Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2023-07-21 | N/A | 9.8 CRITICAL |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | |||||
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2023-07-21 | N/A | 9.8 CRITICAL |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-33323 | 1 Mitsubishielectric | 102 Rh-12fh55, Rh-12fh55 Firmware, Rh-12fh70 and 99 more | 2023-07-21 | N/A | 7.5 HIGH |
| Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | |||||
| CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2023-07-21 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | |||||
| CVE-2022-36829 | 1 Samsung | 2 Charm, Charm Firmware | 2023-07-21 | N/A | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | |||||
| CVE-2022-36830 | 1 Samsung | 2 Charm, Charm Firmware | 2023-07-21 | N/A | 5.5 MEDIUM |
| PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | |||||
| CVE-2022-34397 | 1 Dell | 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2023-07-21 | N/A | 5.7 MEDIUM |
| Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. | |||||
| CVE-2022-34259 | 2 Adobe, Magento | 2 Commerce, Magento | 2023-07-21 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-33734 | 1 Samsung | 1 Charm | 2023-07-21 | N/A | 5.5 MEDIUM |
| Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | |||||
| CVE-2022-33733 | 1 Samsung | 1 Charm | 2023-07-21 | N/A | 3.3 LOW |
| Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | |||||
| CVE-2022-33705 | 1 Samsung | 1 Calendar | 2023-07-21 | 2.1 LOW | 3.3 LOW |
| Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. | |||||
| CVE-2022-33701 | 1 Google | 1 Android | 2023-07-21 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. | |||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2023-07-21 | N/A | 5.3 MEDIUM |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | |||||
| CVE-2022-33706 | 1 Samsung | 1 Samsung Gallery | 2023-07-21 | 2.1 LOW | 2.4 LOW |
| Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. | |||||
| CVE-2022-0895 | 1 Microweber | 1 Microweber | 2023-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Static Code Injection in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2023-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | |||||
| CVE-2022-0882 | 1 Google | 1 Fuchsia | 2023-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. | |||||
| CVE-2022-0578 | 1 Publify Project | 1 Publify | 2023-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Code Injection in GitHub repository publify/publify prior to 9.2.8. | |||||
| CVE-2022-31025 | 1 Discourse | 1 Discourse | 2023-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. | |||||
| CVE-2022-31032 | 1 Enalean | 1 Tuleap | 2023-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. | |||||