Show filters
563 Total Results
Displaying 181-190 of 563
Sort by:
Attacker Value
Unknown

CVE-2022-2047

Disclosure Date: July 07, 2022 (last updated February 24, 2025)
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
Attacker Value
Unknown

CVE-2021-41042

Disclosure Date: July 07, 2022 (last updated February 24, 2025)
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.
Attacker Value
Unknown

CVE-2022-1791

Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.
Attacker Value
Unknown

CVE-2022-1559

Disclosure Date: May 16, 2022 (last updated February 23, 2025)
The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
Attacker Value
Unknown

CVE-2022-24831

Disclosure Date: May 14, 2022 (last updated February 23, 2025)
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade.
Attacker Value
Unknown

CVE-2022-24830

Disclosure Date: May 14, 2022 (last updated February 23, 2025)
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade.
Attacker Value
Unknown

CVE-2022-29984

Disclosure Date: May 12, 2022 (last updated February 23, 2025)
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.
Attacker Value
Unknown

CVE-2022-29983

Disclosure Date: May 12, 2022 (last updated February 23, 2025)
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.
Attacker Value
Unknown

CVE-2022-29982

Disclosure Date: May 12, 2022 (last updated February 23, 2025)
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.
Attacker Value
Unknown

CVE-2022-29981

Disclosure Date: May 12, 2022 (last updated February 23, 2025)
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.