6.1 |
MEDIUM
Network
|
wpchill
|
kb_support
|
Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2022-27852
|
2024-09-17 05:15 |
2022-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1648
|
7.5 |
HIGH
Network
mongodb
|
mongodb
|
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If a…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-32040
|
2024-09-17 05:15 |
2022-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1649
|
4.8 |
MEDIUM
Network
|
ampforwp
|
accelerated_mobile_pages
|
Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).
|
CWE-79
Cross-site Scripting
|
CVE-2021-23209
|
2024-09-17 05:15 |
2022-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1650
|
4.3 |
MEDIUM
Network
|
solarwinds
|
orion_platform
|
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2021-35248
|
2024-09-17 05:15 |
2021-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|