Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33970 | 1 Oxilab | 1 Shortcode Addons | 2023-06-29 | N/A | 7.2 HIGH |
| Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. | |||||
| CVE-2022-33969 | 1 Oxilab | 1 Flipbox | 2023-06-29 | N/A | 7.2 HIGH |
| Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. | |||||
| CVE-2022-35242 | 1 59sec | 1 The Leads Management System\ | 2023-06-29 | N/A | 5.3 MEDIUM |
| Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | |||||
| CVE-2022-27235 | 1 Supsystic | 1 Social Share Buttons | 2023-06-28 | N/A | 8.8 HIGH |
| Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | |||||
| CVE-2022-25649 | 1 Storeapps | 1 Affiliate For Woocommerce | 2023-06-27 | N/A | 8.8 HIGH |
| Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. | |||||
| CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2023-06-27 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | |||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2023-06-27 | N/A | 8.8 HIGH |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | |||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2023-06-27 | N/A | 7.2 HIGH |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | |||||
| CVE-2022-45069 | 1 Automattic | 1 Crowdsignal Dashboard | 2023-06-27 | N/A | 8.8 HIGH |
| Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. | |||||
| CVE-2016-6787 | 1 Linux | 1 Linux Kernel | 2023-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. | |||||
| CVE-2016-6786 | 1 Linux | 1 Linux Kernel | 2023-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. | |||||
| CVE-2016-10200 | 2 Google, Linux | 2 Android, Linux Kernel | 2023-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. | |||||
| CVE-2015-8660 | 1 Linux | 1 Linux Kernel | 2023-06-07 | 7.2 HIGH | 6.7 MEDIUM |
| The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | |||||
| CVE-2022-36246 | 1 Shopbeat | 1 Shop Beat Media Player | 2023-06-02 | N/A | 9.8 CRITICAL |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. | |||||
| CVE-2015-6647 | 1 Google | 1 Android | 2023-05-30 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | |||||
| CVE-2015-6639 | 1 Google | 1 Android | 2023-05-30 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | |||||
| CVE-2020-3265 | 1 Cisco | 15 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 12 more | 2023-05-23 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | |||||
| CVE-2020-3180 | 1 Cisco | 13 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 10 more | 2023-05-23 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges. | |||||
| CVE-2020-3214 | 1 Cisco | 106 1100 Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 103 more | 2023-05-22 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. | |||||
| CVE-2013-6026 | 3 Alphanetworks, Dlink, Planex | 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more | 2023-04-26 | 10.0 HIGH | N/A |
| The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | |||||