Show filters
360 Total Results
Displaying 81-90 of 360
Sort by:
Attacker Value
Unknown
CVE-2022-29963
Disclosure Date: July 26, 2022 (last updated February 24, 2025)
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.
0
Attacker Value
Unknown
CVE-2022-29962
Disclosure Date: July 26, 2022 (last updated February 24, 2025)
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.
0
Attacker Value
Unknown
CVE-2022-36450
Disclosure Date: July 25, 2022 (last updated February 24, 2025)
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.
0
Attacker Value
Unknown
CVE-2022-1717
Disclosure Date: June 20, 2022 (last updated February 23, 2025)
The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
0
Attacker Value
Unknown
CVE-2022-1787
Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
0
Attacker Value
Unknown
CVE-2022-25294
Disclosure Date: March 10, 2022 (last updated October 07, 2023)
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal.
0
Attacker Value
Unknown
CVE-2021-24867
Disclosure Date: February 21, 2022 (last updated February 23, 2025)
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
0
Attacker Value
Unknown
CVE-2022-23837
Disclosure Date: January 21, 2022 (last updated February 23, 2025)
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.
0
Attacker Value
Unknown
CVE-2022-0215
Disclosure Date: January 18, 2022 (last updated February 23, 2025)
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).
0
Attacker Value
Unknown
CVE-2021-42057
Disclosure Date: November 04, 2021 (last updated February 23, 2025)
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.
0